Vulnerabilities > CVE-2022-23307 - Deserialization of Untrusted Data vulnerability in multiple products

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

NVD

Published: 2022-01-18

Updated: 2023-02-24

Summary

CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists.

Vulnerable Configurations

Part	Description	Count
Application	Apache Apache Chainsaw - Apache Chainsaw 2.0.0 Apache Log4J 1.2 Apache Log4J 1.2.1 Apache Log4J 1.2.2 Apache Log4J 1.2.3 Apache Log4J 1.2.4 Apache Log4J 1.2.5 Apache Log4J 1.2.6 Apache Log4J 1.2.7 Apache Log4J 1.2.8 Apache Log4J 1.2.9 Apache Log4J 1.2.10 Apache Log4J 1.2.11 Apache Log4J 1.2.12 Apache Log4J 1.2.13 Apache Log4J 1.2.14 Apache Log4J 1.2.15 Apache Log4J 1.2.16 Apache Log4J 1.2.17	24
Application	Qos QOS Reload4J 1.0 QOS Reload4J 1.0.1 QOS Reload4J 1.0.4 QOS Reload4J 1.1 QOS Reload4J 1.1.1 QOS Reload4J 1.1.2 QOS Reload4J 1.1.3 QOS Reload4J 1.2 QOS Reload4J 1.2.1 QOS Reload4J 1.2.2 QOS Reload4J 1.2.3 QOS Reload4J 1.2.4 QOS Reload4J 1.2.6 QOS Reload4J 1.2.7 QOS Reload4J 1.2.9 QOS Reload4J 1.2.11 QOS Reload4J 1.2.12 QOS Reload4J 1.2.13 QOS Reload4J 1.2.14 QOS Reload4J 1.2.15 QOS Reload4J 1.2.16 QOS Reload4J 1.2.17 QOS Reload4J 1.2.18.0	55
Application	Oracle Oracle Weblogic Server 12.2.1.3.0 Oracle Weblogic Server 12.2.1.4.0 Oracle Weblogic Server 14.1.1.0.0 Oracle Business Intelligence 12.2.1.3.0 Oracle Business Intelligence 12.2.1.4.0 Oracle Business Intelligence 5.9.0.0.0 Oracle Business Process Management Suite 12.2.1.3.0 Oracle Business Process Management Suite 12.2.1.4.0 Oracle Jdeveloper 12.2.1.3.0 Oracle Identity Management Suite 12.2.1.3.0 Oracle Identity Management Suite 12.2.1.4.0 Oracle Enterprise Manager Base Platform 13.4.0.0 Oracle Enterprise Manager Base Platform 13.5.0.0 Oracle Communications Network Integrity 7.3.6 Oracle Advanced Supply Chain Planning 12.2 Oracle Advanced Supply Chain Planning 12.1 Oracle Communications Unified Inventory Management 7.4.1 Oracle Communications Unified Inventory Management 7.4.2 Oracle Communications Messaging Server 8.1 Oracle Healthcare Foundation 8.1.0 Oracle Communications Eagle FTP Table Base Retrieval 4.5 Oracle Retail Extract Transform AND Load 13.2.5 Oracle Identity Manager Connector 11.1.1.5.0 Oracle Communications Instant Messaging Server 10.0.1.5.0 Oracle Middleware Common Libraries AND Tools 12.2.1.4.0 Oracle Financial Services Revenue Management AND Billing Analytics 2.7.0.0 Oracle Financial Services Revenue Management AND Billing Analytics 2.8.0.0 Oracle Financial Services Revenue Management AND Billing Analytics 2.7.0.1 Oracle Hyperion Data Relationship Management - Oracle Hyperion Data Relationship Management 11.1.2.4 Oracle Hyperion Data Relationship Management 11.1.2.4.330 Oracle Hyperion Data Relationship Management 11.1.2.4.344 Oracle Hyperion Data Relationship Management 11.1.2.4.345 Oracle Mysql Enterprise Monitor - Oracle Mysql Enterprise Monitor 2.3.14 Oracle Mysql Enterprise Monitor 3.0.4 Oracle Mysql Enterprise Monitor 3.0.25 Oracle Mysql Enterprise Monitor 3.1.0 Oracle Mysql Enterprise Monitor 3.1.1 Oracle Mysql Enterprise Monitor 3.1.2 Oracle Mysql Enterprise Monitor 3.1.3 Oracle Mysql Enterprise Monitor 3.1.3.7856 Oracle Mysql Enterprise Monitor 3.1.4 Oracle Mysql Enterprise Monitor 3.1.5 Oracle Mysql Enterprise Monitor 3.1.6 Oracle Mysql Enterprise Monitor 3.1.6.8003 Oracle