CVE-2022-23307

high Apache
CVSS v3 Base Score
8.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
2.6%
Exploitation probability in 30 days
Top 14% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Confidentiality
High
Integrity
High
Availability
High
Published: January 18, 2022 (1634 days ago)
Last Modified: May 22, 2026
Vendor: Apache
Source: NVD

Description

CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists.

CWE

CWE-502

Affected Products

apache chainsawapache log4jqos reload4joracle advanced supply chain planningoracle business intelligenceoracle business process management suiteoracle communications eagle ftp table base retrievaloracle communications instant messaging serveroracle communications messaging serveroracle communications network integrity

References