Is CVE-2022-23307 actively exploited?

CVE-2022-23307 has no public evidence of in-the-wild exploitation as of 2024-11-21.

What is the CVSS score for CVE-2022-23307?

CVE-2022-23307 has a CVSS score of 8.8 (HIGH severity). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

How do I patch CVE-2022-23307?

Patch guidance is available from apache security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2022-23307.

Fix CVE-2022-23307 - HIGH apache chainsaw

Q: Which products are affected by CVE-2022-23307?

39 products: apache chainsaw, apache log4j, qos reload4j, oracle advanced supply chain planning, oracle advanced supply chain planning, and 34 more.

Description

CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists.

CVSS Metrics

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector: network
Complexity: low
Privileges: low
User Action: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
Weaknesses: CWE-502 · Insecure Deserialization CWE-502 · Insecure Deserialization

Metadata

Primary Vendor: APACHE
Published: 1/18/2022
Last Modified: 11/21/2024
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

apache : chainsawapache : log4jqos : reload4joracle : advanced_supply_chain_planningoracle : advanced_supply_chain_planningoracle : business_intelligenceoracle : business_intelligenceoracle : business_intelligenceoracle : business_process_management_suiteoracle : business_process_management_suiteoracle : communications_eagle_ftp_table_base_retrievaloracle : communications_instant_messaging_serveroracle : communications_messaging_serveroracle : communications_network_integrityoracle : communications_offline_mediation_controlleroracle : communications_offline_mediation_controlleroracle : communications_unified_inventory_managementoracle : communications_unified_inventory_managementoracle : e-business_suite_cloud_manager_and_cloud_backup_moduleoracle : e-business_suite_cloud_manager_and_cloud_backup_moduleoracle : enterprise_manager_base_platformoracle : enterprise_manager_base_platformoracle : financial_services_revenue_management_and_billing_analyticsoracle : financial_services_revenue_management_and_billing_analyticsoracle : financial_services_revenue_management_and_billing_analyticsoracle : healthcare_foundationoracle : hyperion_data_relationship_managementoracle : hyperion_infrastructure_technologyoracle : identity_management_suiteoracle : identity_management_suiteoracle : identity_manager_connectororacle : jdeveloperoracle : middleware_common_libraries_and_toolsoracle : mysql_enterprise_monitororacle : retail_extract_transform_and_loadoracle : tuxedooracle : weblogic_serveroracle : weblogic_serveroracle : weblogic_server

Remediation Guidance

Executive Summary

View on NIST NVD