Re: LOG4J2-3213 CVE missing CPE information in NVD

I did not fix that. As for how they’re made, I found the CPE database and searched for log4j to find the existing strings. As for editing CVEs, that’s through this site: https://cveprocess.apache.org/ -- Matt Sicker > On Dec 13, 2021, at 16:04, Volkan Yazıcı wrote: > > Matt, I see that it is f

Re: LOG4J2-3213 CVE missing CPE information in NVD

Matt, I see that it is fixed in https://nvd.nist.gov/vuln/detail/CVE-2021-44228 Did you do it? If so, 1. How did you come up with CPEs? 2. How did you edit the CVE? On Mon, Dec 13, 2021 at 6:50 PM Matt Sicker wrote: > Based on existing CPEs, I think it would look something like: > > cpe:2.3:a:a

Re: LOG4J2-3213 CVE missing CPE information in NVD

Based on existing CPEs, I think it would look something like: cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:* up to version 2.14.1 are affected. On Mon, Dec 13, 2021 at 3:31 AM Volkan Yazıcı wrote: > > Mind somebody helping with LOG4J2-3213 > , please? I

LOG4J2-3213 CVE missing CPE information in NVD

Mind somebody helping with LOG4J2-3213 , please? I have no idea how this entire CVE process is managed and updated. I would appreciate it if the one who performs the correction can also share how he/she did that. So that next time first-timers like