CVE-2022-23307
Description
CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists.
Risk Information
Base Score
8.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
1.804
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Log4j Vulnerability(CVE-2022-23307) | Windows |
| Multiple vulnerabilities are affected in Oracle WebLogic Server 12.2.1.3.0 | Windows |
| Multiple vulnerabilities are affected in Oracle WebLogic Server 12.2.1.4.0 | Windows |
| Multiple vulnerabilities are affected in Oracle WebLogic Server 14.1.1.0.0 | Windows |
| Multiple Vulnerabilities are affected in IBM App Connect Enterprise 11.0.0.15 | Windows |
| Multiple Vulnerabilities are affected in IBM App Connect Enterprise 12.0.3.0 | Windows |
| Multiple Vulnerabilities are affected in IBM App Connect Enterprise 11.0.0.16 | Windows |
| Vulnerabilities CVE-2022-23305,CVE-2022-23307,CVE-2022-23302 are affected in Apache-log4j 1.2.17 | Windows |
| Vulnerabilities CVE-2022-23305,CVE-2022-23307,CVE-2021-4104,CVE-2022-23302 are affected in Zenframework - log4j-1.2.17 2.0 | Windows |
| (RHSA-2022:0290) parfait:0.5 security update parfait-0.5.4-4.module+el8.5.0+13988+de2b8c0b.noarch.rpm | Linux |
| (RHSA-2022:0290) parfait:0.5 security update parfait-examples-0.5.4-4.module+el8.5.0+13988+de2b8c0b.noarch.rpm | Linux |
| (RHSA-2022:0290) parfait:0.5 security update parfait-javadoc-0.5.4-4.module+el8.5.0+13988+de2b8c0b.noarch.rpm | Linux |
| (RHSA-2022:0290) parfait:0.5 security update pcp-parfait-agent-0.5.4-4.module+el8.5.0+13988+de2b8c0b.noarch.rpm | Linux |
| (RHSA-2022:0290) parfait:0.5 security update si-units-javadoc-0.6.5-2.module+el8+2463+615f6896.noarch.rpm | Linux |
| (RHSA-2022:0290) parfait:0.5 security update unit-api-javadoc-1.0-5.module+el8+2463+615f6896.noarch.rpm | Linux |
| (RHSA-2022:0290) parfait:0.5 security update uom-lib-javadoc-1.0.1-6.module+el8+2463+615f6896.noarch.rpm | Linux |
| (RHSA-2022:0290) parfait:0.5 security update uom-parent-1.0.3-3.module+el8+2463+615f6896.noarch.rpm | Linux |
| (RHSA-2022:0290) parfait:0.5 security update uom-se-javadoc-1.0.4-3.module+el8+2463+615f6896.noarch.rpm | Linux |
| (RHSA-2022:0290) parfait:0.5 security update uom-systems-javadoc-0.7-1.module+el8+2463+615f6896.noarch.rpm | Linux |
| SUSE-SU-2022:0212-1(SUSE Linux Enterprise Server 12-SP5 ) log4j-1.2.15-126.9.1.noarch.rpm | Linux |
| Parfait update (ELSA-2022-0290) parfait-0.5.4-4.module+el8.5.0+20480+407d1823.noarch.rpm | Linux |
| Parfait-examples update (ELSA-2022-0290) parfait-examples-0.5.4-4.module+el8.5.0+20480+407d1823.noarch.rpm | Linux |
| Parfait-javadoc update (ELSA-2022-0290) parfait-javadoc-0.5.4-4.module+el8.5.0+20480+407d1823.noarch.rpm | Linux |
| Pcp-parfait-agent update (ELSA-2022-0290) pcp-parfait-agent-0.5.4-4.module+el8.5.0+20480+407d1823.noarch.rpm | Linux |
| Si-units update (ELSA-2022-0290) si-units-0.6.5-2.module+el8+5163+abb6ece5.noarch.rpm | Linux |
| Si-units-javadoc update (ELSA-2022-0290) si-units-javadoc-0.6.5-2.module+el8+5163+abb6ece5.noarch.rpm | Linux |
| Unit-api update (ELSA-2022-0290) unit-api-1.0-5.module+el8+5163+abb6ece5.noarch.rpm | Linux |
