Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

CVE-2022-23307

CVE information

Published

2 years ago

Last Modified

1 year ago

CVSSv2.0 Severity

High

CVSSv3.1 Severity

High

Impact Analysis

Description

CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists..

CVSSv2.0 Score

Severity
High
Base Score
9/10
Exploit Score
8/10
Access Vector
Network
Access Complexity
Low
Authentication Required
Single
Impact Score
10/10
Confidentiality Impact
Complete
Availability Impact
Complete
Integrity Impact
Complete

CVSSv3.1 Score

Severity
High
Base Score
8.8/10
Exploit Score
2.8/10
Access Vector
Network
Access Complexity
Low
Privileges Required
Low
Impact Score
5.9/10
Confidentiality Impact
High
Availability Impact
High
Integrity Impact
High
Scope
Unchanged
User Interaction
None

Products Affected

CPE Affected Vulnerable Excluding Edit
cpe:2.3:a:apache:chainsaw:*:*:*:*:*:*:*:*
  Yes
- 2.1.0
cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*
  Yes
1.2 2.0
cpe:2.3:a:qos:reload4j:*:*:*:*:*:*:*:*
  Yes
- 1.2.18.1
cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0:*:*:*:ente
  Yes
- -
cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.
  Yes
- -
cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:oracle:identity_management_suite:12.2.1.3.0:*:*:*:
  Yes
- -
cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:ente
  Yes
- -
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*
  Yes
- -
cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:
  Yes
- -
cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.
  Yes
- -
cpe:2.3:a:oracle:advanced_supply_chain_planning:12.2:*:*:*:*
  Yes
- -
cpe:2.3:a:oracle:advanced_supply_chain_planning:12.1:*:*:*:*
  Yes
- -
cpe:2.3:a:oracle:communications_unified_inventory_management
  Yes
- -
cpe:2.3:a:oracle:enterprise_manager_base_platform:13.5.0.0:*
  Yes
- -
cpe:2.3:a:oracle:communications_messaging_server:8.1:*:*:*:*
  Yes
- -
cpe:2.3:a:oracle:business_intelligence:5.9.0.0.0:*:*:*:enter
  Yes
- -
cpe:2.3:a:oracle:healthcare_foundation:8.1.0:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:oracle:communications_eagle_ftp_table_base_retriev
  Yes
- -
cpe:2.3:a:oracle:retail_extract_transform_and_load:13.2.5:*:
  Yes
- -
cpe:2.3:a:oracle:identity_manager_connector:11.1.1.5.0:*:*:*
  Yes
- -
cpe:2.3:a:oracle:communications_unified_inventory_management
  Yes
- -
cpe:2.3:a:oracle:communications_instant_messaging_server:10.
  Yes
- -
cpe:2.3:a:oracle:middleware_common_libraries_and_tools:12.2.
  Yes
- -
cpe:2.3:a:oracle:identity_management_suite:12.2.1.4.0:*:*:*:
  Yes
- -
cpe:2.3:a:oracle:financial_services_revenue_management_and_b
  Yes
- -
cpe:2.3:a:oracle:hyperion_data_relationship_management:*:*:*
  Yes
- 11.2.8.0
cpe:2.3:a:oracle:financial_services_revenue_management_and_b
  Yes
- -
cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:oracle:hyperion_infrastructure_technology:*:*:*:*:
  Yes
- 11.2.8.0
cpe:2.3:a:oracle:tuxedo:12.2.2.0.0:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:oracle:e-business_suite_cloud_manager_and_cloud_ba
  Yes
- 2.2.1.1.1
cpe:2.3:a:oracle:e-business_suite_cloud_manager_and_cloud_ba
  Yes
- -
cpe:2.3:a:oracle:financial_services_revenue_management_and_b
  Yes
- -
cpe:2.3:a:oracle:communications_offline_mediation_controller
  Yes
- -
cpe:2.3:a:oracle:communications_offline_mediation_controller
  Yes
- 12.0.0.4.4