CVE-2022-23307 vulnerability in Apache and Other Products
Published on January 18, 2022

CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists.

NVD

Weakness Type

What is a Marshaling, Unmarshaling Vulnerability?

The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

CVE-2022-23307 has been classified to as a Marshaling, Unmarshaling vulnerability or weakness.

Products Associated with CVE-2022-23307

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2022-23307 are published in these products:

Apache Chainsaw

Apache Log4j

Qos Reload4j

Oracle Weblogic Server

Oracle Business Intelligence

Oracle Business Process Management Suite

Oracle Jdeveloper

Oracle Identity Management Suite

Oracle Enterprise Manager Base Platform

Oracle Communications Network Integrity

Oracle Advanced Supply Chain Planning

Oracle Communications Eagle Ftp Table Base Retrieval

Oracle Communications Messaging Server

Oracle Communications Unified Inventory Management

Oracle E Business Suite Cloud Manager Cloud Backup Module

Oracle Financial Services Revenue Management Billing Analytics

Oracle Healthcare Foundation

Oracle Hyperion Data Relationship Management

Oracle Hyperion Infrastructure Technology

Oracle Identity Manager Connector

Oracle Middleware Common Libraries Tools

Oracle Mysql Enterprise Monitor

Oracle Tuxedo

Oracle Retail Extract Transform Load

Oracle Communications Instant Messaging Server

Oracle Communications Offline Mediation Controller

Canonical Ubuntu Linux

Oracle

Affected Versions

Apache Software Foundation Apache Log4j 1.x:

Version 1.2.1 and below unspecified is affected.
Version unspecified, <= 2.0-alpha1 is affected.

Exploit Probability

EPSS

1.80%

Percentile

82.35%