From 338341cf24fbdd2ca56a02ad862ff0b0d11cb210 Mon Sep 17 00:00:00 2001 From: cisagovbot <65734717+cisagovbot@users.noreply.github.com> Date: Thu, 27 Jan 2022 16:12:46 +0000 Subject: [PATCH] Update the software list --- SOFTWARE-LIST.md | 38 ++++---- data/cisagov.yml | 227 ++++++++++++++++++++++++++------------------- data/cisagov_S.yml | 78 ++++++++-------- 3 files changed, 191 insertions(+), 152 deletions(-) diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md index 010855a..2fdcade 100644 --- a/SOFTWARE-LIST.md +++ b/SOFTWARE-LIST.md @@ -2440,27 +2440,27 @@ NOTE: This file is automatically generated. To submit updates, please refer to | SAFE FME Server | | | | Unknown | [link](https://community.safe.com/s/article/Is-FME-Server-Affected-by-the-Security-Vulnerability-Reported-Against-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | SAGE | | | | Unknown | [link](https://www.sagecity.com/sage-global-solutions/sage-crm/f/sage-crm-announcements-news-and-alerts/178655/advisory-apache-log4j-vulnerability-cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | SailPoint | | | | Unknown | [link](https://community.sailpoint.com/t5/IdentityIQ-Blog/IdentityIQ-log4j-Remote-Code-Execution-Vulnerability/ba-p/206681) | This advisory is available to customers only and has not been reviewed by CISA | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Salesforce | Analytics Cloud | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | Analytics Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Salesforce | B2C Commerce Cloud | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | B2C Commerce Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Salesforce | ClickSoftware (As-a-Service) | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | ClickSoftware (As-a-Service) was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Salesforce | ClickSoftware (On-Premise) | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | ClickSoftware (On-Premise) was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. Additional details are available here. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Salesforce | Data.com | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | Data.com was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Salesforce | DataLoader | | <=53.0.0 | Fixed | [link](https://github.com/forcedotcom/dataloader/releases/tag/v53.0.1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| Salesforce | Analytics Cloud | | All | Fixed | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | Analytics Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| Salesforce | B2C Commerce Cloud | | All | Fixed | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | B2C Commerce Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| Salesforce | ClickSoftware (As-a-Service) | | All | Fixed | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | ClickSoftware (As-a-Service) was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| Salesforce | ClickSoftware (On-Premise) | | All | Fixed | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | ClickSoftware (On-Premise) was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. Additional details are available here. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| Salesforce | Data.com | | All | Fixed | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | Data.com was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| Salesforce | DataLoader | | >=53.0.2 | Fixed | [link](https://github.com/forcedotcom/dataloader/releases/tag/v53.0.2) | This version is for use with Salesforce Winter '22 or higher release through Salesforce Force Partner API and Force WSC v53.0.0. It contains the fix for CVE-2021-44228, CVE-2021-45046, and CVE-2021-45105 by upgrading to log4j 2.17.0. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | | Salesforce | Datorama | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | Datorama was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Salesforce | Evergage (Interaction Studio) | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | Evergage (Interaction Studio) was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Salesforce | Experience (Community) Cloud | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | Experience Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Salesforce | Force.com | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | Force.com was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. The Data Loader tool has been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. Make sure that you are using Data Loader version 53.0.2 or later. Follow the steps described here to download the latest version of Data Loader. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Salesforce | Heroku | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | Heroku is reported to not be affected by the issues currently identified in CVE-2021-44228 or CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Salesforce | Marketing Cloud | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | Salesforce-owned services within Marketing Cloud are not affected by the issues currently identified in CVE-2021-44228 or CVE-2021-45046. Third-party vendors have been patched to address the security issues currently identified in CVE-2021-44228 or CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Salesforce | MuleSoft (Cloud) | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | MuleSoft (Cloud) was affected by CVE-2021-44228 and CVE-2021-45046. Mulesoft services, including dataloader.io, have been updated to mitigate the issues currently identified in CVE-2021-44228 and CVE-2021-45046. Please see additional details here. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Salesforce | MuleSoft (On-Premise) | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | MuleSoft (On-Premise) was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors, including Private Cloud Edition (PCE) and Anypoint Studio, have a mitigation in place to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. Please see additional details here. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Salesforce | Pardot | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | Pardot was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Salesforce | Sales Cloud | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | Sales Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Salesforce | Service Cloud | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | Service Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Salesforce | Slack | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | Slack was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in both CVE-2021-44228 and CVE-2021-45046. Additional details are available here. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Salesforce | Social Studio | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | Social Studio was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Salesforce | Evergage (Interaction Studio) | | All | Fixed | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | Evergage (Interaction Studio) was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| Salesforce | Experience (Community) Cloud | | All | Fixed | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | Experience Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| Salesforce | Force.com | | All | Fixed | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | Force.com was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. The Data Loader tool has been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. Make sure that you are using Data Loader version 53.0.2 or later. Follow the steps described here to download the latest version of Data Loader. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| Salesforce | Heroku | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | Heroku is reported to not be affected by the issues currently identified in CVE-2021-44228 or CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| Salesforce | Marketing Cloud | | All | Fixed | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | Salesforce-owned services within Marketing Cloud are not affected by the issues currently identified in CVE-2021-44228 or CVE-2021-45046. Third-party vendors have been patched to address the security issues currently identified in CVE-2021-44228 or CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| Salesforce | MuleSoft (Cloud) | | All | Fixed | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | MuleSoft (Cloud) was affected by CVE-2021-44228 and CVE-2021-45046. Mulesoft services, including dataloader.io, have been updated to mitigate the issues currently identified in CVE-2021-44228 and CVE-2021-45046. Please see additional details here. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| Salesforce | MuleSoft (On-Premise) | | All | Fixed | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | MuleSoft (On-Premise) was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors, including Private Cloud Edition (PCE) and Anypoint Studio, have a mitigation in place to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. Please see additional details here. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| Salesforce | Pardot | | All | Fixed | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | Pardot was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| Salesforce | Sales Cloud | | All | Fixed | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | Sales Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| Salesforce | Service Cloud | | All | Fixed | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | Service Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| Salesforce | Slack | | All | Fixed | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | Slack was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in both CVE-2021-44228 and CVE-2021-45046. Additional details are available here. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| Salesforce | Social Studio | | All | Fixed | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | Social Studio was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | | Salesforce | Tableau (On-Premise) | | < 2021.4.1 | Fixed | [link](https://kb.tableau.com/articles/issue/Apache-Log4j2-vulnerability-Log4shell) | Tableau (On-Premise) was affected by CVE-2021-44228 and CVE-2021-45046. Patches to address the issues currently identified in both CVE-2021-44228 and CVE-2021-45046 are available for download. Additional details are available here. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | -| Salesforce | Tableau (Online) | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | Tableau Online was affected by CVE-2021-44228 and CVE-2021-45046. Services have been patched to mitigate the issues currently identified in both CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Salesforce | Tableau (Online) | | All | Fixed | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | Tableau Online was affected by CVE-2021-44228 and CVE-2021-45046. Services have been patched to mitigate the issues currently identified in both CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | | Samsung Electronics America | Knox Admin Portal | | | Not Affected | [link](https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-17 | | Samsung Electronics America | Knox Asset Intelligence | | | Not Affected | [link](https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-17 | | Samsung Electronics America | Knox Configure | | | Not Affected | [link](https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-17 | diff --git a/data/cisagov.yml b/data/cisagov.yml index 67ef881..f40f47b 100644 --- a/data/cisagov.yml +++ b/data/cisagov.yml @@ -71499,14 +71499,16 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -71520,7 +71522,7 @@ software: identified in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-26T00:00:00' - vendor: Salesforce product: B2C Commerce Cloud cves: @@ -71530,14 +71532,16 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -71551,7 +71555,7 @@ software: identified in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-26T00:00:00' - vendor: Salesforce product: ClickSoftware (As-a-Service) cves: @@ -71561,14 +71565,16 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -71582,7 +71588,7 @@ software: the issues currently identified in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-26T00:00:00' - vendor: Salesforce product: ClickSoftware (On-Premise) cves: @@ -71592,14 +71598,16 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -71614,7 +71622,7 @@ software: details are available here. references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-26T00:00:00' - vendor: Salesforce product: Data.com cves: @@ -71624,14 +71632,16 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -71645,7 +71655,7 @@ software: identified in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-26T00:00:00' - vendor: Salesforce product: DataLoader cves: @@ -71658,12 +71668,13 @@ software: investigated: true affected_versions: [] fixed_versions: - - <=53.0.0 + - '>=53.0.2' unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '>=53.0.2' unaffected_versions: [] cve-2021-45105: investigated: false @@ -71671,11 +71682,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://github.com/forcedotcom/dataloader/releases/tag/v53.0.1 - notes: '' + - https://github.com/forcedotcom/dataloader/releases/tag/v53.0.2 + notes: This version is for use with Salesforce Winter '22 or higher release through + Salesforce Force Partner API and Force WSC v53.0.0. It contains the fix for + CVE-2021-44228, CVE-2021-45046, and CVE-2021-45105 by upgrading to log4j 2.17.0. references: - '' - last_updated: '2021-12-22T00:00:00' + last_updated: '2022-01-26T00:00:00' - vendor: Salesforce product: Datorama cves: @@ -71716,14 +71729,16 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -71737,7 +71752,7 @@ software: the issues currently identified in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-26T00:00:00' - vendor: Salesforce product: Experience (Community) Cloud cves: @@ -71747,14 +71762,16 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -71768,7 +71785,7 @@ software: identified in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-26T00:00:00' - vendor: Salesforce product: Force.com cves: @@ -71778,14 +71795,16 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -71802,7 +71821,7 @@ software: steps described here to download the latest version of Data Loader. references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-26T00:00:00' - vendor: Salesforce product: Heroku cves: @@ -71815,12 +71834,14 @@ software: investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45105: investigated: false affected_versions: [] @@ -71832,7 +71853,7 @@ software: in CVE-2021-44228 or CVE-2021-45046. references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-26T00:00:00' - vendor: Salesforce product: Marketing Cloud cves: @@ -71842,14 +71863,16 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -71864,7 +71887,7 @@ software: in CVE-2021-44228 or CVE-2021-45046. references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-26T00:00:00' - vendor: Salesforce product: MuleSoft (Cloud) cves: @@ -71874,14 +71897,16 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -71896,7 +71921,7 @@ software: details here. references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-26T00:00:00' - vendor: Salesforce product: MuleSoft (On-Premise) cves: @@ -71906,14 +71931,16 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -71929,7 +71956,7 @@ software: details here. references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-26T00:00:00' - vendor: Salesforce product: Pardot cves: @@ -71939,14 +71966,16 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -71960,7 +71989,7 @@ software: identified in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-26T00:00:00' - vendor: Salesforce product: Sales Cloud cves: @@ -71970,14 +71999,16 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -71991,7 +72022,7 @@ software: identified in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-26T00:00:00' - vendor: Salesforce product: Service Cloud cves: @@ -72001,14 +72032,16 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -72022,7 +72055,7 @@ software: identified in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-26T00:00:00' - vendor: Salesforce product: Slack cves: @@ -72032,14 +72065,16 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -72054,7 +72089,7 @@ software: available here. references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-26T00:00:00' - vendor: Salesforce product: Social Studio cves: @@ -72064,14 +72099,16 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -72085,7 +72122,7 @@ software: identified in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-26T00:00:00' - vendor: Salesforce product: Tableau (On-Premise) cves: @@ -72128,14 +72165,16 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -72149,7 +72188,7 @@ software: and CVE-2021-45046. references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-26T00:00:00' - vendor: Samsung Electronics America product: Knox Admin Portal cves: diff --git a/data/cisagov_S.yml b/data/cisagov_S.yml index 00307cd..4345867 100644 --- a/data/cisagov_S.yml +++ b/data/cisagov_S.yml @@ -133,13 +133,13 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'All' + - All unaffected_versions: [] cve-2021-45046: investigated: true affected_versions: [] fixed_versions: - - 'All' + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -166,13 +166,13 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'All' + - All unaffected_versions: [] cve-2021-45046: investigated: true affected_versions: [] fixed_versions: - - 'All' + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -199,13 +199,13 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'All' + - All unaffected_versions: [] cve-2021-45046: investigated: true affected_versions: [] fixed_versions: - - 'All' + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -232,13 +232,13 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'All' + - All unaffected_versions: [] cve-2021-45046: investigated: true affected_versions: [] fixed_versions: - - 'All' + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -266,13 +266,13 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'All' + - All unaffected_versions: [] cve-2021-45046: investigated: true affected_versions: [] fixed_versions: - - 'All' + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -314,9 +314,9 @@ software: unaffected_versions: [] vendor_links: - https://github.com/forcedotcom/dataloader/releases/tag/v53.0.2 - notes: This version is for use with Salesforce Winter '22 or higher release through Salesforce - Force Partner API and Force WSC v53.0.0. It contains the fix for CVE-2021-44228, CVE-2021-45046, - and CVE-2021-45105 by upgrading to log4j 2.17.0. + notes: This version is for use with Salesforce Winter '22 or higher release through + Salesforce Force Partner API and Force WSC v53.0.0. It contains the fix for + CVE-2021-44228, CVE-2021-45046, and CVE-2021-45105 by upgrading to log4j 2.17.0. references: - '' last_updated: '2022-01-26T00:00:00' @@ -363,13 +363,13 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'All' + - All unaffected_versions: [] cve-2021-45046: investigated: true affected_versions: [] fixed_versions: - - 'All' + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -396,13 +396,13 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'All' + - All unaffected_versions: [] cve-2021-45046: investigated: true affected_versions: [] fixed_versions: - - 'All' + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -429,13 +429,13 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'All' + - All unaffected_versions: [] cve-2021-45046: investigated: true affected_versions: [] fixed_versions: - - 'All' + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -466,13 +466,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45105: investigated: false affected_versions: [] @@ -497,13 +497,13 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'All' + - All unaffected_versions: [] cve-2021-45046: investigated: true affected_versions: [] fixed_versions: - - 'All' + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -531,13 +531,13 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'All' + - All unaffected_versions: [] cve-2021-45046: investigated: true affected_versions: [] fixed_versions: - - 'All' + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -565,13 +565,13 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'All' + - All unaffected_versions: [] cve-2021-45046: investigated: true affected_versions: [] fixed_versions: - - 'All' + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -600,13 +600,13 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'All' + - All unaffected_versions: [] cve-2021-45046: investigated: true affected_versions: [] fixed_versions: - - 'All' + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -633,13 +633,13 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'All' + - All unaffected_versions: [] cve-2021-45046: investigated: true affected_versions: [] fixed_versions: - - 'All' + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -666,13 +666,13 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'All' + - All unaffected_versions: [] cve-2021-45046: investigated: true affected_versions: [] fixed_versions: - - 'All' + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -699,13 +699,13 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'All' + - All unaffected_versions: [] cve-2021-45046: investigated: true affected_versions: [] fixed_versions: - - 'All' + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -733,13 +733,13 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'All' + - All unaffected_versions: [] cve-2021-45046: investigated: true affected_versions: [] fixed_versions: - - 'All' + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -799,13 +799,13 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'All' + - All unaffected_versions: [] cve-2021-45046: investigated: true affected_versions: [] fixed_versions: - - 'All' + - All unaffected_versions: [] cve-2021-45105: investigated: false