Strix
26.1K

CVE-2022-23307

HIGHCVSS 8.8/10EPSS 52.46%

Last modified

CVE-2022-23307 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists.. EPSS estimates a 52.46% chance of exploitation in the next 30 days.

Description

CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists.

Metrics

CVSS 3.1
8.8/10

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Probability
52.46%

98.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
ApacheChainsaw< 2.1.0
ApacheLog4j>= 1.2, < 2.0
QosReload4j< 1.2.18.1
OracleAdvanced Supply Chain Planning12.1
OracleAdvanced Supply Chain Planning12.2
OracleBusiness Intelligence5.9.0.0.0
OracleBusiness Intelligence12.2.1.3.0
OracleBusiness Intelligence12.2.1.4.0
OracleBusiness Process Management Suite12.2.1.3.0
OracleBusiness Process Management Suite12.2.1.4.0
OracleCommunications Eagle Ftp Table Base Retrieval4.5
OracleCommunications Instant Messaging Server10.0.1.5.0
OracleCommunications Messaging Server8.1
OracleCommunications Network Integrity7.3.6
OracleCommunications Offline Mediation Controller< 12.0.0.4.4
OracleCommunications Offline Mediation Controller12.0.0.5.0
OracleCommunications Unified Inventory Management7.4.1
OracleCommunications Unified Inventory Management7.4.2
OracleE-Business Suite Cloud Manager And Cloud Backup Module< 2.2.1.1.1
OracleE-Business Suite Cloud Manager And Cloud Backup Module2.2.1.1.1
OracleEnterprise Manager Base Platform13.4.0.0
OracleEnterprise Manager Base Platform13.5.0.0
OracleFinancial Services Revenue Management And Billing Analytics2.7.0.0
OracleFinancial Services Revenue Management And Billing Analytics2.7.0.1
OracleFinancial Services Revenue Management And Billing Analytics2.8.0.0
OracleHealthcare Foundation8.1.0
OracleHyperion Data Relationship Management< 11.2.8.0
OracleHyperion Infrastructure Technology< 11.2.8.0
OracleIdentity Management Suite12.2.1.3.0
OracleIdentity Management Suite12.2.1.4.0
OracleIdentity Manager Connector11.1.1.5.0
OracleJdeveloper12.2.1.3.0
OracleMiddleware Common Libraries And Tools12.2.1.4.0
OracleMysql Enterprise Monitor<= 8.0.29
OracleRetail Extract Transform And Load13.2.5
OracleTuxedo12.2.2.0.0
OracleWeblogic Server12.2.1.3.0
OracleWeblogic Server12.2.1.4.0
OracleWeblogic Server14.1.1.0.0

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2022-23307?
CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists.
How severe is CVE-2022-23307?
CVE-2022-23307 has a CVSS score of 8.8/10 (HIGH severity). The EPSS model estimates a 52.46% probability of exploitation in the next 30 days.
How do I fix CVE-2022-23307?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2022-23307?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST