r3pek
/
log4j-affected-db
mirror of https://github.com/cisagov/log4j-affected-db
1
0
Fork 0
Code Releases Activity

Merge pull request #489 from cisagov/update-G

Browse Source 
Add GE Gas Products, Gradle, etc.
pull/490/head
justmurphy 2 years ago committed by GitHub
parent 5c201af293 cbd05057c6
commit 19549346bb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 164 additions and 35 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 199
      data/cisagov_G.yml

199
data/cisagov_G.yml
Unescape View File

@ -5,7 +5,7 @@ owners:
url: https://github.com/cisagov/log4j-affected-db
software:
- vendor: GE Digital
product: ''
product: All
cves:
cve-2021-4104:
investigated: false
@ -35,7 +35,7 @@ software:
- ''
last_updated: '2021-12-22T00:00:00'
- vendor: GE Digital Grid
product: ''
product: All
cves:
cve-2021-4104:
investigated: false
@ -73,9 +73,10 @@ software:
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
investigated: true
affected_versions: []
fixed_versions: []
fixed_versions:
- ''
unaffected_versions: []
cve-2021-45046:
investigated: false
@ -88,8 +89,9 @@ software:
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf
notes: GE verifying workaround.
- https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf
notes: GE Digital has fixed the log4j issue on the APM. Validation and test completed in development environment and the team is currently
deploying the fixes in the production environment.
references:
- ''
last_updated: '2021-12-22T00:00:00'
@ -102,8 +104,9 @@ software:
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions: []
investigated: true
affected_versions:
- ''
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
@ -117,9 +120,8 @@ software:
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf
notes: Vulnerability to be fixed by vendor provided workaround. No user actions
necessary. Contact GE for details.
- https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf
notes: GE Gas Power is still validating the workaround provided by FoxGuard in Technical Information Notice – M1221-S01.
references:
- ''
last_updated: '2021-12-22T00:00:00'
@ -132,10 +134,43 @@ software:
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions:
- ''
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf
notes: GE Gas Power has tested and validated the component of the BSC 2.0 that is impacted (McAfee SIEM 11.x).
The update and instructions can be downloaded from link in reference section. This update is available to customer only and has not
been reviewed by CISA.
references:
- '[Customer Portal Update](https://gepowerpac.servicenow.com/kb_view.do?sysparm_article=KB0029420)'
last_updated: '2021-12-22T00:00:00'
- vendor: GE Gas Power
product: Control Server
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions:
- ''
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
@ -147,14 +182,13 @@ software:
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf
notes: Vulnerability to be fixed by vendor provided workaround. No user actions
necessary. Contact GE for details
- https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf
notes: Please see vCenter. Control Server is not directly impacted. It is impacted through vCenter.
references:
- ''
last_updated: '2021-12-22T00:00:00'
- vendor: GE Gas Power
product: Control Server
product: MyFleet
cves:
cve-2021-4104:
investigated: false
@ -162,10 +196,41 @@ software:
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions:
- ''
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf
notes: Vulnerability fixed. No user actions necessary. Updated to log4j 2.16
references:
- ''
last_updated: '2021-12-22T00:00:00'
- vendor: GE Gas Power
product: OPM Performance Intelligence
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions:
- ''
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
@ -177,14 +242,13 @@ software:
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf
notes: The Control Server is Affected via vCenter. There is a fix for vCenter.
Please see below. GE verifying the vCenter fix as proposed by the vendor.
- https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf
notes: Vulnerability fixed. No user actions necessary. Updated to log4j 2.16
references:
- ''
last_updated: '2021-12-22T00:00:00'
- vendor: GE Gas Power
product: Tag Mapping Service
product: OPM Performance Planning
cves:
cve-2021-4104:
investigated: false
@ -192,10 +256,41 @@ software:
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions:
- ''
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf
notes: Vulnerability fixed. No user actions necessary. Updated to log4j 2.16
references:
- ''
last_updated: '2021-12-22T00:00:00'
- vendor: GE Gas Power
product: Tag Mapping Service
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions:
- ''
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
@ -207,11 +302,43 @@ software:
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf
- https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf
notes: Vulnerability fixed. No user actions necessary. Updated to log4j 2.16
references:
- ''
last_updated: '2021-12-22T00:00:00'
- vendor: GE Gas Power
product: vCenter
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions:
- ''
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf
notes: GE Gas Power has tested and validated the update provided by Vmware.
The update and instructions can be downloaded from link in reference section. This update is available to customer only and has not
been reviewed by CISA.
references:
- '[Customer Portal Update](https://gepowerpac.servicenow.com/kb_view.do?sysparm_article=KB0029417)'
last_updated: '2021-12-22T00:00:00'
- vendor: GE Healthcare
product: ''
cves:
@ -4759,7 +4886,7 @@ software:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Gradle
product: Gradle
product: All
cves:
cve-2021-4104:
investigated: false
@ -4767,10 +4894,11 @@ software:
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
@ -4797,9 +4925,9 @@ software:
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions:
- < 2021.3.6
fixed_versions: []
affected_versions: []
fixed_versions:
- '< 2021.3.6'
unaffected_versions: []
cve-2021-45046:
investigated: false
@ -4827,9 +4955,9 @@ software:
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions:
- < 10.1
fixed_versions: []
affected_versions: []
fixed_versions:
- '< 10.1'
unaffected_versions: []
cve-2021-45046:
investigated: false
@ -4857,9 +4985,9 @@ software:
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions:
- < 1.6.2
fixed_versions: []
affected_versions: []
fixed_versions:
- '< 1.6.2'
unaffected_versions: []
cve-2021-45046:
investigated: false
@ -4878,7 +5006,7 @@ software:
- ''
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Grafana
product: ''
product: All
cves:
cve-2021-4104:
investigated: false
@ -4886,10 +5014,11 @@ software:
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []

Write Preview
Loading…
Cancel
Save