WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2022-23307)

Description

CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists.

Remediation

References

CVE-2022-23307

Related Vulnerabilities

WordPress Plugin Contus HD FLV Player 'process-sortable.php' SQL Injection (1.3)

b2evolution Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2013-7352)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-32477)

WordPress Plugin Stock market charts from finviz Cross-Site Scripting (1.0)

e107 Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2012-6433)

Severity

High

Classification

CVE-2022-23307 CWE-502 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H