CVE-2022-23307

Published Jan 18, 2022

Last updated 16 days ago

CVSS high 8.8

Overview

Description: CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists.
Source: security@apache.org
NVD status: Modified
Products: chainsaw, log4j, reload4j, advanced_supply_chain_planning, business_intelligence, business_process_management_suite, communications_eagle_ftp_table_base_retrieval, communications_instant_messaging_server, communications_messaging_server, communications_network_integrity, communications_offline_mediation_controller, communications_unified_inventory_management, e-business_suite_cloud_manager_and_cloud_backup_module, enterprise_manager_base_platform, financial_services_revenue_management_and_billing_analytics, healthcare_foundation, hyperion_data_relationship_management, hyperion_infrastructure_technology, identity_management_suite, identity_manager_connector, jdeveloper, middleware_common_libraries_and_tools, mysql_enterprise_monitor, retail_extract_transform_and_load, tuxedo, weblogic_server

Risk scores

CVSS 3.1

Type: Primary
Base score: 8.8
Impact score: 5.9
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 9
Impact score: 10
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:C/I:C/A:C

Weaknesses

security@apache.org: CWE-502
nvd@nist.gov: CWE-502

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:apache:chainsaw:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "4A0D9BED-411E-4E62-A281-237D3C90FFEB",
            "versionEndExcluding": "2.1.0",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "56EF3EFE-3632-4CDD-90EF-D2E614E05886",
            "versionEndExcluding": "2.0",
            "versionStartIncluding": "1.2",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:qos:reload4j:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "EB681829-2B2A-4BDB-8DC5-B3C7D359F4C5",
            "versionEndExcluding": "1.2.18.1",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:oracle:advanced_supply_chain_planning:12.1:*:*:*:*:*:*:*",
            "matchCriteriaId": "A62E2A25-1AD7-4B4B-9D1B-F0DEA4550557",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:oracle:advanced_supply_chain_planning:12.2:*:*:*:*:*:*:*",
            "matchCriteriaId": "0331158C-BBE0-42DB-8180-EB1FCD290567",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:oracle:business_intelligence:5.9.0.0.0:*:*:*:enterprise:*:*:*",
            "matchCriteriaId": "B602F9E8-1580-436C-A26D-6E6F8121A583",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0:*:*:*:enterprise:*:*:*",
            "matchCriteriaId": "77C3DD16-1D81-40E1-B312-50FBD275507C",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*",
            "matchCriteriaId": "81DAC8C0-D342-44B5-9432-6B88D389584F",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "E869C417-C0E6-4FC3-B406-45598A1D1906",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "DFEFE2C0-7B98-44F9-B3AD-D6EC607E90DA",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_eagle_ftp_table_base_retrieval:4.5:*:*:*:*:*:*:*",
            "matchCriteriaId": "C68536CA-C7E2-4228-A6B8-F0DB6A9D29EC",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.5.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "C4A94B36-479F-48F2-9B9E-ACEA2589EF48",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*",
            "matchCriteriaId": "E1214FDF-357A-4BB9-BADE-50FB2BD16D10",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*",
            "matchCriteriaId": "B21E6EEF-2AB7-4E96-B092-1F49D11B4175",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_offline_mediation_controller:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "61A2E42A-4EF2-437D-A0EC-4A6A4F1EBD11",
            "versionEndExcluding": "12.0.0.4.4",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.5.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "5933FEA2-B79E-4EE7-B821-54D676B45734",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*",
            "matchCriteriaId": "A7637F8B-15F1-42E2-BE18-E1FF7C66587D",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*",
            "matchCriteriaId": "E43D793A-7756-4D58-A8ED-72DC4EC9CEA7",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:oracle:e-business_suite_cloud_manager_and_cloud_backup_module:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "86EF205C-9CB1-4772-94D1-0B744EF3342D",
            "versionEndExcluding": "2.2.1.1.1",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:oracle:e-business_suite_cloud_manager_and_cloud_backup_module:2.2.1.1.1:*:*:*:*:*:*:*",
            "matchCriteriaId": "6ED0EE39-C080-4E75-AE0F-3859B57EF851",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "D26F3E23-F1A9-45E7-9E5F-0C0A24EE3783",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.5.0.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "6E8758C8-87D3-450A-878B-86CE8C9FC140",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.7.0.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "054B56E0-F11B-4939-B7E1-E722C67A041A",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.7.0.1:*:*:*:*:*:*:*",
            "matchCriteriaId": "250A493C-E052-4978-ABBE-786DC8038448",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.8.0.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "2E2B771B-230A-4811-94D7-065C2722E428",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:oracle:healthcare_foundation:8.1.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "E67501BE-206A-49FD-8CBA-22935DF917F1",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:oracle:hyperion_data_relationship_management:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "E8E7FBA9-0FFF-4C86-B151-28C17A142E0B",
            "versionEndExcluding": "11.2.8.0",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:oracle:hyperion_infrastructure_technology:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "55BBCD48-BCC6-4E19-A4CE-970E524B9FF4",
            "versionEndExcluding": "11.2.8.0",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:oracle:identity_management_suite:12.2.1.3.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "1489DDA7-EDBE-404C-B48D-F0B52B741708",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:oracle:identity_management_suite:12.2.1.4.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "535BC19C-21A1-48E3-8CC0-B276BA5D494E",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:oracle:identity_manager_connector:11.1.1.5.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "9D7EA92D-9F26-4292-991A-891597337DFD",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "228DA523-4D6D-48C5-BDB0-DB1A60F23F8B",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:oracle:middleware_common_libraries_and_tools:12.2.1.4.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "9AB179A8-DFB7-4DCF-8DE3-096F376989F1",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "B0EBAC6D-D0CE-42A1-AEA0-2D50C8035747",
            "versionEndIncluding": "8.0.29",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_extract_transform_and_load:13.2.5:*:*:*:*:*:*:*",
            "matchCriteriaId": "30501D23-5044-477A-8DC3-7610126AEFD7",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:oracle:tuxedo:12.2.2.0.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "EB7D0A30-3986-49AB-B7F3-DAE0024504BA",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "F14A818F-AA16-4438-A3E4-E64C9287AC66",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "04BCDC24-4A21-473C-8733-0D9CFB38A752",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

Related CVEs

References