CVE-2022-23307 in Apache and Qos Products
Published on January 18, 2022

CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists.

Vendor Advisory Vendor Advisory NVD

Vulnerability Analysis

CVE-2022-23307 can be exploited with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

What is a Marshaling, Unmarshaling Vulnerability?

The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

CVE-2022-23307 has been classified to as a Marshaling, Unmarshaling vulnerability or weakness.

Products Associated with CVE-2022-23307

You can be notified by stack.watch whenever vulnerabilities like CVE-2022-23307 are published in these products:

Apache Chainsaw

Apache Log4j

Qos Reload4j

What versions are vulnerable to CVE-2022-23307?

Apache Chainsaw Fixed in Version 2.1.0
Apache Log4j Version 1.2 Fixed in Version 2.0

Qos Reload4j Fixed in Version 1.2.18.1

CVE-2022-23307 in Apache and Qos ProductsPublished on January 18, 2022

Vulnerability Analysis

What is a Marshaling, Unmarshaling Vulnerability?

Products Associated with CVE-2022-23307

What versions are vulnerable to CVE-2022-23307?

CVE-2022-23307 in Apache and Qos Products
Published on January 18, 2022