You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@logging.apache.org by "Anssi Wilkko (Jira)" <ji...@apache.org> on 2021/12/13 08:19:00 UTC

[jira] [Created] (LOG4J2-3213) CVE-2021-44228 vulnerability missing CPE information in NVD

Anssi Wilkko created LOG4J2-3213:
------------------------------------

             Summary: CVE-2021-44228 vulnerability missing CPE information in NVD
                 Key: LOG4J2-3213
                 URL: https://issues.apache.org/jira/browse/LOG4J2-3213
             Project: Log4j 2
          Issue Type: Question
            Reporter: Anssi Wilkko


CVE-2021-44228 vulnerability is missing Common Platform Enumeration identifier (CPE) information in National Vulnerability Database (NVD):

[https://nvd.nist.gov/vuln/detail/CVE-2021-44228]

Compare to for example [https://nvd.nist.gov/vuln/detail/CVE-2020-9488]

Would you be able to getting it submitted it there?

Automated vulnerability check tools like the OWASP dependency checker cannot identify the vulnerability if the CPE information is missing. See https://jeremylong.github.io/DependencyCheck/general/internals.html



--
This message was sent by Atlassian Jira
(v8.20.1#820001)