1
0
Fork 0
mirror of https://github.com/cisagov/log4j-affected-db.git synced 2024-11-25 09:50:47 +00:00

Merge pull request #489 from cisagov/update-G

Add GE Gas Products, Gradle, etc.
This commit is contained in:
justmurphy 2022-02-02 16:01:15 -05:00 committed by GitHub
commit 19549346bb
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -5,7 +5,7 @@ owners:
url: https://github.com/cisagov/log4j-affected-db url: https://github.com/cisagov/log4j-affected-db
software: software:
- vendor: GE Digital - vendor: GE Digital
product: '' product: All
cves: cves:
cve-2021-4104: cve-2021-4104:
investigated: false investigated: false
@ -35,7 +35,7 @@ software:
- '' - ''
last_updated: '2021-12-22T00:00:00' last_updated: '2021-12-22T00:00:00'
- vendor: GE Digital Grid - vendor: GE Digital Grid
product: '' product: All
cves: cves:
cve-2021-4104: cve-2021-4104:
investigated: false investigated: false
@ -73,9 +73,10 @@ software:
fixed_versions: [] fixed_versions: []
unaffected_versions: [] unaffected_versions: []
cve-2021-44228: cve-2021-44228:
investigated: false investigated: true
affected_versions: [] affected_versions: []
fixed_versions: [] fixed_versions:
- ''
unaffected_versions: [] unaffected_versions: []
cve-2021-45046: cve-2021-45046:
investigated: false investigated: false
@ -88,8 +89,9 @@ software:
fixed_versions: [] fixed_versions: []
unaffected_versions: [] unaffected_versions: []
vendor_links: vendor_links:
- https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf
notes: GE verifying workaround. notes: GE Digital has fixed the log4j issue on the APM. Validation and test completed in development environment and the team is currently
deploying the fixes in the production environment.
references: references:
- '' - ''
last_updated: '2021-12-22T00:00:00' last_updated: '2021-12-22T00:00:00'
@ -102,8 +104,9 @@ software:
fixed_versions: [] fixed_versions: []
unaffected_versions: [] unaffected_versions: []
cve-2021-44228: cve-2021-44228:
investigated: false investigated: true
affected_versions: [] affected_versions:
- ''
fixed_versions: [] fixed_versions: []
unaffected_versions: [] unaffected_versions: []
cve-2021-45046: cve-2021-45046:
@ -117,9 +120,8 @@ software:
fixed_versions: [] fixed_versions: []
unaffected_versions: [] unaffected_versions: []
vendor_links: vendor_links:
- https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf
notes: Vulnerability to be fixed by vendor provided workaround. No user actions notes: GE Gas Power is still validating the workaround provided by FoxGuard in Technical Information Notice M1221-S01.
necessary. Contact GE for details.
references: references:
- '' - ''
last_updated: '2021-12-22T00:00:00' last_updated: '2021-12-22T00:00:00'
@ -132,9 +134,10 @@ software:
fixed_versions: [] fixed_versions: []
unaffected_versions: [] unaffected_versions: []
cve-2021-44228: cve-2021-44228:
investigated: false investigated: true
affected_versions: [] affected_versions: []
fixed_versions: [] fixed_versions:
- ''
unaffected_versions: [] unaffected_versions: []
cve-2021-45046: cve-2021-45046:
investigated: false investigated: false
@ -147,11 +150,12 @@ software:
fixed_versions: [] fixed_versions: []
unaffected_versions: [] unaffected_versions: []
vendor_links: vendor_links:
- https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf
notes: Vulnerability to be fixed by vendor provided workaround. No user actions notes: GE Gas Power has tested and validated the component of the BSC 2.0 that is impacted (McAfee SIEM 11.x).
necessary. Contact GE for details The update and instructions can be downloaded from link in reference section. This update is available to customer only and has not
been reviewed by CISA.
references: references:
- '' - '[Customer Portal Update](https://gepowerpac.servicenow.com/kb_view.do?sysparm_article=KB0029420)'
last_updated: '2021-12-22T00:00:00' last_updated: '2021-12-22T00:00:00'
- vendor: GE Gas Power - vendor: GE Gas Power
product: Control Server product: Control Server
@ -162,8 +166,9 @@ software:
fixed_versions: [] fixed_versions: []
unaffected_versions: [] unaffected_versions: []
cve-2021-44228: cve-2021-44228:
investigated: false investigated: true
affected_versions: [] affected_versions:
- ''
fixed_versions: [] fixed_versions: []
unaffected_versions: [] unaffected_versions: []
cve-2021-45046: cve-2021-45046:
@ -177,9 +182,98 @@ software:
fixed_versions: [] fixed_versions: []
unaffected_versions: [] unaffected_versions: []
vendor_links: vendor_links:
- https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf
notes: The Control Server is Affected via vCenter. There is a fix for vCenter. notes: Please see vCenter. Control Server is not directly impacted. It is impacted through vCenter.