| Unit-api-javadoc update (ELSA-2022-0290) unit-api-javadoc-1.0-5.module+el8+5163+abb6ece5.noarch.rpm | Linux |
| Uom-lib update (ELSA-2022-0290) uom-lib-1.0.1-6.module+el8+5163+abb6ece5.noarch.rpm | Linux |
| Uom-lib-javadoc update (ELSA-2022-0290) uom-lib-javadoc-1.0.1-6.module+el8+5163+abb6ece5.noarch.rpm | Linux |
| Uom-parent update (ELSA-2022-0290) uom-parent-1.0.3-3.module+el8+5163+abb6ece5.noarch.rpm | Linux |
| Uom-se update (ELSA-2022-0290) uom-se-1.0.4-3.module+el8+5163+abb6ece5.noarch.rpm | Linux |
| Uom-se-javadoc update (ELSA-2022-0290) uom-se-javadoc-1.0.4-3.module+el8+5163+abb6ece5.noarch.rpm | Linux |
| Uom-systems update (ELSA-2022-0290) uom-systems-0.7-1.module+el8+5163+abb6ece5.noarch.rpm | Linux |
| Uom-systems-javadoc update (ELSA-2022-0290) uom-systems-javadoc-0.7-1.module+el8+5163+abb6ece5.noarch.rpm | Linux |
| (RHSA-2022:0442) log4j security update log4j-1.2.17-18.el7_4.noarch.rpm | Linux |
| (RHSA-2022:0442) log4j security update log4j-javadoc-1.2.17-18.el7_4.noarch.rpm | Linux |
| (RHSA-2022:0442) log4j security update log4j-manual-1.2.17-18.el7_4.noarch.rpm | Linux |
| Log4j update (ELSA-2022-0442) log4j-1.2.17-18.el7_4.noarch.rpm | Linux |
| Log4j-javadoc update (ELSA-2022-0442) log4j-javadoc-1.2.17-18.el7_4.noarch.rpm | Linux |
| Log4j-manual update (ELSA-2022-0442) log4j-manual-1.2.17-18.el7_4.noarch.rpm | Linux |
| Java-based open-source logging tool (USN-5998-1) liblog4j1.2-java_1.2.17-9ubuntu0.2_all.deb | Linux |
| Java-based open-source logging tool (USN-5998-1) liblog4j1.2-java_1.2.17-8+deb10u1ubuntu0.2_all.deb | Linux |
| (RHSA-2022:0290)Important: security update si-units-0.6.5-2.module+el8+2463+615f6896.noarch.rpm | Linux |
| (RHSA-2022:0290)Important: security update unit-api-1.0-5.module+el8+2463+615f6896.noarch.rpm | Linux |
| (RHSA-2022:0290)Important: security update uom-lib-1.0.1-6.module+el8+2463+615f6896.noarch.rpm | Linux |
| (RHSA-2022:0290)Important: security update uom-se-1.0.4-3.module+el8+2463+615f6896.noarch.rpm | Linux |
| (RHSA-2022:0290)Important: security update uom-systems-0.7-1.module+el8+2463+615f6896.noarch.rpm | Linux |
| parfait:0.5 security update (RLSA-2022:0290) uom-se-1.0.4-3.module+el8.3.0+214+edf13b3f.noarch.rpm | Linux |
| parfait:0.5 security update (RLSA-2022:0290) parfait-0.5.4-4.module+el8.5.0+728+553fbdb8.noarch.rpm | Linux |
| parfait:0.5 security update (RLSA-2022:0290) uom-lib-1.0.1-6.module+el8.3.0+214+edf13b3f.noarch.rpm | Linux |
| parfait:0.5 security update (RLSA-2022:0290) si-units-0.6.5-2.module+el8.3.0+214+edf13b3f.noarch.rpm | Linux |
| parfait:0.5 security update (RLSA-2022:0290) unit-api-1.0-5.module+el8.3.0+214+edf13b3f.noarch.rpm | Linux |
| parfait:0.5 security update (RLSA-2022:0290) uom-parent-1.0.3-3.module+el8.3.0+214+edf13b3f.noarch.rpm | Linux |
| parfait:0.5 security update (RLSA-2022:0290) uom-systems-0.7-1.module+el8.3.0+214+edf13b3f.noarch.rpm | Linux |
| parfait:0.5 security update (RLSA-2022:0290) uom-se-javadoc-1.0.4-3.module+el8.3.0+214+edf13b3f.noarch.rpm | Linux |
| parfait:0.5 security update (RLSA-2022:0290) parfait-javadoc-0.5.4-4.module+el8.5.0+728+553fbdb8.noarch.rpm | Linux |
