[logging-log4j-site] 04/04: update severity

[rg...@apache.org]

This is an automated email from the ASF dual-hosted git repository.

rgoers pushed a commit to branch asf-site
in repository https://gitbox.apache.org/repos/asf/logging-log4j-site.git

commit 6a07dc24dd0375885f25dfd01841b5313486bb80
Author: Ralph Goers <rg...@apache.org>
AuthorDate: Fri Dec 10 02:12:10 2021 -0700

    update severity
---
 log4j-2.15.0/security.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/log4j-2.15.0/security.html b/log4j-2.15.0/security.html
index 59426b7..056123b 100644
--- a/log4j-2.15.0/security.html
+++ b/log4j-2.15.0/security.html
@@ -165,7 +165,7 @@
 <p>If you have encountered an unlisted security vulnerability or other unexpected behaviour that has security impact, or if the descriptions here are incomplete, please report them privately to the <a class="externalLink" href="mailto:private@logging.apache.org">Log4j Security Team</a>. Thank you.</p><section><section>
 <h3><a name="Fixed_in_Log4j_2.15.0"></a>Fixed in Log4j 2.15.0</h3>
 <p><a class="externalLink" href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228">CVE-2021-44228</a>:  Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints.</p>
-<p>Severity: High</p>
+<p>Severity: Critical</p>
 <p>Base CVSS Score: 10.0 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H</p>
 <p>Versions Affected: all versions from 2.0-beta9 to 2.14.1</p>
 <p>Descripton: Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default.</p>