mirror of
https://github.com/cisagov/log4j-affected-db.git
synced 2024-11-25 18:00:48 +00:00
Merge pull request #489 from cisagov/update-G
Add GE Gas Products, Gradle, etc.
This commit is contained in:
commit
19549346bb
1 changed files with 169 additions and 40 deletions
|
@ -5,7 +5,7 @@ owners:
|
||||||
url: https://github.com/cisagov/log4j-affected-db
|
url: https://github.com/cisagov/log4j-affected-db
|
||||||
software:
|
software:
|
||||||
- vendor: GE Digital
|
- vendor: GE Digital
|
||||||
product: ''
|
product: All
|
||||||
cves:
|
cves:
|
||||||
cve-2021-4104:
|
cve-2021-4104:
|
||||||
investigated: false
|
investigated: false
|
||||||
|
@ -35,7 +35,7 @@ software:
|
||||||
- ''
|
- ''
|
||||||
last_updated: '2021-12-22T00:00:00'
|
last_updated: '2021-12-22T00:00:00'
|
||||||
- vendor: GE Digital Grid
|
- vendor: GE Digital Grid
|
||||||
product: ''
|
product: All
|
||||||
cves:
|
cves:
|
||||||
cve-2021-4104:
|
cve-2021-4104:
|
||||||
investigated: false
|
investigated: false
|
||||||
|
@ -73,9 +73,10 @@ software:
|
||||||
fixed_versions: []
|
fixed_versions: []
|
||||||
unaffected_versions: []
|
unaffected_versions: []
|
||||||
cve-2021-44228:
|
cve-2021-44228:
|
||||||
investigated: false
|
investigated: true
|
||||||
affected_versions: []
|
affected_versions: []
|
||||||
fixed_versions: []
|
fixed_versions:
|
||||||
|
- ''
|
||||||
unaffected_versions: []
|
unaffected_versions: []
|
||||||
cve-2021-45046:
|
cve-2021-45046:
|
||||||
investigated: false
|
investigated: false
|
||||||
|
@ -88,8 +89,9 @@ software:
|
||||||
fixed_versions: []
|
fixed_versions: []
|
||||||
unaffected_versions: []
|
unaffected_versions: []
|
||||||
vendor_links:
|
vendor_links:
|
||||||
- https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf
|
- https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf
|
||||||
notes: GE verifying workaround.
|
notes: GE Digital has fixed the log4j issue on the APM. Validation and test completed in development environment and the team is currently
|
||||||
|
deploying the fixes in the production environment.
|
||||||
references:
|
references:
|
||||||
- ''
|
- ''
|
||||||
last_updated: '2021-12-22T00:00:00'
|
last_updated: '2021-12-22T00:00:00'
|
||||||
|
@ -102,8 +104,9 @@ software:
|
||||||
fixed_versions: []
|
fixed_versions: []
|
||||||
unaffected_versions: []
|
unaffected_versions: []
|
||||||
cve-2021-44228:
|
cve-2021-44228:
|
||||||
investigated: false
|
investigated: true
|
||||||
affected_versions: []
|
affected_versions:
|
||||||
|
- ''
|
||||||
fixed_versions: []
|
fixed_versions: []
|
||||||
unaffected_versions: []
|
unaffected_versions: []
|
||||||
cve-2021-45046:
|
cve-2021-45046:
|
||||||
|
@ -117,9 +120,8 @@ software:
|
||||||
fixed_versions: []
|
fixed_versions: []
|
||||||
unaffected_versions: []
|
unaffected_versions: []
|
||||||
vendor_links:
|
vendor_links:
|
||||||
- https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf
|
- https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf
|
||||||
notes: Vulnerability to be fixed by vendor provided workaround. No user actions
|
notes: GE Gas Power is still validating the workaround provided by FoxGuard in Technical Information Notice – M1221-S01.
|
||||||
necessary. Contact GE for details.
|
|
||||||
references:
|
references:
|
||||||
- ''
|
- ''
|
||||||
last_updated: '2021-12-22T00:00:00'
|
last_updated: '2021-12-22T00:00:00'
|
||||||
|
@ -132,9 +134,10 @@ software:
|
||||||
fixed_versions: []
|
fixed_versions: []
|
||||||
unaffected_versions: []
|
unaffected_versions: []
|
||||||
cve-2021-44228:
|
cve-2021-44228:
|
||||||
investigated: false
|
investigated: true
|
||||||
affected_versions: []
|
affected_versions: []
|
||||||
fixed_versions: []
|
fixed_versions:
|
||||||
|
- ''
|
||||||
unaffected_versions: []
|
unaffected_versions: []
|
||||||
cve-2021-45046:
|
cve-2021-45046:
|
||||||
investigated: false
|
investigated: false
|
||||||
|
@ -147,11 +150,12 @@ software:
|
||||||
fixed_versions: []
|
fixed_versions: []
|
||||||
unaffected_versions: []
|
unaffected_versions: []
|
||||||
vendor_links:
|
vendor_links:
|
||||||
- https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf
|
- https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf
|
||||||
notes: Vulnerability to be fixed by vendor provided workaround. No user actions
|
notes: GE Gas Power has tested and validated the component of the BSC 2.0 that is impacted (McAfee SIEM 11.x).
