Enhancement: vulnerabilities/other/unifi-network-log4j-rce.yaml by mp

vulnerabilities/other/unifi-network-log4j-rce.yaml

@@ -1,15 +1,20 @@
 id: unifi-network-log4j-rce
 
 info:
-  name: UniFi Network Log4j JNDI RCE
+  name: UniFi Network Application - Remote Code Execution (Log4j)
   author: KrE80r
   severity: critical
-  description: A critical vulnerability in Apache Log4j identified by CVE-2021-44228 has been publicly disclosed that may allow for remote code execution in an impacted UniFi Network Application .
+  description: UniFi Network Application is susceptible to a critical vulnerability in Apache Log4j (CVE-2021-44228) that may allow for remote code execution in an impacted implementation.
   reference:
     - https://community.ui.com/releases/UniFi-Network-Application-6-5-55/48c64137-4a4a-41f7-b7e4-3bee505ae16e
     - https://twitter.com/sprocket_ed/status/1473301038832701441
   metadata:
     shodan-query: http.title:"UniFi Network"
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
+    cvss-score: 10.0
+    cve-id:
+    cwe-id: CWE-77
   tags: rce,log4j,ubnt,unifi,oast,jndi
 
 requests:
@@ -41,3 +46,5 @@ requests:
         group: 1
         regex:
           - '([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+'   # Print extracted ${hostName} in output
+
+# Enhanced by mp on 2022/06/03