CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists.

Users are advised to migrate from log4j:log4j to org.apache.logging.log4j:log4j for an updated version of the library.

References

lists.apache.org/thread/rg4yyc89vs3dw6kpy3r92xop9loywyhh

logging.apache.org/log4j/1.2/index.html

nvd.nist.gov/vuln/detail/CVE-2022-23307

www.oracle.com/security-alerts/cpuapr2022.html

www.oracle.com/security-alerts/cpujul2022.html

debiancve 1

osv 7

nvd 2

f5 2

github 1

ibm 36

cvelist 2

cve 2

ubuntucve 1

prion 2

atlassian 8

openvas 13

nessus 43

veracode 1

redhatcve 1

cnvd 1

cloudlinux 1

suse 4

redhat 34

amazon 2

oraclelinux 3

centos 1

gentoo 1

ubuntu 1

almalinux 1

rocky 1

debian 1

githubexploit 4

oracle 7

debiancve

CVE-2022-23307

2022-01-18 16:15:08

osv

CVE-2022-23307

2022-01-18 16:15:08

CVE-2020-9493

2021-06-16 08:15:06

kafka-kit-2.1.0-3.1 on GA media

2024-06-15 00:00:00

nvd

CVE-2022-23307

2022-01-18 16:15:08

CVE-2020-9493

2021-06-16 08:15:06

K00322972 : Apache Log4j Chainsaw vulnerability CVE-2022-23307

2022-01-31 00:00:00

K34002344 : Overview of Log4j vulnerabilities (2021 and 2022)

2022-02-01 00:00:00

github

Deserialization of Untrusted Data in Apache Log4j

2022-01-19 00:01:15

ibm

Security Bulletin: Multiple vulnerabilities in IBM Security Verify Information Queue connect image (CVE-2020-9493, CVE-2022-23307)

2022-07-20 19:22:28

Security Bulletin: IBM WebSphere eXtreme Scale is vulnerable to arbitrary code execution due to Apache Log4j v1.x (CVE-2022-23307)

2022-03-22 10:34:13

Security Bulletin: IBM App Connect for Healthcare is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2022-23307)

2022-02-16 12:04:32

cvelist

CVE-2022-23307 A deserialization flaw in the Chainsaw component of Log4j 1 can lead to malicious code execution.

2022-01-18 15:25:23

CVE-2020-9493 Java deserialization in Chainsaw

2021-06-16 07:30:11

cve

CVE-2022-23307

2022-01-18 16:15:08

CVE-2020-9493

2021-06-16 08:15:06

ubuntucve

CVE-2022-23307

2022-01-18 00:00:00

prion

Deserialization of untrusted data

2022-01-18 16:15:00

Deserialization of untrusted data

2021-06-16 08:15:00

atlassian

Update Log4j to 1.2.17-atlassian-16 to fix CVE-2022-23305, CVE-2022-23307, CVE-2020-9493, CVE-2022-23302

2022-07-04 12:01:19

Update Log4j to 1.2.17-atlassian-16 to fix CVE-2022-23305, CVE-2022-23307, CVE-2020-9493, CVE-2022-23302

2022-07-04 12:01:21

Bamboo remote agent: Multiple vulnerabilities in log4j < 1.2.7-atlassian-16

2022-03-31 12:45:26

openvas

Apache Log4j 1.x Multiple Vulnerabilities (Linux/Unix, Jan 2022) - Version Check

2022-01-18 00:00:00

Apache Log4j 1.x Multiple Vulnerabilities (Windows, Jan 2022) - Version Check

2022-01-18 00:00:00

Huawei EulerOS: Security Advisory for log4j (EulerOS-SA-2022-1330)

2022-03-21 00:00:00

nessus

Amazon Linux 2 : log4j (ALAS-2022-1750)

2022-02-21 00:00:00

EulerOS 2.0 SP5 : log4j (EulerOS-SA-2022-1330)

2022-03-21 00:00:00

SUSE SLED12 / SLES12 Security Update : log4j (SUSE-SU-2022:0212-1)

2022-01-28 00:00:00

veracode

Remote Code Execution (RCE)

2022-01-19 04:24:50

redhatcve

CVE-2022-23307

2022-01-18 16:16:31

cnvd

Apache log4j Chainsaw deserialization code execution vulnerability

2022-01-20 00:00:00

cloudlinux

Fix of CVE: CVE-2022-23307, CVE-2022-23302

2022-02-10 13:49:32

suse

Security update for log4j12 (important)

2022-01-28 00:00:00

Security update for log4j (important)

2022-01-27 00:00:00

Security update for kafka (important)

2022-02-16 00:00:00

redhat

(RHSA-2022:0439) Important: rh-maven36-log4j12 security update

2022-02-03 18:49:50

(RHSA-2022:0442) Important: log4j security update

2022-02-07 09:41:50

(RHSA-2022:0430) Important: Red Hat Data Grid 7.3.9 security update

2022-02-03 13:55:10

amazon

Important: log4j

2022-02-15 22:54:00

Important: log4j

2023-03-30 22:50:00

oraclelinux

log4j security update

2022-02-08 00:00:00

parfait:0.5 security update

2022-01-27 00:00:00

log4j security update

2022-05-23 00:00:00

centos

log4j security update

2022-02-07 16:47:44

gentoo

Apache Log4j: Multiple Vulnerabilities

2024-02-18 00:00:00

ubuntu

Apache Log4j vulnerabilities

2023-04-05 00:00:00

almalinux

Important: parfait:0.5 security update

2022-01-26 14:27:19

rocky

parfait:0.5 security update

2022-01-26 14:27:19

debian

[SECURITY] [DLA 2905-1] apache-log4j1.2 security update

2022-01-31 14:24:44

githubexploit

Exploit for Deserialization of Untrusted Data in Apache Log4J

2022-01-29 14:26:55

Exploit for Deserialization of Untrusted Data in Apache Log4J

2021-12-14 22:27:14

Exploit for Deserialization of Untrusted Data in Apache Log4J

2021-12-14 22:27:14

oracle

Oracle Critical Patch Update Advisory - July 2023

2023-07-18 00:00:00

Oracle Critical Patch Update Advisory - January 2023

2023-01-17 00:00:00

Oracle Critical Patch Update Advisory - October 2022

2022-10-18 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

EPSS

0.018

Percentile

88.6%

JSON

Related for OSV:GHSA-F7VH-QWP3-X37M