Lucene search
ApacheCVELIST:CVE-2022-23307HistoryJan 18, 2022 - 3:25 p.m.
CVE-2022-23307 A deserialization flaw in the Chainsaw component of Log4j 1 can lead to malicious code execution.
2022-01-1815:25:23
CWE-502
apache
www.cve.org
1
CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists.
CNA Affected
[
{
"product": "Apache Log4j 1.x",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "1.2.1",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.0-alpha1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]Related
f5
f5
K00322972 : Apache Log4j Chainsaw vulnerability CVE-2022-23307
2022-01-31 00:00:00
K34002344 : Overview of Log4j vulnerabilities (2021 and 2022)
2022-02-01 00:00:00
osv
osv
CVE-2022-23307
2022-01-18 16:15:08
Deserialization of Untrusted Data in Apache Log4j
2022-01-19 00:01:15
CVE-2020-9493
2021-06-16 08:15:06
debiancve
debiancve
CVE-2022-23307
2022-01-18 16:15:08
nvd
nvd
CVE-2022-23307
2022-01-18 16:15:08
CVE-2020-9493
2021-06-16 08:15:06
github
github
Deserialization of Untrusted Data in Apache Log4j
2022-01-19 00:01:15
cve
cve
CVE-2022-23307
2022-01-18 16:15:08
CVE-2020-9493
2021-06-16 08:15:06
ubuntucve
ubuntucve
CVE-2022-23307
2022-01-18 00:00:00
prion
prion
Deserialization of untrusted data
2022-01-18 16:15:00
Deserialization of untrusted data
2021-06-16 08:15:00
ibm
ibm
atlassian
atlassian
Update Log4j to 1.2.17-atlassian-16 to fix CVE-2022-23305, CVE-2022-23307, CVE-2020-9493, CVE-2022-23302
2022-07-04 12:01:19
Update Log4j to 1.2.17-atlassian-16 to fix CVE-2022-23305, CVE-2022-23307, CVE-2020-9493, CVE-2022-23302
2022-07-04 12:01:21
Bamboo: Multiple vulnerabilities in log4j < 1.2.17-atlassian-16
2022-03-31 12:45:19
openvas
openvas
Huawei EulerOS: Security Advisory for log4j (EulerOS-SA-2022-1744)
2022-05-25 00:00:00
cvelist
cvelist
CVE-2020-9493 Java deserialization in Chainsaw
2021-06-16 07:30:11
nessus
nessus
openSUSE 15 Security Update : log4j (openSUSE-SU-2022:0214-1)
2022-01-28 00:00:00
openSUSE 15 Security Update : log4j12 (openSUSE-SU-2022:0226-1)
2022-01-29 00:00:00
Amazon Linux 2 : log4j (ALAS-2022-1750)
2022-02-21 00:00:00
veracode
veracode
Remote Code Execution (RCE)
2022-01-19 04:24:50
redhatcve
redhatcve
CVE-2022-23307
2022-01-18 16:16:31
cnvd
cnvd
Apache log4j Chainsaw deserialization code execution vulnerability
2022-01-20 00:00:00
cloudlinux
cloudlinux
Fix of CVE: CVE-2022-23307, CVE-2022-23302
2022-02-10 13:49:32
oraclelinux
oraclelinux
log4j security update
2022-02-08 00:00:00
parfait:0.5 security update
2022-01-27 00:00:00
log4j security update
2022-05-23 00:00:00
suse
suse
Security update for log4j (important)
2022-01-27 00:00:00
Security update for log4j12 (important)
2022-01-28 00:00:00
Security update for kafka (important)
2022-02-16 00:00:00
redhat
redhat
(RHSA-2022:0442) Important: log4j security update
2022-02-07 09:41:50
(RHSA-2022:0439) Important: rh-maven36-log4j12 security update
2022-02-03 18:49:50
(RHSA-2022:0294) Important: parfait:0.5 security update
2022-01-26 14:34:09
centos
centos
log4j security update
2022-02-07 16:47:44
amazon
amazon
Important: log4j
2023-03-30 22:50:00
Important: log4j
2022-02-15 22:54:00
ubuntu
ubuntu
Apache Log4j vulnerabilities
2023-04-05 00:00:00
almalinux
almalinux
Important: parfait:0.5 security update
2022-01-26 14:27:19
rocky
rocky
parfait:0.5 security update
2022-01-26 14:27:19
debian
debian
[SECURITY] [DLA 2905-1] apache-log4j1.2 security update
2022-01-31 14:24:44
gentoo
gentoo
Apache Log4j: Multiple Vulnerabilities
2024-02-18 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - July 2023
2023-07-18 00:00:00
Oracle Critical Patch Update Advisory - January 2023
2023-01-17 00:00:00
Oracle Critical Patch Update Advisory - October 2022
2022-10-18 00:00:00