Mysql Enterprise Monitor 3.1.7 Oracle Mysql Enterprise Monitor 3.2.0 Oracle Mysql Enterprise Monitor 3.2.1 Oracle Mysql Enterprise Monitor 3.2.2 Oracle Mysql Enterprise Monitor 3.2.3 Oracle Mysql Enterprise Monitor 3.2.4 Oracle Mysql Enterprise Monitor 3.2.5 Oracle Mysql Enterprise Monitor 3.2.6 Oracle Mysql Enterprise Monitor 3.2.7 Oracle Mysql Enterprise Monitor 3.2.8 Oracle Mysql Enterprise Monitor 3.2.8.2223 Oracle Mysql Enterprise Monitor 3.2.9 Oracle Mysql Enterprise Monitor 3.2.10 Oracle Mysql Enterprise Monitor 3.2.1182 Oracle Mysql Enterprise Monitor 3.3.0 Oracle Mysql Enterprise Monitor 3.3.1 Oracle Mysql Enterprise Monitor 3.3.2 Oracle Mysql Enterprise Monitor 3.3.2.1162 Oracle Mysql Enterprise Monitor 3.3.3 Oracle Mysql Enterprise Monitor 3.3.4 Oracle Mysql Enterprise Monitor 3.3.4.3247 Oracle Mysql Enterprise Monitor 3.3.5 Oracle Mysql Enterprise Monitor 3.3.6 Oracle Mysql Enterprise Monitor 3.3.7 Oracle Mysql Enterprise Monitor 3.3.8 Oracle Mysql Enterprise Monitor 3.3.9 Oracle Mysql Enterprise Monitor 3.4.0 Oracle Mysql Enterprise Monitor 3.4.1 Oracle Mysql Enterprise Monitor 3.4.2 Oracle Mysql Enterprise Monitor 3.4.2.4181 Oracle Mysql Enterprise Monitor 3.4.3 Oracle Mysql Enterprise Monitor 3.4.4 Oracle Mysql Enterprise Monitor 3.4.5 Oracle Mysql Enterprise Monitor 3.4.6 Oracle Mysql Enterprise Monitor 3.4.7 Oracle Mysql Enterprise Monitor 3.4.7.4297 Oracle Mysql Enterprise Monitor 3.4.8 Oracle Mysql Enterprise Monitor 3.4.9 Oracle Mysql Enterprise Monitor 3.4.9.4237 Oracle Mysql Enterprise Monitor 3.4.10 Oracle Mysql Enterprise Monitor 4.0.0 Oracle Mysql Enterprise Monitor 4.0.1 Oracle Mysql Enterprise Monitor 4.0.2 Oracle Mysql Enterprise Monitor 4.0.3 Oracle Mysql Enterprise Monitor 4.0.4 Oracle Mysql Enterprise Monitor 4.0.4.5235 Oracle Mysql Enterprise Monitor 4.0.5 Oracle Mysql Enterprise Monitor 4.0.6 Oracle Mysql Enterprise Monitor 4.0.6.5281 Oracle Mysql Enterprise Monitor 4.0.7 Oracle Mysql Enterprise Monitor 4.0.8 Oracle Mysql Enterprise Monitor 4.0.11.5331 Oracle Mysql Enterprise Monitor 4.0.12 Oracle Mysql Enterprise Monitor 4.1 Oracle Mysql Enterprise Monitor 8.0.0 Oracle Mysql Enterprise Monitor 8.0.0.8131 Oracle Mysql Enterprise Monitor 8.0.1 Oracle Mysql Enterprise Monitor 8.0.2 Oracle Mysql Enterprise Monitor 8.0.2.8191 Oracle Mysql Enterprise Monitor 8.0.3 Oracle Mysql Enterprise Monitor 8.0.14 Oracle Mysql Enterprise Monitor 8.0.18.1217 Oracle Mysql Enterprise Monitor 8.0.20 Oracle Mysql Enterprise Monitor 8.0.21 Oracle Mysql Enterprise Monitor 8.0.22 Oracle Mysql Enterprise Monitor 8.0.23 Oracle Mysql Enterprise Monitor 8.0.25 Oracle Hyperion Infrastructure Technology 11.1.2.4 Oracle Hyperion Infrastructure Technology 11.1.2.6.0 Oracle Hyperion Infrastructure Technology 11.2.5.0 Oracle Hyperion Infrastructure Technology 11.2.6.0 Oracle Hyperion Infrastructure Technology 11.2.7.0 Oracle Tuxedo 12.2.2.0.0 Oracle E Business Suite Cloud Manager AND Cloud Backup Module * Oracle E Business Suite Cloud Manager AND Cloud Backup Module 2.2.1.1.1 Oracle Communications Offline Mediation Controller 12.0.0.5.0 Oracle Communications Offline Mediation Controller 12.0.0.3 Oracle Communications Offline Mediation Controller 12.0.0.3.0	124

Common Weakness Enumeration (CWE)

CWE-502 - Deserialization of Untrusted Data

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References