Enhancement: vulnerabilities/apache/apache-ofbiz-log4j-rce.yaml by mp

2022-05-24 12:41:22 -04:00 · 2022-05-24 12:41:22 -04:00 · 0fcd77fe46
parent d0ea7fe0b2
commit 0fcd77fe46
1 changed files with 5 additions and 0 deletions
--- a/vulnerabilities/apache/apache-ofbiz-log4j-rce.yaml
+++ b/vulnerabilities/apache/apache-ofbiz-log4j-rce.yaml
@ -9,6 +9,11 @@ info:
    - https://issues.apache.org/jira/browse/OFBIZ-12449
    - https://nvd.nist.gov/vuln/detail/CVE-2021-44228
    - https://ofbiz.apache.org/
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
+    cvss-score: 10.0
+    cve-id:
+    cwe-id: CWE-77
  remediation: Upgrade to Apache OFBiz version 8.12.03 or later.
  tags: ofbiz,oast,log4j,rce,apache,jndi