CVE-2022-23307 (CNNVD-202201-1425)
HIGH
中文标题:
Apache Log4j 代码问题漏洞
英文标题:
A deserialization flaw in the Chainsaw component of Log4j 1 can lead to malicious code execution.
CVSS分数:
8.8
发布时间:
2022-01-18 15:25:23
漏洞类型:
代码问题
状态:
PUBLISHED
数据质量分数:
0.30
数据版本:
v3
漏洞描述
中文描述:
Apache Log4j是美国阿帕奇(Apache)基金会的一款基于Java的开源日志记录工具。 Apache log4j 1.x存在代码问题漏洞,该漏洞源于在log4j的chainsaw组件中某些日志条目的内容被反序列化并可能允许代码执行。攻击者可以在运行 chainsaw 组件时向服务器发送带有序列化数据的请求,进而执行恶意代码。
英文描述:
CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists.
CWE类型:
CWE-502
标签:
(暂无数据)
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| Apache Software Foundation | Apache Log4j 1.x | - | < unspecified | - |
cpe:2.3:a:apache_software_foundation:apache_log4j_1.x:*:*:*:*:*:*:*:*
|
| apache | chainsaw | * | - | - |
cpe:2.3:a:apache:chainsaw:*:*:*:*:*:*:*:*
|
| apache | log4j | * | - | - |
cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*
|
| qos | reload4j | * | - | - |
cpe:2.3:a:qos:reload4j:*:*:*:*:*:*:*:*
|
| oracle | advanced_supply_chain_planning | 12.1 | - | - |
cpe:2.3:a:oracle:advanced_supply_chain_planning:12.1:*:*:*:*:*:*:*
|
| oracle | advanced_supply_chain_planning | 12.2 | - | - |
cpe:2.3:a:oracle:advanced_supply_chain_planning:12.2:*:*:*:*:*:*:*
|
| oracle | business_intelligence | 5.9.0.0.0 | - | - |
cpe:2.3:a:oracle:business_intelligence:5.9.0.0.0:*:*:*:enterprise:*:*:*
|
| oracle | business_intelligence | 12.2.1.3.0 | - | - |
cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0:*:*:*:enterprise:*:*:*
|
| oracle | business_intelligence | 12.2.1.4.0 | - | - |
cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*
|
| oracle | business_process_management_suite | 12.2.1.3.0 | - | - |
cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*
|
| oracle | business_process_management_suite | 12.2.1.4.0 | - | - |
cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*
|
| oracle | communications_eagle_ftp_table_base_retrieval | 4.5 | - | - |
cpe:2.3:a:oracle:communications_eagle_ftp_table_base_retrieval:4.5:*:*:*:*:*:*:*
|
| oracle | communications_instant_messaging_server | 10.0.1.5.0 | - | - |
cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.5.0:*:*:*:*:*:*:*
|
| oracle | communications_messaging_server | 8.1 | - | - |
cpe:2.3:a:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*
|
| oracle | communications_network_integrity | 7.3.6 | - | - |
cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*
|
| oracle | communications_offline_mediation_controller | * | - | - |
cpe:2.3:a:oracle:communications_offline_mediation_controller:*:*:*:*:*:*:*:*
|
| oracle | communications_offline_mediation_controller | 12.0.0.5.0 | - | - |
cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.5.0:*:*:*:*:*:*:*
|
| oracle | communications_unified_inventory_management | 7.4.1 | - | - |
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*
|
| oracle | communications_unified_inventory_management | 7.4.2 | - | - |
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*
|
| oracle | e-business_suite_cloud_manager_and_cloud_backup_module | * | - | - |
cpe:2.3:a:oracle:e-business_suite_cloud_manager_and_cloud_backup_module:*:*:*:*:*:*:*:*
|
| oracle | e-business_suite_cloud_manager_and_cloud_backup_module | 2.2.1.1.1 | - | - |
cpe:2.3:a:oracle:e-business_suite_cloud_manager_and_cloud_backup_module:2.2.1.1.1:*:*:*:*:*:*:*
|
| oracle | enterprise_manager_base_platform | 13.4.0.0 | - | - |
cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*
|
| oracle | enterprise_manager_base_platform | 13.5.0.0 | - | - |
cpe:2.3:a:oracle:enterprise_manager_base_platform:13.5.0.0:*:*:*:*:*:*:*
|
