|
|
|
@ -2233,143 +2233,6 @@ software: |
|
|
|
|
references: |
|
|
|
|
- '' |
|
|
|
|
last_updated: '2022-01-05T00:00:00' |
|
|
|
|
- vendor: MobileIron |
|
|
|
|
product: Core |
|
|
|
|
cves: |
|
|
|
|
cve-2021-4104: |
|
|
|
|
investigated: false |
|
|
|
|
affected_versions: [] |
|
|
|
|
fixed_versions: [] |
|
|
|
|
unaffected_versions: [] |
|
|
|
|
cve-2021-44228: |
|
|
|
|
investigated: true |
|
|
|
|
affected_versions: |
|
|
|
|
- All Versions |
|
|
|
|
fixed_versions: [] |
|
|
|
|
unaffected_versions: [] |
|
|
|
|
cve-2021-45046: |
|
|
|
|
investigated: false |
|
|
|
|
affected_versions: [] |
|
|
|
|
fixed_versions: [] |
|
|
|
|
unaffected_versions: [] |
|
|
|
|
cve-2021-45105: |
|
|
|
|
investigated: false |
|
|
|
|
affected_versions: [] |
|
|
|
|
fixed_versions: [] |
|
|
|
|
unaffected_versions: [] |
|
|
|
|
vendor_links: |
|
|
|
|
- https://forums.ivanti.com/s/article/Security-Bulletin-CVE-2021-44228-Remote-code-injection-in-Log4j?language=en_US |
|
|
|
|
notes: The mitigation instructions listed in a subsequent section removes a vulnerable |
|
|
|
|
Java class (JNDILookUp.class) from the affected Log4J Java library and as a |
|
|
|
|
result removes the ability to perform the RCE attack. The workaround needs |
|
|
|
|
to be applied in a maintenance window. You will not be able to access the admin |
|
|
|
|
portal during the procedure, however, end user devices will continue to function. |
|
|
|
|
references: |
|
|
|
|
- '' |
|
|
|
|
last_updated: '2021-12-20T00:00:00' |
|
|
|
|
- vendor: MobileIron |
|
|
|
|
product: Core Connector |
|
|
|
|
cves: |
|
|
|
|
cve-2021-4104: |
|
|
|
|
investigated: false |
|
|
|
|
affected_versions: [] |
|
|
|
|
fixed_versions: [] |
|
|
|
|
unaffected_versions: [] |
|
|
|
|
cve-2021-44228: |
|
|
|
|
investigated: true |
|
|
|
|
affected_versions: |
|
|
|
|
- All Versions |
|
|
|
|
fixed_versions: [] |
|
|
|
|
unaffected_versions: [] |
|
|
|
|
cve-2021-45046: |
|
|
|
|
investigated: false |
|
|
|
|
affected_versions: [] |
|
|
|
|
fixed_versions: [] |
|
|
|
|
unaffected_versions: [] |
|
|
|
|
cve-2021-45105: |
|
|
|
|
investigated: false |
|
|
|
|
affected_versions: [] |
|
|
|
|
fixed_versions: [] |
|
|
|
|
unaffected_versions: [] |
|
|
|
|
vendor_links: |
|
|
|
|
- https://forums.ivanti.com/s/article/Security-Bulletin-CVE-2021-44228-Remote-code-injection-in-Log4j?language=en_US |
|
|
|
|
notes: The mitigation instructions listed in a subsequent section removes a vulnerable |
|
|
|
|
Java class (JNDILookUp.class) from the affected Log4J Java library and as a |
|
|
|
|
result removes the ability to perform the RCE attack. The workaround needs |
|
|
|
|
to be applied in a maintenance window. You will not be able to access the admin |
|
|
|
|
portal during the procedure, however, end user devices will continue to function. |
|
|
|
|
references: |
|
|
|
|
- '' |
|
|
|
|
last_updated: '2021-12-20T00:00:00' |
|
|
|
|
- vendor: MobileIron |
