CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS
Percentile
99.6%
UIMA PEAR projects that have been generated with the de.averbis.textanalysis:pear-archetype
version 2.0.0
have a maven dependency with scope test
to log4j 2.8.2
and might be affected by CVE-2021-44228.
The issue has been resolved in de.averbis.textanalysis:pear-archetype
version 2.0.1
. Please make sure to use de.averbis.textanalysis:pear-archetype
version >= 2.0.1
for generating new PEAR projects.
Existing maven PEAR projects can be patched by manually upgrading to log4j
>= 2.16.0
in pom.xml
.
https://www.lunasec.io/docs/blog/log4j-zero-day/
If you have any questions or comments about this advisory:
Vendor | Product | Version | CPE |
---|---|---|---|
de.averbis.textanalysis | pear-archetype | 2.0.0 | cpe:2.3:a:de.averbis.textanalysis:pear-archetype:2.0.0:*:*:*:*:*:*:* |
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS
Percentile
99.6%