[jira] [Updated] (LOG4J2-3213) CVE-2021-44228 vulnerability missing CPE information in NVD

Mon, 13 Dec 2021 00:20:07 -0800 


     [ 
https://issues.apache.org/jira/browse/LOG4J2-3213?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Anssi Wilkko updated LOG4J2-3213:
---------------------------------
    Description: 
CVE-2021-44228 vulnerability is missing Common Platform Enumeration identifier 
(CPE) information in National Vulnerability Database (NVD):

[https://nvd.nist.gov/vuln/detail/CVE-2021-44228]

Compare to for example [https://nvd.nist.gov/vuln/detail/CVE-2020-9488]

Would you be able to getting it submitted there?

Automated vulnerability check tools like the OWASP dependency checker cannot 
identify the vulnerability if the CPE information is missing. See 
[https://jeremylong.github.io/DependencyCheck/general/internals.html]

  was:
CVE-2021-44228 vulnerability is missing Common Platform Enumeration identifier 
(CPE) information in National Vulnerability Database (NVD):

[https://nvd.nist.gov/vuln/detail/CVE-2021-44228]

Compare to for example [https://nvd.nist.gov/vuln/detail/CVE-2020-9488]

Would you be able to getting it submitted it there?

Automated vulnerability check tools like the OWASP dependency checker cannot 
identify the vulnerability if the CPE information is missing. See 
https://jeremylong.github.io/DependencyCheck/general/internals.html


> CVE-2021-44228 vulnerability missing CPE information in NVD
> -----------------------------------------------------------
>
>                 Key: LOG4J2-3213
>                 URL: https://issues.apache.org/jira/browse/LOG4J2-3213
>             Project: Log4j 2
>          Issue Type: Question
>            Reporter: Anssi Wilkko
>            Priority: Major
>
> CVE-2021-44228 vulnerability is missing Common Platform Enumeration 
> identifier (CPE) information in National Vulnerability Database (NVD):
> [https://nvd.nist.gov/vuln/detail/CVE-2021-44228]
> Compare to for example [https://nvd.nist.gov/vuln/detail/CVE-2020-9488]
> Would you be able to getting it submitted there?
> Automated vulnerability check tools like the OWASP dependency checker cannot 
> identify the vulnerability if the CPE information is missing. See 
> [https://jeremylong.github.io/DependencyCheck/general/internals.html]



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

Reply via email to