|
||||||
necessary. Contact GE for details
|
The update and instructions can be downloaded from link in reference section. This update is available to customer only and has not
|
||||||
|
been reviewed by CISA.
|
||||||
references:
|
references:
|
||||||
- ''
|
- '[Customer Portal Update](https://gepowerpac.servicenow.com/kb_view.do?sysparm_article=KB0029420)'
|
||||||
last_updated: '2021-12-22T00:00:00'
|
last_updated: '2021-12-22T00:00:00'
|
||||||
- vendor: GE Gas Power
|
- vendor: GE Gas Power
|
||||||
product: Control Server
|
product: Control Server
|
||||||
|
@ -162,8 +166,9 @@ software:
|
||||||
fixed_versions: []
|
fixed_versions: []
|
||||||
unaffected_versions: []
|
unaffected_versions: []
|
||||||
cve-2021-44228:
|
cve-2021-44228:
|
||||||
investigated: false
|
investigated: true
|
||||||
affected_versions: []
|
affected_versions:
|
||||||
|
- ''
|
||||||
fixed_versions: []
|
fixed_versions: []
|
||||||
unaffected_versions: []
|
unaffected_versions: []
|
||||||
cve-2021-45046:
|
cve-2021-45046:
|
||||||
|
@ -177,9 +182,98 @@ software:
|
||||||
fixed_versions: []
|
fixed_versions: []
|
||||||
unaffected_versions: []
|
unaffected_versions: []
|
||||||
vendor_links:
|
vendor_links:
|
||||||
- https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf
|
- https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf
|
||||||
notes: The Control Server is Affected via vCenter. There is a fix for vCenter.
|
notes: Please see vCenter. Control Server is not directly impacted. It is impacted through vCenter.
|
||||||
Please see below. GE verifying the vCenter fix as proposed by the vendor.
|
references:
|
||||||
|
- ''
|
||||||
|
last_updated: '2021-12-22T00:00:00'
|
||||||
|
- vendor: GE Gas Power
|
||||||
|
product: MyFleet
|
||||||
|
cves:
|
||||||
|
cve-2021-4104:
|
||||||
|
investigated: false
|
||||||
|
affected_versions: []
|
||||||
|
fixed_versions: []
|
||||||
|
unaffected_versions: []
|
||||||
|
cve-2021-44228:
|
||||||
|
investigated: true
|
||||||
|
affected_versions: []
|
||||||
|
fixed_versions:
|
||||||
|
- ''
|
||||||
|
unaffected_versions: []
|
||||||
|
cve-2021-45046:
|
||||||
|
investigated: false
|
||||||
|
affected_versions: []
|
||||||
|
fixed_versions: []
|
||||||
|
unaffected_versions: []
|
||||||
|
cve-2021-45105:
|
||||||
|
investigated: false
|
||||||
|
affected_versions: []
|
||||||
|
fixed_versions: []
|
||||||
|
unaffected_versions: []
|
||||||
|
vendor_links:
|
||||||
|
- https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf
|
||||||
|
notes: Vulnerability fixed. No user actions necessary. Updated to log4j 2.16
|
||||||
|
references:
|
||||||
|
- ''
|
||||||
|
last_updated: '2021-12-22T00:00:00'
|
||||||
|
- vendor: GE Gas Power
|
||||||
|
product: OPM Performance Intelligence
|
||||||
|
cves:
|
||||||
|
cve-2021-4104:
|
||||||
|
investigated: false
|
||||||
|
affected_versions: []
|
||||||
|
fixed_versions: []
|
||||||
|
unaffected_versions: []
|
||||||
|
cve-2021-44228:
|
||||||
|
investigated: true
|
||||||
|
affected_versions: []
|
||||||
|
fixed_versions:
|
||||||
|
- ''
|
||||||
|
unaffected_versions: []
|
||||||
|
cve-2021-45046:
|
||||||
|
investigated: false
|
||||||
|
affected_versions: []
|
||||||
|
fixed_versions: []
|
||||||
|
unaffected_versions: []
|
||||||
|
cve-2021-45105:
|
||||||
|
investigated: false
|
||||||
|
affected_versions: []
|
||||||
|
fixed_versions: []
|
||||||
|
unaffected_versions: []
|
||||||
|
vendor_links:
|
||||||
|
