[jira] [Created] (LOG4J2-3213) CVE-2021-44228 vulnerability missing CPE information in NVD

Anssi Wilkko (Jira) Mon, 13 Dec 2021 00:19:05 -0800

Anssi Wilkko created LOG4J2-3213:
------------------------------------

             Summary: CVE-2021-44228 vulnerability missing CPE information in 
NVD
                 Key: LOG4J2-3213
                 URL: https://issues.apache.org/jira/browse/LOG4J2-3213
             Project: Log4j 2
          Issue Type: Question
            Reporter: Anssi Wilkko



CVE-2021-44228 vulnerability is missing Common Platform Enumeration identifier 
(CPE) information in National Vulnerability Database (NVD):

[https://nvd.nist.gov/vuln/detail/CVE-2021-44228]

Compare to for example [https://nvd.nist.gov/vuln/detail/CVE-2020-9488]

Would you be able to getting it submitted it there?

Automated vulnerability check tools like the OWASP dependency checker cannot 
identify the vulnerability if the CPE information is missing. See 
https://jeremylong.github.io/DependencyCheck/general/internals.html



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Created] (LOG4J2-3213) CVE-2021-44228 vulnerability missing CPE information in NVD

Reply via email to