Slide 7
Slide 7 text
© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Log4j related CVE records
The Common Vulnerabilities and Exposures (CVE) program‘s mission is to identify,
define, and catalog publicly disclosed cybersecurity vulnerabilities.
Dictionary entry Description Score (CVSS/EPSS)
CVE-2021-44228 JNDI vulnerability mentioned on previous slide 10.0 Critical 95.10%
CVE-2021-44832
Remote code execution (RCE) possible in
combination with JDBC Appender
6.6 Medium 68.64%
CVE-2021-45046 Fix to address CVE-2021-44228 was incomplete 9.0 Critical 71.95%
CVE-2021-45105
Denial of service possibility when a crafted
string is interpreted
5.9 Medium 33.57%
The Common Platform Enumeration (CPE) is a structured naming
scheme in XML format for IT systems, software, and packages.
This formal format allows checking and testing.