- https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf
|
||||||
|
notes: Vulnerability fixed. No user actions necessary. Updated to log4j 2.16
|
||||||
|
references:
|
||||||
|
- ''
|
||||||
|
last_updated: '2021-12-22T00:00:00'
|
||||||
|
- vendor: GE Gas Power
|
||||||
|
product: OPM Performance Planning
|
||||||
|
cves:
|
||||||
|
cve-2021-4104:
|
||||||
|
investigated: false
|
||||||
|
affected_versions: []
|
||||||
|
fixed_versions: []
|
||||||
|
unaffected_versions: []
|
||||||
|
cve-2021-44228:
|
||||||
|
investigated: true
|
||||||
|
affected_versions: []
|
||||||
|
fixed_versions:
|
||||||
|
- ''
|
||||||
|
unaffected_versions: []
|
||||||
|
cve-2021-45046:
|
||||||
|
investigated: false
|
||||||
|
affected_versions: []
|
||||||
|
fixed_versions: []
|
||||||
|
unaffected_versions: []
|
||||||
|
cve-2021-45105:
|
||||||
|
investigated: false
|
||||||
|
affected_versions: []
|
||||||
|
fixed_versions: []
|
||||||
|
unaffected_versions: []
|
||||||
|
vendor_links:
|
||||||
|
- https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf
|
||||||
|
notes: Vulnerability fixed. No user actions necessary. Updated to log4j 2.16
|
||||||
references:
|
references:
|
||||||
- ''
|
- ''
|
||||||
last_updated: '2021-12-22T00:00:00'
|
last_updated: '2021-12-22T00:00:00'
|
||||||
|
@ -192,9 +286,10 @@ software:
|
||||||
fixed_versions: []
|
fixed_versions: []
|
||||||
unaffected_versions: []
|
unaffected_versions: []
|
||||||
cve-2021-44228:
|
cve-2021-44228:
|
||||||
investigated: false
|
investigated: true
|
||||||
affected_versions: []
|
affected_versions: []
|
||||||
fixed_versions: []
|
fixed_versions:
|
||||||
|
- ''
|
||||||
unaffected_versions: []
|
unaffected_versions: []
|
||||||
cve-2021-45046:
|
cve-2021-45046:
|
||||||
investigated: false
|
investigated: false
|
||||||
|
@ -207,11 +302,43 @@ software:
|
||||||
fixed_versions: []
|
fixed_versions: []
|
||||||
unaffected_versions: []
|
unaffected_versions: []
|
||||||
vendor_links:
|
vendor_links:
|
||||||
- https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf
|
- https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf
|
||||||
notes: Vulnerability fixed. No user actions necessary. Updated to log4j 2.16
|
notes: Vulnerability fixed. No user actions necessary. Updated to log4j 2.16
|
||||||
references:
|
references:
|
||||||
- ''
|
- ''
|
||||||
last_updated: '2021-12-22T00:00:00'
|
last_updated: '2021-12-22T00:00:00'
|
||||||
|
- vendor: GE Gas Power
|
||||||
|
product: vCenter
|
||||||
|
cves:
|
||||||
|
cve-2021-4104:
|
||||||
|
investigated: false
|
||||||
|
affected_versions: []
|
||||||
|
fixed_versions: []
|
||||||
|
unaffected_versions: []
|
||||||
|
cve-2021-44228:
|
||||||
|
investigated: true
|
||||||
|
affected_versions: []
|
||||||
|
fixed_versions:
|
||||||
|
- ''
|
||||||
|
unaffected_versions: []
|
||||||
|
cve-2021-45046:
|
||||||
|
investigated: false
|
||||||
|
affected_versions: []
|
||||||
|
fixed_versions: []
|
||||||
|
unaffected_versions: []
|
||||||
|
cve-2021-45105:
|
||||||
|
investigated: false
|
||||||
|
affected_versions: []
|
||||||
|
fixed_versions: []
|
||||||
|
unaffected_versions: []
|
||||||
|
vendor_links:
|
||||||
|
- https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf
|
||||||
|
notes: GE Gas Power has tested and validated the update provided by Vmware.
|
||||||
|
The update and instructions can be downloaded from link in reference section. This update is available to customer only and has not
|
||||||
|
been reviewed by CISA.
