Text Form of Oracle Security Alert - CVE-2021-44228 Risk Matrices

 

This document provides the text form of the CVE-2021-44228 Advisory Risk Matrices. Please note that the CVE numbers in this document correspond to the same CVE numbers in the CVE-2021-44228 Advisory

This page contains the following text format Risk Matrices:

Text Form of Risk Matrix for Third Party Component

This table provides the text form of the Risk Matrix for Third Party Component.
 

CVE# Description
CVE-2021-44228 Vulnerability in the Apache Log4j product of Third Party Component (component: All). Supported versions that are affected are 2.0 - 2.14.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Apache Log4j. While the vulnerability is in Apache Log4j, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Apache Log4j.

CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). (legend) [Advisory]
CVE-2021-45046 Vulnerability in the Apache Log4j product of Third Party Component (component: All). Supported versions that are affected are 2.0 - 2.15.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Apache Log4j. While the vulnerability is in Apache Log4j, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Apache Log4j. 

CVSS 3.1 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H). (legend) [Advisory]