Please see below. GE verifying the vCenter fix as proposed by the vendor. references:
- ''
last_updated: '2021-12-22T00:00:00'
- vendor: GE Gas Power
product: MyFleet
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions:
- ''
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf
notes: Vulnerability fixed. No user actions necessary. Updated to log4j 2.16
references:
- ''
last_updated: '2021-12-22T00:00:00'
- vendor: GE Gas Power
product: OPM Performance Intelligence
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions:
- ''
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf
notes: Vulnerability fixed. No user actions necessary. Updated to log4j 2.16
references:
- ''
last_updated: '2021-12-22T00:00:00'
- vendor: GE Gas Power
product: OPM Performance Planning
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions:
- ''
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf
notes: Vulnerability fixed. No user actions necessary. Updated to log4j 2.16
references: references:
- '' - ''
last_updated: '2021-12-22T00:00:00' last_updated: '2021-12-22T00:00:00'
@ -192,9 +286,10 @@ software:
fixed_versions: [] fixed_versions: []
unaffected_versions: [] unaffected_versions: []
cve-2021-44228: cve-2021-44228:
investigated: false investigated: true
affected_versions: [] affected_versions: []
fixed_versions: [] fixed_versions:
- ''
unaffected_versions: [] unaffected_versions: []
cve-2021-45046: cve-2021-45046:
investigated: false investigated: false
@ -207,11 +302,43 @@ software:
fixed_versions: [] fixed_versions: []
unaffected_versions: [] unaffected_versions: []
vendor_links: vendor_links:
- https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf
notes: Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 notes: Vulnerability fixed. No user actions necessary. Updated to log4j 2.16
references: references:
- '' - ''
last_updated: '2021-12-22T00:00:00' last_updated: '2021-12-22T00:00:00'
- vendor: GE Gas Power
product: vCenter
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions:
- ''
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf
notes: GE Gas Power has tested and validated the update provided by Vmware.
The update and instructions can be downloaded from link in reference section. This update is available to customer only and has not
been reviewed by CISA.
references:
- '[Customer Portal Update](https://gepowerpac.servicenow.com/kb_view.do?sysparm_article=KB0029417)'
last_updated: '2021-12-22T00:00:00'
- vendor: GE Healthcare - vendor: GE Healthcare
product: '' product: ''
cves: cves:
@ -4759,7 +4886,7 @@ software:
- '' - ''
last_updated: '2021-12-21T00:00:00' last_updated: '2021-12-21T00:00:00'
- vendor: Gradle - vendor: Gradle
product: Gradle product: All
cves: cves:
cve-2021-4104: cve-2021-4104:
investigated: false investigated: false
@ -4767,10 +4894,11 @@ software:
fixed_versions: [] fixed_versions: []
unaffected_versions: [] unaffected_versions: []
cve-2021-44228: cve-2021-44228:
investigated: false investigated: true
affected_versions: [] affected_versions: []
fixed_versions: [] fixed_versions: []
unaffected_versions: [] unaffected_versions:
- ''
cve-2021-45046: cve-2021-45046:
investigated: false investigated: false
affected_versions: [] affected_versions: []
@ -4797,9 +4925,9 @@ software:
unaffected_versions: [] unaffected_versions: []
cve-2021-44228: cve-2021-44228:
investigated: true investigated: true
affected_versions: affected_versions: []
- < 2021.3.6 fixed_versions:
fixed_versions: [] - '< 2021.3.6'
unaffected_versions: [] unaffected_versions: []
cve-2021-45046: cve-2021-45046:
investigated: false investigated: false
@ -4827,9 +4955,9 @@ software:
unaffected_versions: [] unaffected_versions: []
cve-2021-44228: cve-2021-44228:
investigated: true investigated: true
affected_versions: affected_versions: []
- < 10.1 fixed_versions:
fixed_versions: [] - '< 10.1'
unaffected_versions: [] unaffected_versions: []
cve-2021-45046: cve-2021-45046:
investigated: false investigated: false
@ -4857,9 +4985,9 @@ software:
unaffected_versions: [] unaffected_versions: []
cve-2021-44228: cve-2021-44228:
investigated: true investigated: true
affected_versions: affected_versions: []
- < 1.6.2 fixed_versions:
fixed_versions: [] - '< 1.6.2'
unaffected_versions: [] unaffected_versions: []
cve-2021-45046: cve-2021-45046:
investigated: false investigated: false
@ -4878,7 +5006,7 @@ software:
- '' - ''
last_updated: '2022-01-12T07:18:50+00:00' last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Grafana - vendor: Grafana
product: '' product: All
cves: cves:
cve-2021-4104: cve-2021-4104:
investigated: false investigated: false
@ -4886,10 +5014,11 @@ software:
fixed_versions: [] fixed_versions: []
unaffected_versions: [] unaffected_versions: []
cve-2021-44228: cve-2021-44228:
investigated: false investigated: true
affected_versions: [] affected_versions: []
fixed_versions: [] fixed_versions: []
unaffected_versions: [] unaffected_versions:
- ''
cve-2021-45046: cve-2021-45046:
investigated: false investigated: false
affected_versions: [] affected_versions: []