|
||||||
|
references:
|
||||||
|
- '[Customer Portal Update](https://gepowerpac.servicenow.com/kb_view.do?sysparm_article=KB0029417)'
|
||||||
|
last_updated: '2021-12-22T00:00:00'
|
||||||
- vendor: GE Healthcare
|
- vendor: GE Healthcare
|
||||||
product: ''
|
product: ''
|
||||||
cves:
|
cves:
|
||||||
|
@ -4759,7 +4886,7 @@ software:
|
||||||
- ''
|
- ''
|
||||||
last_updated: '2021-12-21T00:00:00'
|
last_updated: '2021-12-21T00:00:00'
|
||||||
- vendor: Gradle
|
- vendor: Gradle
|
||||||
product: Gradle
|
product: All
|
||||||
cves:
|
cves:
|
||||||
cve-2021-4104:
|
cve-2021-4104:
|
||||||
investigated: false
|
investigated: false
|
||||||
|
@ -4767,10 +4894,11 @@ software:
|
||||||
fixed_versions: []
|
fixed_versions: []
|
||||||
unaffected_versions: []
|
unaffected_versions: []
|
||||||
cve-2021-44228:
|
cve-2021-44228:
|
||||||
investigated: false
|
investigated: true
|
||||||
affected_versions: []
|
affected_versions: []
|
||||||
fixed_versions: []
|
fixed_versions: []
|
||||||
unaffected_versions: []
|
unaffected_versions:
|
||||||
|
- ''
|
||||||
cve-2021-45046:
|
cve-2021-45046:
|
||||||
investigated: false
|
investigated: false
|
||||||
affected_versions: []
|
affected_versions: []
|
||||||
|
@ -4797,9 +4925,9 @@ software:
|
||||||
unaffected_versions: []
|
unaffected_versions: []
|
||||||
cve-2021-44228:
|
cve-2021-44228:
|
||||||
investigated: true
|
investigated: true
|
||||||
affected_versions:
|
affected_versions: []
|
||||||
- < 2021.3.6
|
fixed_versions:
|
||||||
fixed_versions: []
|
- '< 2021.3.6'
|
||||||
unaffected_versions: []
|
unaffected_versions: []
|
||||||
cve-2021-45046:
|
cve-2021-45046:
|
||||||
investigated: false
|
investigated: false
|
||||||
|
@ -4827,9 +4955,9 @@ software:
|
||||||
unaffected_versions: []
|
unaffected_versions: []
|
||||||
cve-2021-44228:
|
cve-2021-44228:
|
||||||
investigated: true
|
investigated: true
|
||||||
affected_versions:
|
affected_versions: []
|
||||||
- < 10.1
|
fixed_versions:
|
||||||
fixed_versions: []
|
- '< 10.1'
|
||||||
unaffected_versions: []
|
unaffected_versions: []
|
||||||
cve-2021-45046:
|
cve-2021-45046:
|
||||||
investigated: false
|
investigated: false
|
||||||
|
@ -4857,9 +4985,9 @@ software:
|
||||||
unaffected_versions: []
|
unaffected_versions: []
|
||||||
cve-2021-44228:
|
cve-2021-44228:
|
||||||
investigated: true
|
investigated: true
|
||||||
affected_versions:
|
affected_versions: []
|
||||||
- < 1.6.2
|
fixed_versions:
|
||||||
fixed_versions: []
|
- '< 1.6.2'
|
||||||
unaffected_versions: []
|
unaffected_versions: []
|
||||||
cve-2021-45046:
|
cve-2021-45046:
|
||||||
investigated: false
|
investigated: false
|
||||||
|
@ -4878,7 +5006,7 @@ software:
|
||||||
- ''
|
- ''
|
||||||
last_updated: '2022-01-12T07:18:50+00:00'
|
last_updated: '2022-01-12T07:18:50+00:00'
|
||||||
- vendor: Grafana
|
- vendor: Grafana
|
||||||
product: ''
|
product: All
|
||||||
cves:
|
cves:
|
||||||
cve-2021-4104:
|
cve-2021-4104:
|
||||||
investigated: false
|
investigated: false
|
||||||
|
@ -4886,10 +5014,11 @@ software:
|
||||||
fixed_versions: []
|
fixed_versions: []
|
||||||
unaffected_versions: []
|
unaffected_versions: []
|
||||||
cve-2021-44228:
|
cve-2021-44228:
|
||||||
investigated: false
|
investigated: true
|
||||||
affected_versions: []
|
affected_versions: []
|
||||||
fixed_versions: []
|
fixed_versions: []
|
||||||
unaffected_versions: []
|
unaffected_versions:
|
||||||
|
- ''
|
||||||
cve-2021-45046:
|
cve-2021-45046:
|
||||||
investigated: false
|
investigated: false
|
||||||
affected_versions: []
|
affected_versions: []
|
||||||
|
|
Loading…
Reference in a new issue