CVE-2022-23307

Summary

CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache Log4j 1.x1.2.1 < unspecifiedaffected
Apache Software FoundationApache Log4j 1.xunspecified <= 2.0-alpha1affected

Weaknesses

  • CWE-502: CWE-502 Deserialization of Untrusted Data

Workarounds

Upgrade to Apache Log4j 2 and Apache Chainsaw 2.1.0.

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References