CVE-2022-23307 Chainsaw Package

What is CVE-2022-23307 (Chainsaw Package)?

In summary,

CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists.

National Vulnerability Database

Is Cascade CMS affected by CVE-2022-23307 (Chainsaw Package)?

No, this vulnerability does not impact Cascade Cloud or on-premise distributions of Cascade CMS. We do not reference the tools in question in our configuration and the configuration is not exposed to users via the user interface.