Lucene search

[email protected]NVD:CVE-2022-23307

HistoryJan 18, 2022 - 4:15 p.m.

CVE-2022-23307

2022-01-1816:15:08

CWE-502

[email protected]

web.nvd.nist.gov

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.018 Low

EPSS

Percentile

88.4%

JSON

CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists.

Affected configurations

NVD

Node

apachechainsawRange<2.1.0

apachelog4jRange1.2–2.0

Node

qosreload4jRange<1.2.18.1

Node

oracleadvanced_supply_chain_planningMatch12.1

oracleadvanced_supply_chain_planningMatch12.2

oraclebusiness_intelligenceMatch5.9.0.0.0enterprise

oraclebusiness_intelligenceMatch12.2.1.3.0enterprise

oraclebusiness_intelligenceMatch12.2.1.4.0enterprise

oraclebusiness_process_management_suiteMatch12.2.1.3.0

oraclebusiness_process_management_suiteMatch12.2.1.4.0

oraclecommunications_eagle_ftp_table_base_retrievalMatch4.5

oraclecommunications_instant_messaging_serverMatch10.0.1.5.0

oraclecommunications_messaging_serverMatch8.1

oraclecommunications_network_integrityMatch7.3.6

oraclecommunications_offline_mediation_controllerRange<12.0.0.4.4

oraclecommunications_offline_mediation_controllerMatch12.0.0.5.0

oraclecommunications_unified_inventory_managementMatch7.4.1

oraclecommunications_unified_inventory_managementMatch7.4.2

oraclee-business_suite_cloud_manager_and_cloud_backup_moduleRange<2.2.1.1.1

oraclee-business_suite_cloud_manager_and_cloud_backup_moduleMatch2.2.1.1.1

oracleenterprise_manager_base_platformMatch13.4.0.0

oracleenterprise_manager_base_platformMatch13.5.0.0

oraclefinancial_services_revenue_management_and_billing_analyticsMatch2.7.0.0

oraclefinancial_services_revenue_management_and_billing_analyticsMatch2.7.0.1

oraclefinancial_services_revenue_management_and_billing_analyticsMatch2.8.0.0

oraclehealthcare_foundationMatch8.1.0

oraclehyperion_data_relationship_managementRange<11.2.8.0

oraclehyperion_infrastructure_technologyRange<11.2.8.0

oracleidentity_management_suiteMatch12.2.1.3.0

oracleidentity_management_suiteMatch12.2.1.4.0

oracleidentity_manager_connectorMatch11.1.1.5.0

oraclejdeveloperMatch12.2.1.3.0

oraclemiddleware_common_libraries_and_toolsMatch12.2.1.4.0

oraclemysql_enterprise_monitorRange≤8.0.29

oracleretail_extract_transform_and_loadMatch13.2.5

oracletuxedoMatch12.2.2.0.0

oracleweblogic_serverMatch12.2.1.3.0

oracleweblogic_serverMatch12.2.1.4.0

oracleweblogic_serverMatch14.1.1.0.0

References

lists.apache.org/thread/rg4yyc89vs3dw6kpy3r92xop9loywyhh

logging.apache.org/log4j/1.2/index.html

www.oracle.com/security-alerts/cpuapr2022.html

www.oracle.com/security-alerts/cpujul2022.html

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.018 Low

EPSS

Percentile

88.4%

JSON

Related for NVD:CVE-2022-23307