| parfait:0.5 security update (RLSA-2022:0290) uom-lib-javadoc-1.0.1-6.module+el8.3.0+214+edf13b3f.noarch.rpm | Linux |
| parfait:0.5 security update (RLSA-2022:0290) parfait-examples-0.5.4-4.module+el8.5.0+728+553fbdb8.noarch.rpm | Linux |
| parfait:0.5 security update (RLSA-2022:0290) si-units-javadoc-0.6.5-2.module+el8.3.0+214+edf13b3f.noarch.rpm | Linux |
| parfait:0.5 security update (RLSA-2022:0290) unit-api-javadoc-1.0-5.module+el8.3.0+214+edf13b3f.noarch.rpm | Linux |
| parfait:0.5 security update (RLSA-2022:0290) pcp-parfait-agent-0.5.4-4.module+el8.5.0+728+553fbdb8.noarch.rpm | Linux |
| parfait:0.5 security update (RLSA-2022:0290) uom-systems-javadoc-0.7-1.module+el8.3.0+214+edf13b3f.noarch.rpm | Linux |
| log4j Security Update (ALAS-2022-1750) log4j-1.2.17-18.amzn2.noarch.rpm | Linux |
| log4j Security Update (ALAS-2022-1750) log4j-manual-1.2.17-18.amzn2.noarch.rpm | Linux |
| log4j Security Update (ALAS-2022-1750) log4j-javadoc-1.2.17-18.amzn2.noarch.rpm | Linux |
| Important: parfait:0.5 security update unit-api-1.0-5.module_el8.5.0+2610+de2b8c0b.noarch.rpm | Linux |
| Important: parfait:0.5 security update unit-api-javadoc-1.0-5.module_el8.5.0+2610+de2b8c0b.noarch.rpm | Linux |
| Important: parfait:0.5 security update uom-lib-1.0.1-6.module_el8.5.0+2610+de2b8c0b.noarch.rpm | Linux |
| Important: parfait:0.5 security update uom-lib-javadoc-1.0.1-6.module_el8.5.0+2610+de2b8c0b.noarch.rpm | Linux |
| Important: parfait:0.5 security update uom-parent-1.0.3-3.module_el8.5.0+2610+de2b8c0b.noarch.rpm | Linux |
| Important: parfait:0.5 security update uom-se-1.0.4-3.module_el8.5.0+2610+de2b8c0b.noarch.rpm | Linux |
| Important: parfait:0.5 security update uom-se-javadoc-1.0.4-3.module_el8.5.0+2610+de2b8c0b.noarch.rpm | Linux |
| Important: parfait:0.5 security update uom-systems-0.7-1.module_el8.5.0+2610+de2b8c0b.noarch.rpm | Linux |
| Important: parfait:0.5 security update uom-systems-javadoc-0.7-1.module_el8.5.0+2610+de2b8c0b.noarch.rpm | Linux |
| Important: parfait:0.5 security update si-units-0.6.5-2.module_el8.5.0+2610+de2b8c0b.noarch.rpm | Linux |
| Important: parfait:0.5 security update si-units-javadoc-0.6.5-2.module_el8.5.0+2610+de2b8c0b.noarch.rpm | Linux |
| Important: parfait:0.5 security update parfait-0.5.4-4.module_el8.5.0+2610+de2b8c0b.noarch.rpm | Linux |
| Important: parfait:0.5 security update parfait-examples-0.5.4-4.module_el8.5.0+2610+de2b8c0b.noarch.rpm | Linux |
| Important: parfait:0.5 security update parfait-javadoc-0.5.4-4.module_el8.5.0+2610+de2b8c0b.noarch.rpm | Linux |
| Important: parfait:0.5 security update pcp-parfait-agent-0.5.4-4.module_el8.5.0+2610+de2b8c0b.noarch.rpm | Linux |
| Vulnerabilities CVE-2022-23305,CVE-2022-23307,CVE-2022-23302 are affected in Apache-log4j for Linux 1.2.17 | Linux |
| Vulnerabilities CVE-2022-23305,CVE-2022-23307,CVE-2021-4104,CVE-2022-23302 are affected in Zenframework - log4j-1.2.17 for Linux 2.0 | Linux |
| Deserialization of Untrusted Data Vulnerability (CVE-2022-23307) | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234