A deserialization flaw was found in Apache Chainsaw versions prior to 2.1.0 which could lead to malicious code execution.
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HApache Chainsaw
APPApache< 2.1.0Apache Log4j
APPApache1.2 – 2.0 (bez)Qos Reload4j
APPQos< 1.2.18.1
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
RCEDeserialization
Referencje
Powiązane podatności
CVE-2021-45046CRITICAL9.0⚠ KEVten sam produkt
It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-defau...
CVE-2021-44228CRITICAL10.0⚠ KEVten sam produkt
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features u...
CVE-2022-23305CRITICAL9.8ten sam produkt
By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the val...
CVE-2019-17571CRITICAL9.8ten sam produkt
Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which ca...
CVE-2017-5645CRITICAL9.8ten sam produkt
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized ...