mirror of
https://github.com/cisagov/log4j-affected-db.git
synced 2024-11-25 01:40:47 +00:00
Update the software list
This commit is contained in:
parent
19549346bb
commit
0a5a312ade
3 changed files with 203 additions and 62 deletions
|
@ -1229,13 +1229,17 @@ NOTE: This file is automatically generated. To submit updates, please refer to
|
||||||
| FTAPI | | | | Unknown | [link](https://www.ftapi.com/blog/kritische-sicherheitslucke-in-log4j-ftapi-reagiert/#) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
|
| FTAPI | | | | Unknown | [link](https://www.ftapi.com/blog/kritische-sicherheitslucke-in-log4j-ftapi-reagiert/#) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
|
||||||
| Fujitsu | | | | Unknown | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
|
| Fujitsu | | | | Unknown | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
|
||||||
| FusionAuth | FusionAuth | | | Not Affected | [link](https://fusionauth.io/blog/2021/12/10/log4j-fusionauth/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
|
| FusionAuth | FusionAuth | | | Not Affected | [link](https://fusionauth.io/blog/2021/12/10/log4j-fusionauth/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
|
||||||
| GE Digital | | | | Unknown | [link](https://digitalsupport.ge.com/communities/en_US/Alert/GE-Security-Advisories) | This advisory is available to customers only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 |
|
| GE Digital | All | | | Unknown | [link](https://digitalsupport.ge.com/communities/en_US/Alert/GE-Security-Advisories) | This advisory is available to customers only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 |
|
||||||
| GE Digital Grid | | | | Unknown | [link](https://digitalenergy.service-now.com/csm?id=kb_category&kb_category=b8bc715b879c89103f22a93e0ebb3585) | This advisory is available to customers only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 |
|
| GE Digital Grid | All | | | Unknown | [link](https://digitalenergy.service-now.com/csm?id=kb_category&kb_category=b8bc715b879c89103f22a93e0ebb3585) | This advisory is available to customers only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 |
|
||||||
| GE Gas Power | Asset Performance Management (APM) | | | Unknown | [link](https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf) | GE verifying workaround. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 |
|
| GE Gas Power | Asset Performance Management (APM) | | | Fixed | [link](https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf) | GE Digital has fixed the log4j issue on the APM. Validation and test completed in development environment and the team is currently deploying the fixes in the production environment. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 |
|
||||||
| GE Gas Power | Baseline Security Center (BSC) | | | Unknown | [link](https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf) | Vulnerability to be fixed by vendor provided workaround. No user actions necessary. Contact GE for details. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 |
|
| GE Gas Power | Baseline Security Center (BSC) | | | Affected | [link](https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf) | GE Gas Power is still validating the workaround provided by FoxGuard in Technical Information Notice – M1221-S01. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 |
|
||||||
| GE Gas Power | Baseline Security Center (BSC) 2.0 | | | Unknown | [link](https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf) | Vulnerability to be fixed by vendor provided workaround. No user actions necessary. Contact GE for details | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 |
|
| GE Gas Power | Baseline Security Center (BSC) 2.0 | | | Fixed | [link](https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf) | GE Gas Power has tested and validated the component of the BSC 2.0 that is impacted (McAfee SIEM 11.x). The update and instructions can be downloaded from link in reference section. This update is available to customer only and has not been reviewed by CISA. | [Customer Portal Update](https://gepowerpac.servicenow.com/kb_view.do?sysparm_article=KB0029420) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 |
|
||||||
| GE Gas Power | Control Server | | | Unknown | [link](https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf) | The Control Server is Affected via vCenter. There is a fix for vCenter. Please see below. GE verifying the vCenter fix as proposed by the vendor. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 |
|
| GE Gas Power | Control Server | | | Affected | [link](https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf) | Please see vCenter. Control Server is not directly impacted. It is impacted through vCenter. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 |
|
||||||
| GE Gas Power | Tag Mapping Service | | | Unknown | [link](https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf) | Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 |
|
| GE Gas Power | MyFleet | | | Fixed | [link](https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf) | Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 |
|
||||||
|
| GE Gas Power | OPM Performance Intelligence | | | Fixed | [link](https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf) | Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 |
|
||||||
|
| GE Gas Power | OPM Performance Planning | | | Fixed | [link](https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf) | Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 |
|
||||||
|
| GE Gas Power | Tag Mapping Service | | | Fixed | [link](https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf) | Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 |
|
||||||
|
| GE Gas Power | vCenter | | | Fixed | [link](https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf) | GE Gas Power has tested and validated the update provided by Vmware. The update and instructions can be downloaded from link in reference section. This update is available to customer only and has not been reviewed by CISA. | [Customer Portal Update](https://gepowerpac.servicenow.com/kb_view.do?sysparm_article=KB0029417) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 |
|
||||||
| GE Healthcare | | | | Unknown | [link](https://securityupdate.gehealthcare.com) | This advisory is not available at the time of this review, due to maintence on the GE Healthcare website. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 |
|
| GE Healthcare | | | | Unknown | [link](https://securityupdate.gehealthcare.com) | This advisory is not available at the time of this review, due to maintence on the GE Healthcare website. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 |
|
||||||
| Gearset | | | | Unknown | [link](https://docs.gearset.com/en/articles/5806813-gearset-log4j-statement-dec-2021) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
|
| Gearset | | | | Unknown | [link](https://docs.gearset.com/en/articles/5806813-gearset-log4j-statement-dec-2021) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
|
||||||
| Genesys | | | | Unknown | [link](https://www.genesys.com/blog/post/genesys-update-on-the-apache-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
|
| Genesys | | | | Unknown | [link](https://www.genesys.com/blog/post/genesys-update-on-the-apache-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
|
||||||
|
@ -1381,11 +1385,11 @@ NOTE: This file is automatically generated. To submit updates, please refer to
|
||||||
| Google Cloud | Virtual Private Cloud | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 |
|
| Google Cloud | Virtual Private Cloud | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 |
|
||||||
| Google Cloud | Web Security Scanner | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 |
|
| Google Cloud | Web Security Scanner | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 |
|
||||||
| Google Cloud | Workflows | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 |
|
| Google Cloud | Workflows | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 |
|
||||||
| Gradle | Gradle | | | Unknown | [link](https://blog.gradle.org/log4j-vulnerability) | Gradle Scala Compiler Plugin depends upon log4j-core but it is not used. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
|
| Gradle | All | | | Not Affected | [link](https://blog.gradle.org/log4j-vulnerability) | Gradle Scala Compiler Plugin depends upon log4j-core but it is not used. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
|
||||||
| Gradle | Gradle Enterprise | < 2021.3.6 | | Affected | [link](https://security.gradle.com/advisory/2021-11) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
|
| Gradle | Gradle Enterprise | | < 2021.3.6 | Fixed | [link](https://security.gradle.com/advisory/2021-11) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
|
||||||
| Gradle | Gradle Enterprise Build Cache Node | < 10.1 | | Affected | [link](https://security.gradle.com/advisory/2021-11) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
|
| Gradle | Gradle Enterprise Build Cache Node | | < 10.1 | Fixed | [link](https://security.gradle.com/advisory/2021-11) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
|
||||||
| Gradle | Gradle Enterprise Test Distribution Agent | < 1.6.2 | | Affected | [link](https://security.gradle.com/advisory/2021-11) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
|
| Gradle | Gradle Enterprise Test Distribution Agent | | < 1.6.2 | Fixed | [link](https://security.gradle.com/advisory/2021-11) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
|
||||||
| Grafana | | | | Unknown | [link](https://grafana.com/blog/2021/12/14/grafana-labs-core-products-not-impacted-by-log4j-cve-2021-44228-and-related-vulnerabilities/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
|
| Grafana | All | | | Not Affected | [link](https://grafana.com/blog/2021/12/14/grafana-labs-core-products-not-impacted-by-log4j-cve-2021-44228-and-related-vulnerabilities/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
|
||||||
| Grandstream | | | | Unknown | [link](https://blog.grandstream.com/press-releases/grandstream-products-unaffected-by-log4j-vulnerability?hsLang=en) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
|
| Grandstream | | | | Unknown | [link](https://blog.grandstream.com/press-releases/grandstream-products-unaffected-by-log4j-vulnerability?hsLang=en) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
|
||||||
| Gravitee | Access Management | | | Not Affected | [link](https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
|
| Gravitee | Access Management | | | Not Affected | [link](https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
|
||||||
| Gravitee | Access Management | | | Not Affected | [link](https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
|
| Gravitee | Access Management | | | Not Affected | [link](https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
|
||||||
|
|
207
data/cisagov.yml
207
data/cisagov.yml
|
@ -35743,7 +35743,7 @@ software:
|
||||||
- ''
|
- ''
|
||||||
last_updated: '2022-01-12T07:18:50+00:00'
|
last_updated: '2022-01-12T07:18:50+00:00'
|
||||||
- vendor: GE Digital
|
- vendor: GE Digital
|
||||||
product: ''
|
product: All
|
||||||
cves:
|
cves:
|
||||||
cve-2021-4104:
|
cve-2021-4104:
|
||||||
investigated: false
|
investigated: false
|
||||||
|
@ -35773,7 +35773,7 @@ software:
|
||||||
- ''
|
- ''
|
||||||
last_updated: '2021-12-22T00:00:00'
|
last_updated: '2021-12-22T00:00:00'
|
||||||
- vendor: GE Digital Grid
|
- vendor: GE Digital Grid
|
||||||
product: ''
|
product: All
|
||||||
cves:
|
cves:
|
||||||
cve-2021-4104:
|
cve-2021-4104:
|
||||||
investigated: false
|
investigated: false
|
||||||
|
@ -35811,9 +35811,10 @@ software:
|
||||||
fixed_versions: []
|
fixed_versions: []
|
||||||
unaffected_versions: []
|
unaffected_versions: []
|
||||||
cve-2021-44228:
|
cve-2021-44228:
|
||||||
investigated: false
|
investigated: true
|
||||||
affected_versions: []
|
affected_versions: []
|
||||||
fixed_versions: []
|
fixed_versions:
|
||||||
|
- ''
|
||||||
unaffected_versions: []
|
unaffected_versions: []
|
||||||
cve-2021-45046:
|
cve-2021-45046:
|
||||||
investigated: false
|
investigated: false
|
||||||
|
@ -35826,8 +35827,10 @@ software:
|
||||||
fixed_versions: []
|
fixed_versions: []
|
||||||
unaffected_versions: []
|
unaffected_versions: []
|
||||||
vendor_links:
|
vendor_links:
|
||||||
- https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf
|
- https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf
|
||||||
notes: GE verifying workaround.
|
notes: GE Digital has fixed the log4j issue on the APM. Validation and test completed
|
||||||
|
in development environment and the team is currently deploying the fixes in
|
||||||
|
the production environment.
|
||||||
references:
|
references:
|
||||||
- ''
|
- ''
|
||||||
last_updated: '2021-12-22T00:00:00'
|
last_updated: '2021-12-22T00:00:00'
|
||||||
|
@ -35840,8 +35843,9 @@ software:
|
||||||
fixed_versions: []
|
fixed_versions: []
|
||||||
unaffected_versions: []
|
unaffected_versions: []
|
||||||
cve-2021-44228:
|
cve-2021-44228:
|
||||||
investigated: false
|
investigated: true
|
||||||
affected_versions: []
|
affected_versions:
|
||||||
|
- ''
|
||||||
fixed_versions: []
|
fixed_versions: []
|
||||||
unaffected_versions: []
|
unaffected_versions: []
|
||||||
cve-2021-45046:
|
cve-2021-45046:
|
||||||
|
@ -35855,9 +35859,9 @@ software:
|
||||||
fixed_versions: []
|
fixed_versions: []
|
||||||
unaffected_versions: []
|
unaffected_versions: []
|
||||||
vendor_links:
|
vendor_links:
|
||||||
- https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf
|
- https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf
|
||||||
notes: Vulnerability to be fixed by vendor provided workaround. No user actions
|
notes: GE Gas Power is still validating the workaround provided by FoxGuard in
|
||||||
necessary. Contact GE for details.
|
Technical Information Notice – M1221-S01.
|
||||||
references:
|
references:
|
||||||
- ''
|
- ''
|
||||||
last_updated: '2021-12-22T00:00:00'
|
last_updated: '2021-12-22T00:00:00'
|
||||||
|
@ -35870,9 +35874,10 @@ software:
|
||||||
fixed_versions: []
|
fixed_versions: []
|
||||||
unaffected_versions: []
|
unaffected_versions: []
|
||||||
cve-2021-44228:
|
cve-2021-44228:
|
||||||
investigated: false
|
investigated: true
|
||||||
affected_versions: []
|
affected_versions: []
|
||||||
fixed_versions: []
|
fixed_versions:
|
||||||
|
- ''
|
||||||
unaffected_versions: []
|
unaffected_versions: []
|
||||||
cve-2021-45046:
|
cve-2021-45046:
|
||||||
investigated: false
|
investigated: false
|
||||||
|
@ -35885,11 +35890,13 @@ software:
|
||||||
fixed_versions: []
|
fixed_versions: []
|
||||||
unaffected_versions: []
|
unaffected_versions: []
|
||||||
vendor_links:
|
vendor_links:
|
||||||
- https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf
|
- https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf
|
||||||
notes: Vulnerability to be fixed by vendor provided workaround. No user actions
|
notes: GE Gas Power has tested and validated the component of the BSC 2.0 that
|
||||||
necessary. Contact GE for details
|
is impacted (McAfee SIEM 11.x). The update and instructions can be downloaded
|
||||||
|
from link in reference section. This update is available to customer only and
|
||||||
|
has not been reviewed by CISA.
|
||||||
references:
|
references:
|
||||||
- ''
|
- '[Customer Portal Update](https://gepowerpac.servicenow.com/kb_view.do?sysparm_article=KB0029420)'
|
||||||
last_updated: '2021-12-22T00:00:00'
|
last_updated: '2021-12-22T00:00:00'
|
||||||
- vendor: GE Gas Power
|
- vendor: GE Gas Power
|
||||||
product: Control Server
|
product: Control Server
|
||||||
|
@ -35900,8 +35907,9 @@ software:
|
||||||
fixed_versions: []
|
fixed_versions: []
|
||||||
unaffected_versions: []
|
unaffected_versions: []
|
||||||
cve-2021-44228:
|
cve-2021-44228:
|
||||||
investigated: false
|
investigated: true
|
||||||
affected_versions: []
|
affected_versions:
|
||||||
|
- ''
|
||||||
fixed_versions: []
|
fixed_versions: []
|
||||||
unaffected_versions: []
|
unaffected_versions: []
|
||||||
cve-2021-45046:
|
cve-2021-45046:
|
||||||
|
@ -35915,9 +35923,99 @@ software:
|
||||||
fixed_versions: []
|
fixed_versions: []
|
||||||
unaffected_versions: []
|
unaffected_versions: []
|
||||||
vendor_links:
|
vendor_links:
|
||||||
- https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf
|
- https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf
|
||||||
notes: The Control Server is Affected via vCenter. There is a fix for vCenter.
|
notes: Please see vCenter. Control Server is not directly impacted. It is impacted
|
||||||
Please see below. GE verifying the vCenter fix as proposed by the vendor.
|
through vCenter.
|
||||||
|
references:
|
||||||
|
- ''
|
||||||
|
last_updated: '2021-12-22T00:00:00'
|
||||||
|
- vendor: GE Gas Power
|
||||||
|
product: MyFleet
|
||||||
|
cves:
|
||||||
|
cve-2021-4104:
|
||||||
|
investigated: false
|
||||||
|
affected_versions: []
|
||||||
|
fixed_versions: []
|
||||||
|
unaffected_versions: []
|
||||||
|
cve-2021-44228:
|
||||||
|
investigated: true
|
||||||
|
affected_versions: []
|
||||||
|
fixed_versions:
|
||||||
|
- ''
|
||||||
|
unaffected_versions: []
|
||||||
|
cve-2021-45046:
|
||||||
|
investigated: false
|
||||||
|
affected_versions: []
|
||||||
|
fixed_versions: []
|
||||||
|
unaffected_versions: []
|
||||||
|
cve-2021-45105:
|
||||||
|
investigated: false
|
||||||
|
affected_versions: []
|
||||||
|
fixed_versions: []
|
||||||
|
unaffected_versions: []
|
||||||
|
vendor_links:
|
||||||
|
- https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf
|
||||||
|
notes: Vulnerability fixed. No user actions necessary. Updated to log4j 2.16
|
||||||
|
references:
|
||||||
|
- ''
|
||||||
|
last_updated: '2021-12-22T00:00:00'
|
||||||
|
- vendor: GE Gas Power
|
||||||
|
product: OPM Performance Intelligence
|
||||||
|
cves:
|
||||||
|
cve-2021-4104:
|
||||||
|
investigated: false
|
||||||
|
affected_versions: []
|
||||||
|
fixed_versions: []
|
||||||
|
unaffected_versions: []
|
||||||
|
cve-2021-44228:
|
||||||
|
investigated: true
|
||||||
|
affected_versions: []
|
||||||
|
fixed_versions:
|
||||||
|
- ''
|
||||||
|
unaffected_versions: []
|
||||||
|
cve-2021-45046:
|
||||||
|
investigated: false
|
||||||
|
affected_versions: []
|
||||||
|
fixed_versions: []
|
||||||
|
unaffected_versions: []
|
||||||
|
cve-2021-45105:
|
||||||
|
investigated: false
|
||||||
|
affected_versions: []
|
||||||
|
fixed_versions: []
|
||||||
|
unaffected_versions: []
|
||||||
|
vendor_links:
|
||||||
|
- https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf
|
||||||
|
notes: Vulnerability fixed. No user actions necessary. Updated to log4j 2.16
|
||||||
|
references:
|
||||||
|
- ''
|
||||||
|
last_updated: '2021-12-22T00:00:00'
|
||||||
|
- vendor: GE Gas Power
|
||||||
|
product: OPM Performance Planning
|
||||||
|
cves:
|
||||||
|
cve-2021-4104:
|
||||||
|
investigated: false
|
||||||
|
affected_versions: []
|
||||||
|
fixed_versions: []
|
||||||
|
unaffected_versions: []
|
||||||
|
cve-2021-44228:
|
||||||
|
investigated: true
|
||||||
|
affected_versions: []
|
||||||
|
fixed_versions:
|
||||||
|
- ''
|
||||||
|
unaffected_versions: []
|
||||||
|
cve-2021-45046:
|
||||||
|
investigated: false
|
||||||
|
affected_versions: []
|
||||||
|
fixed_versions: []
|
||||||
|
unaffected_versions: []
|
||||||
|
cve-2021-45105:
|
||||||
|
investigated: false
|
||||||
|
affected_versions: []
|
||||||
|
fixed_versions: []
|
||||||
|
unaffected_versions: []
|
||||||
|
vendor_links:
|
||||||
|
- https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf
|
||||||
|
notes: Vulnerability fixed. No user actions necessary. Updated to log4j 2.16
|
||||||
references:
|
references:
|
||||||
- ''
|
- ''
|
||||||
last_updated: '2021-12-22T00:00:00'
|
last_updated: '2021-12-22T00:00:00'
|
||||||
|
@ -35930,9 +36028,10 @@ software:
|
||||||
fixed_versions: []
|
fixed_versions: []
|
||||||
unaffected_versions: []
|
unaffected_versions: []
|
||||||
cve-2021-44228:
|
cve-2021-44228:
|
||||||
investigated: false
|
investigated: true
|
||||||
affected_versions: []
|
affected_versions: []
|
||||||
fixed_versions: []
|
fixed_versions:
|
||||||
|
- ''
|
||||||
unaffected_versions: []
|
unaffected_versions: []
|
||||||
cve-2021-45046:
|
cve-2021-45046:
|
||||||
investigated: false
|
investigated: false
|
||||||
|
@ -35945,11 +36044,43 @@ software:
|
||||||
fixed_versions: []
|
fixed_versions: []
|
||||||
unaffected_versions: []
|
unaffected_versions: []
|
||||||
vendor_links:
|
vendor_links:
|
||||||
- https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf
|
- https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf
|
||||||
notes: Vulnerability fixed. No user actions necessary. Updated to log4j 2.16
|
notes: Vulnerability fixed. No user actions necessary. Updated to log4j 2.16
|
||||||
references:
|
references:
|
||||||
- ''
|
- ''
|
||||||
last_updated: '2021-12-22T00:00:00'
|
last_updated: '2021-12-22T00:00:00'
|
||||||
|
- vendor: GE Gas Power
|
||||||
|
product: vCenter
|
||||||
|
cves:
|
||||||
|
cve-2021-4104:
|
||||||
|
investigated: false
|
||||||
|
affected_versions: []
|
||||||
|
fixed_versions: []
|
||||||
|
unaffected_versions: []
|
||||||
|
cve-2021-44228:
|
||||||
|
investigated: true
|
||||||
|
affected_versions: []
|
||||||
|
fixed_versions:
|
||||||
|
- ''
|
||||||
|
unaffected_versions: []
|
||||||
|
cve-2021-45046:
|
||||||
|
investigated: false
|
||||||
|
affected_versions: []
|
||||||
|
fixed_versions: []
|
||||||
|
unaffected_versions: []
|
||||||
|
cve-2021-45105:
|
||||||
|
investigated: false
|
||||||
|
affected_versions: []
|
||||||
|
fixed_versions: []
|
||||||
|
unaffected_versions: []
|
||||||
|
vendor_links:
|
||||||
|
- https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf
|
||||||
|
notes: GE Gas Power has tested and validated the update provided by Vmware. The
|
||||||
|
update and instructions can be downloaded from link in reference section. This
|
||||||
|
update is available to customer only and has not been reviewed by CISA.
|
||||||
|
references:
|
||||||
|
- '[Customer Portal Update](https://gepowerpac.servicenow.com/kb_view.do?sysparm_article=KB0029417)'
|
||||||
|
last_updated: '2021-12-22T00:00:00'
|
||||||
- vendor: GE Healthcare
|
- vendor: GE Healthcare
|
||||||
product: ''
|
product: ''
|
||||||
cves:
|
cves:
|
||||||
|
@ -40497,7 +40628,7 @@ software:
|
||||||
- ''
|
- ''
|
||||||
last_updated: '2021-12-21T00:00:00'
|
last_updated: '2021-12-21T00:00:00'
|
||||||
- vendor: Gradle
|
- vendor: Gradle
|
||||||
product: Gradle
|
product: All
|
||||||
cves:
|
cves:
|
||||||
cve-2021-4104:
|
cve-2021-4104:
|
||||||
investigated: false
|
investigated: false
|
||||||
|
@ -40505,10 +40636,11 @@ software:
|
||||||
fixed_versions: []
|
fixed_versions: []
|
||||||
unaffected_versions: []
|
unaffected_versions: []
|
||||||
cve-2021-44228:
|
cve-2021-44228:
|
||||||
investigated: false
|
investigated: true
|
||||||
affected_versions: []
|
affected_versions: []
|
||||||
fixed_versions: []
|
fixed_versions: []
|
||||||
unaffected_versions: []
|
unaffected_versions:
|
||||||
|
- ''
|
||||||
cve-2021-45046:
|
cve-2021-45046:
|
||||||
investigated: false
|
investigated: false
|
||||||
affected_versions: []
|
affected_versions: []
|
||||||
|
@ -40535,9 +40667,9 @@ software:
|
||||||
unaffected_versions: []
|
unaffected_versions: []
|
||||||
cve-2021-44228:
|
cve-2021-44228:
|
||||||
investigated: true
|
investigated: true
|
||||||
affected_versions:
|
affected_versions: []
|
||||||
|
fixed_versions:
|
||||||
- < 2021.3.6
|
- < 2021.3.6
|
||||||
fixed_versions: []
|
|
||||||
unaffected_versions: []
|
unaffected_versions: []
|
||||||
cve-2021-45046:
|
cve-2021-45046:
|
||||||
investigated: false
|
investigated: false
|
||||||
|
@ -40565,9 +40697,9 @@ software:
|
||||||
unaffected_versions: []
|
unaffected_versions: []
|
||||||
cve-2021-44228:
|
cve-2021-44228:
|
||||||
investigated: true
|
investigated: true
|
||||||
affected_versions:
|
affected_versions: []
|
||||||
|
fixed_versions:
|
||||||
- < 10.1
|
- < 10.1
|
||||||
fixed_versions: []
|
|
||||||
unaffected_versions: []
|
unaffected_versions: []
|
||||||
cve-2021-45046:
|
cve-2021-45046:
|
||||||
investigated: false
|
investigated: false
|
||||||
|
@ -40595,9 +40727,9 @@ software:
|
||||||
unaffected_versions: []
|
unaffected_versions: []
|
||||||
cve-2021-44228:
|
cve-2021-44228:
|
||||||
investigated: true
|
investigated: true
|
||||||
affected_versions:
|
affected_versions: []
|
||||||
|
fixed_versions:
|
||||||
- < 1.6.2
|
- < 1.6.2
|
||||||
fixed_versions: []
|
|
||||||
unaffected_versions: []
|
unaffected_versions: []
|
||||||
cve-2021-45046:
|
cve-2021-45046:
|
||||||
investigated: false
|
investigated: false
|
||||||
|
@ -40616,7 +40748,7 @@ software:
|
||||||
- ''
|
- ''
|
||||||
last_updated: '2022-01-12T07:18:50+00:00'
|
last_updated: '2022-01-12T07:18:50+00:00'
|
||||||
- vendor: Grafana
|
- vendor: Grafana
|
||||||
product: ''
|
product: All
|
||||||
cves:
|
cves:
|
||||||
cve-2021-4104:
|
cve-2021-4104:
|
||||||
investigated: false
|
investigated: false
|
||||||
|
@ -40624,10 +40756,11 @@ software:
|
||||||
fixed_versions: []
|
fixed_versions: []
|
||||||
unaffected_versions: []
|
unaffected_versions: []
|
||||||
cve-2021-44228:
|
cve-2021-44228:
|
||||||
investigated: false
|
investigated: true
|
||||||
affected_versions: []
|
affected_versions: []
|
||||||
fixed_versions: []
|
fixed_versions: []
|
||||||
unaffected_versions: []
|
unaffected_versions:
|
||||||
|
- ''
|
||||||
cve-2021-45046:
|
cve-2021-45046:
|
||||||
investigated: false
|
investigated: false
|
||||||
affected_versions: []
|
affected_versions: []
|
||||||
|
|
|
@ -90,8 +90,9 @@ software:
|
||||||
unaffected_versions: []
|
unaffected_versions: []
|
||||||
vendor_links:
|
vendor_links:
|
||||||
- https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf
|
- https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf
|
||||||
notes: GE Digital has fixed the log4j issue on the APM. Validation and test completed in development environment and the team is currently
|
notes: GE Digital has fixed the log4j issue on the APM. Validation and test completed
|
||||||
deploying the fixes in the production environment.
|
in development environment and the team is currently deploying the fixes in
|
||||||
|
the production environment.
|
||||||
references:
|
references:
|
||||||
- ''
|
- ''
|
||||||
last_updated: '2021-12-22T00:00:00'
|
last_updated: '2021-12-22T00:00:00'
|
||||||
|
@ -121,7 +122,8 @@ software:
|
||||||
unaffected_versions: []
|
unaffected_versions: []
|
||||||
vendor_links:
|
vendor_links:
|
||||||
- https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf
|
- https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf
|
||||||
notes: GE Gas Power is still validating the workaround provided by FoxGuard in Technical Information Notice – M1221-S01.
|
notes: GE Gas Power is still validating the workaround provided by FoxGuard in
|
||||||
|
Technical Information Notice – M1221-S01.
|
||||||
references:
|
references:
|
||||||
- ''
|
- ''
|
||||||
last_updated: '2021-12-22T00:00:00'
|
last_updated: '2021-12-22T00:00:00'
|
||||||
|
@ -151,9 +153,10 @@ software:
|
||||||
unaffected_versions: []
|
unaffected_versions: []
|
||||||
vendor_links:
|
vendor_links:
|
||||||
- https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf
|
- https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf
|
||||||
notes: GE Gas Power has tested and validated the component of the BSC 2.0 that is impacted (McAfee SIEM 11.x).
|
notes: GE Gas Power has tested and validated the component of the BSC 2.0 that
|
||||||
The update and instructions can be downloaded from link in reference section. This update is available to customer only and has not
|
is impacted (McAfee SIEM 11.x). The update and instructions can be downloaded
|
||||||
been reviewed by CISA.
|
from link in reference section. This update is available to customer only and
|
||||||
|
has not been reviewed by CISA.
|
||||||
references:
|
references:
|
||||||
- '[Customer Portal Update](https://gepowerpac.servicenow.com/kb_view.do?sysparm_article=KB0029420)'
|
- '[Customer Portal Update](https://gepowerpac.servicenow.com/kb_view.do?sysparm_article=KB0029420)'
|
||||||
last_updated: '2021-12-22T00:00:00'
|
last_updated: '2021-12-22T00:00:00'
|
||||||
|
@ -183,7 +186,8 @@ software:
|
||||||
unaffected_versions: []
|
unaffected_versions: []
|
||||||
vendor_links:
|
vendor_links:
|
||||||
- https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf
|
- https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf
|
||||||
notes: Please see vCenter. Control Server is not directly impacted. It is impacted through vCenter.
|
notes: Please see vCenter. Control Server is not directly impacted. It is impacted
|
||||||
|
through vCenter.
|
||||||
references:
|
references:
|
||||||
- ''
|
- ''
|
||||||
last_updated: '2021-12-22T00:00:00'
|
last_updated: '2021-12-22T00:00:00'
|
||||||
|
@ -333,9 +337,9 @@ software:
|
||||||
unaffected_versions: []
|
unaffected_versions: []
|
||||||
vendor_links:
|
vendor_links:
|
||||||
- https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf
|
- https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf
|
||||||
notes: GE Gas Power has tested and validated the update provided by Vmware.
|
notes: GE Gas Power has tested and validated the update provided by Vmware. The
|
||||||
The update and instructions can be downloaded from link in reference section. This update is available to customer only and has not
|
update and instructions can be downloaded from link in reference section. This
|
||||||
been reviewed by CISA.
|
update is available to customer only and has not been reviewed by CISA.
|
||||||
references:
|
references:
|
||||||
- '[Customer Portal Update](https://gepowerpac.servicenow.com/kb_view.do?sysparm_article=KB0029417)'
|
- '[Customer Portal Update](https://gepowerpac.servicenow.com/kb_view.do?sysparm_article=KB0029417)'
|
||||||
last_updated: '2021-12-22T00:00:00'
|
last_updated: '2021-12-22T00:00:00'
|
||||||
|
@ -4927,7 +4931,7 @@ software:
|
||||||
investigated: true
|
investigated: true
|
||||||
affected_versions: []
|
affected_versions: []
|
||||||
fixed_versions:
|
fixed_versions:
|
||||||
- '< 2021.3.6'
|
- < 2021.3.6
|
||||||
unaffected_versions: []
|
unaffected_versions: []
|
||||||
cve-2021-45046:
|
cve-2021-45046:
|
||||||
investigated: false
|
investigated: false
|
||||||
|
@ -4957,7 +4961,7 @@ software:
|
||||||
investigated: true
|
investigated: true
|
||||||
affected_versions: []
|
affected_versions: []
|
||||||
fixed_versions:
|
fixed_versions:
|
||||||
- '< 10.1'
|
- < 10.1
|
||||||
unaffected_versions: []
|
unaffected_versions: []
|
||||||
cve-2021-45046:
|
cve-2021-45046:
|
||||||
investigated: false
|
investigated: false
|
||||||
|
@ -4987,7 +4991,7 @@ software:
|
||||||
investigated: true
|
investigated: true
|
||||||
affected_versions: []
|
affected_versions: []
|
||||||
fixed_versions:
|
fixed_versions:
|
||||||
- '< 1.6.2'
|
- < 1.6.2
|
||||||
unaffected_versions: []
|
unaffected_versions: []
|
||||||
cve-2021-45046:
|
cve-2021-45046:
|
||||||
investigated: false
|
investigated: false
|
||||||
|
|
Loading…
Reference in a new issue