[jira] [Updated] (LOG4J2-3213) CVE-2021-44228 vulnerability missing CPE information in NVD

[Anssi Wilkko (Jira)]

     [ 
https://issues.apache.org/jira/browse/LOG4J2-3213?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Anssi Wilkko updated LOG4J2-3213:
---------------------------------
    Description: 
CVE-2021-44228 vulnerability is missing Common Platform Enumeration identifier 
(CPE) information in National Vulnerability Database (NVD):

[https://nvd.nist.gov/vuln/detail/CVE-2021-44228]

Compare to for example [https://nvd.nist.gov/vuln/detail/CVE-2020-9488]

Would you be able to help getting it submitted there?

Automated vulnerability check tools like the OWASP dependency checker cannot 
identify the vulnerability if the CPE information is missing. See 
[https://jeremylong.github.io/DependencyCheck/general/internals.html]

  was:
CVE-2021-44228 vulnerability is missing Common Platform Enumeration identifier 
(CPE) information in National Vulnerability Database (NVD):

[https://nvd.nist.gov/vuln/detail/CVE-2021-44228]

Compare to for example [https://nvd.nist.gov/vuln/detail/CVE-2020-9488]

Would you be able to getting it submitted there?

Automated vulnerability check tools like the OWASP dependency checker cannot 
identify the vulnerability if the CPE information is missing. See 
[https://jeremylong.github.io/DependencyCheck/general/internals.html]


> CVE-2021-44228 vulnerability missing CPE information in NVD
> -----------------------------------------------------------
>
>                 Key: LOG4J2-3213
>                 URL: https://issues.apache.org/jira/browse/LOG4J2-3213
>             Project: Log4j 2
>          Issue Type: Question
>            Reporter: Anssi Wilkko
>            Priority: Major
>
> CVE-2021-44228 vulnerability is missing Common Platform Enumeration 
> identifier (CPE) information in National Vulnerability Database (NVD):
> [https://nvd.nist.gov/vuln/detail/CVE-2021-44228]
> Compare to for example [https://nvd.nist.gov/vuln/detail/CVE-2020-9488]
> Would you be able to help getting it submitted there?
> Automated vulnerability check tools like the OWASP dependency checker cannot 
> identify the vulnerability if the CPE information is missing. See 
> [https://jeremylong.github.io/DependencyCheck/general/internals.html]



--
This message was sent by Atlassian Jira
(v8.20.1#820001)