|
|
|
|
product: Reporting Database (RDB) |
|
|
|
|
cves: |
|
|
|
|
cve-2021-4104: |
|
|
|
|
investigated: false |
|
|
|
|
affected_versions: [] |
|
|
|
|
fixed_versions: [] |
|
|
|
|
unaffected_versions: [] |
|
|
|
|
cve-2021-44228: |
|
|
|
|
investigated: true |
|
|
|
|
affected_versions: |
|
|
|
|
- All Versions |
|
|
|
|
fixed_versions: [] |
|
|
|
|
unaffected_versions: [] |
|
|
|
|
cve-2021-45046: |
|
|
|
|
investigated: false |
|
|
|
|
affected_versions: [] |
|
|
|
|
fixed_versions: [] |
|
|
|
|
unaffected_versions: [] |
|
|
|
|
cve-2021-45105: |
|
|
|
|
investigated: false |
|
|
|
|
affected_versions: [] |
|
|
|
|
fixed_versions: [] |
|
|
|
|
unaffected_versions: [] |
|
|
|
|
vendor_links: |
|
|
|
|
- https://forums.ivanti.com/s/article/Security-Bulletin-CVE-2021-44228-Remote-code-injection-in-Log4j?language=en_US |
|
|
|
|
notes: The mitigation instructions listed in a subsequent section removes a vulnerable |
|
|
|
|
Java class (JNDILookUp.class) from the affected Log4J Java library and as a |
|
|
|
|
result removes the ability to perform the RCE attack. The workaround needs |
|
|
|
|
to be applied in a maintenance window. You will not be able to access the admin |
|
|
|
|
portal during the procedure, however, end user devices will continue to function. |
|
|
|
|
references: |
|
|
|
|
- '' |
|
|
|
|
last_updated: '2021-12-20T00:00:00' |
|
|
|
|
- vendor: MobileIron |
|
|
|
|
product: Sentry |
|
|
|
|
cves: |
|
|
|
|
cve-2021-4104: |
|
|
|
|
investigated: false |
|
|
|
|
affected_versions: [] |
|
|
|
|
fixed_versions: [] |
|
|
|
|
unaffected_versions: [] |
|
|
|
|
cve-2021-44228: |
|
|
|
|
investigated: true |
|
|
|
|
affected_versions: |
|
|
|
|
- '9.13' |
|
|
|
|
- '9.14' |
|
|
|
|
fixed_versions: [] |
|
|
|
|
unaffected_versions: [] |
|
|
|
|
cve-2021-45046: |
|
|
|
|
investigated: false |
|
|
|
|
affected_versions: [] |
|
|
|
|
fixed_versions: [] |
|
|
|
|
unaffected_versions: [] |
|
|
|
|
cve-2021-45105: |
|
|
|
|
investigated: false |
|
|
|
|
affected_versions: [] |
|
|
|
|
fixed_versions: [] |
|
|
|
|
unaffected_versions: [] |
|
|
|
|
vendor_links: |
|
|
|
|
- https://forums.ivanti.com/s/article/Security-Bulletin-CVE-2021-44228-Remote-code-injection-in-Log4j?language=en_US |
|
|
|
|
notes: The mitigation instructions listed in a subsequent section removes a vulnerable |
|
|
|
|
Java class (JNDILookUp.class) from the affected Log4J Java library and as a |
|
|
|
|
result removes the ability to perform the RCE attack. The workaround needs |
|
|
|
|
to be applied in a maintenance window. You will not be able to access the admin |
|
|
|
|
portal during the procedure, however, end user devices will continue to function. |
|
|
|
|
references: |
|
|
|
|
- '' |
|
|
|
|
last_updated: '2021-12-20T00:00:00' |
|
|
|
|
- vendor: MongoDB |
|
|
|
|
product: All other components of MongoDB Atlas (including Atlas Database, Data |
|
|
|
|
Lake, Charts) |
|
|
|
|