| oracle | financial_services_revenue_management_and_billing_analytics | 2.7.0.0 | - | - |
cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.7.0.0:*:*:*:*:*:*:*
|
| oracle | financial_services_revenue_management_and_billing_analytics | 2.7.0.1 | - | - |
cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.7.0.1:*:*:*:*:*:*:*
|
| oracle | financial_services_revenue_management_and_billing_analytics | 2.8.0.0 | - | - |
cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.8.0.0:*:*:*:*:*:*:*
|
| oracle | healthcare_foundation | 8.1.0 | - | - |
cpe:2.3:a:oracle:healthcare_foundation:8.1.0:*:*:*:*:*:*:*
|
| oracle | hyperion_data_relationship_management | * | - | - |
cpe:2.3:a:oracle:hyperion_data_relationship_management:*:*:*:*:*:*:*:*
|
| oracle | hyperion_infrastructure_technology | * | - | - |
cpe:2.3:a:oracle:hyperion_infrastructure_technology:*:*:*:*:*:*:*:*
|
| oracle | identity_management_suite | 12.2.1.3.0 | - | - |
cpe:2.3:a:oracle:identity_management_suite:12.2.1.3.0:*:*:*:*:*:*:*
|
| oracle | identity_management_suite | 12.2.1.4.0 | - | - |
cpe:2.3:a:oracle:identity_management_suite:12.2.1.4.0:*:*:*:*:*:*:*
|
| oracle | identity_manager_connector | 11.1.1.5.0 | - | - |
cpe:2.3:a:oracle:identity_manager_connector:11.1.1.5.0:*:*:*:*:*:*:*
|
| oracle | jdeveloper | 12.2.1.3.0 | - | - |
cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*
|
| oracle | middleware_common_libraries_and_tools | 12.2.1.4.0 | - | - |
cpe:2.3:a:oracle:middleware_common_libraries_and_tools:12.2.1.4.0:*:*:*:*:*:*:*
|
| oracle | mysql_enterprise_monitor | * | - | - |
cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*
|
| oracle | retail_extract_transform_and_load | 13.2.5 | - | - |
cpe:2.3:a:oracle:retail_extract_transform_and_load:13.2.5:*:*:*:*:*:*:*
|
| oracle | tuxedo | 12.2.2.0.0 | - | - |
cpe:2.3:a:oracle:tuxedo:12.2.2.0.0:*:*:*:*:*:*:*
|
| oracle | weblogic_server | 12.2.1.3.0 | - | - |
cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
|
| oracle | weblogic_server | 12.2.1.4.0 | - | - |
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
|
| oracle | weblogic_server | 14.1.1.0.0 | - | - |
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
(暂无数据)
英文解决方案:
(暂无数据)
临时解决方案:
(暂无数据)
CVSS评分详情
8.8
HIGH
CVSS向量:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS版本:
3.1
机密性
HIGH
完整性
HIGH
可用性
HIGH
时间信息
发布时间:
2022-01-18 15:25:23
修改时间:
2024-08-03 03:36:20
创建时间:
2025-11-11 15:37:20
更新时间:
2025-11-11 15:57:04
利用信息
暂无可利用代码信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2022-23307 |
2025-11-11 15:21:18 | 2025-11-11 07:37:20 |
| NVD | nvd_CVE-2022-23307 |
2025-11-11 14:58:13 | 2025-11-11 07:45:36 |
| CNNVD | cnnvd_CNNVD-202201-1425 |
2025-11-11 15:10:48 | 2025-11-11 07:57:04 |
版本与语言
当前版本:
v3
主要语言:
EN
支持语言:
EN
ZH
安全公告
暂无安全公告信息
变更历史
v3
CNNVD
2025-11-11 15:57:04
vulnerability_type: 未提取 → 代码问题; cnnvd_id: 未提取 → CNNVD-202201-1425; data_sources: ['cve', 'nvd'] → ['cnnvd', 'cve', 'nvd']
查看详细变更
- vulnerability_type: 未提取 -> 代码问题
- cnnvd_id: 未提取 -> CNNVD-202201-1425
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
v2
NVD
2025-11-11 15:45:36
severity: SeverityLevel.MEDIUM → SeverityLevel.HIGH; cvss_score: 未提取 → 8.8; cvss_vector: NOT_EXTRACTED → CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H; cvss_version: NOT_EXTRACTED → 3.1; affected_products_count: 2 → 40; data_sources: ['cve'] → ['cve', 'nvd']
查看详细变更
- severity: SeverityLevel.MEDIUM -> SeverityLevel.HIGH
- cvss_score: 未提取 -> 8.8
- cvss_vector: NOT_EXTRACTED -> CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- cvss_version: NOT_EXTRACTED -> 3.1
- affected_products_count: 2 -> 40
- data_sources: ['cve'] -> ['cve', 'nvd']