diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md index 0c198bc..6a90bbf 100644 --- a/SOFTWARE-LIST.md +++ b/SOFTWARE-LIST.md @@ -231,10 +231,10 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Beijer Electronics | WARP Engineering Studio | | | Unknown | [link](https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | | Bender | | | | Unknown | [link](https://www.bender.de/en/cert) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Best Practical Request Tracker (RT) and Request Tracker for Incident Response (RTIR) | | | | Unknown | [link](https://bestpractical.com/blog/2021/12/request-tracker-rt-and-request-tracker-for-incident-response-rtir-do-not-use-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BeyondTrust Bomgar | | | | Unknown | [link](https://beyondtrustcorp.service-now.com/kb_view.do?sysparm_article=KB0016542) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | BeyondTrust | Privilege Management Cloud | | Unknown | Fixed | [link](https://www.beyondtrust.com/blog/entry/security-advisory-apache-log4j2-cve-2021-44228-log4shell) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | | BeyondTrust | Privilege Management Reporting in BeyondInsight | | 21.2 | Fixed | [link](https://www.beyondtrust.com/blog/entry/security-advisory-apache-log4j2-cve-2021-44228-log4shell) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | | BeyondTrust | Secure Remote Access appliances | | | Not Affected | [link](https://www.beyondtrust.com/blog/entry/security-advisory-apache-log4j2-cve-2021-44228-log4shell) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| BeyondTrust Bomgar | | | | Unknown | [link](https://beyondtrustcorp.service-now.com/kb_view.do?sysparm_article=KB0016542) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | BioMerieux | | | | Unknown | [link](https://www.biomerieux.com/en/cybersecurity-data-privacy) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | | BisectHosting | | | | Unknown | [link](https://www.bisecthosting.com/clients/index.php?rp=/knowledgebase/205/Java-Log4j-Vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | BitDefender | | | | Unknown | [link](https://businessinsights.bitdefender.com/security-advisory-bitdefender-response-to-critical-0-day-apache-log4j2-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | @@ -949,8 +949,8 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Elastic | Kibana | | | Unknown | [link](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Elastic | Logstash | <6.8.21, <7.16.1 | | Affected | [link](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Elastic | Machine Learning | | | Unknown | [link](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| ElasticSearch | all products | | | Unknown | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Elastic | Swiftype | | | Unknown | [link](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| ElasticSearch | all products | | | Unknown | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Ellucian | Admin | | | Unknown | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | | Ellucian | Banner Analytics | | | Unknown | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | | Ellucian | Banner Document Management (includes Banner Document Retention) | | | Unknown | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | @@ -1180,6 +1180,7 @@ NOTE: This file is automatically generated. To submit updates, please refer to | GoAnywhere | MFT | < 6.8.6 | | Affected | [link](https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-18 | | GoAnywhere | MFT Agents | < 1.6.5 | | Affected | [link](https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-18 | | GoCD | | | | Unknown | [link](https://www.gocd.org/2021/12/14/log4j-vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Google | Chrome | | | Not Affected | [link](https://security.googleblog.com/2021/12/apache-log4j-vulnerability.html) | Chrome Browser releases, infrastructure and admin console are not using versions of Log4j affected by the vulnerability. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-14 | | Google Cloud | Access Transparency | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | Google Cloud | Actifio | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Actifio has identified limited exposure to the Log4j 2 vulnerability and has released a hotfix to address this vulnerability. Visit [https://now.actifio.com](https://now.actifio.com) for the full statement and to obtain the hotfix (available to Actifio customers only). | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | Google Cloud | AI Platform Data Labeling | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | @@ -1309,14 +1310,12 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Google Cloud | Virtual Private Cloud | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | | Google Cloud | Web Security Scanner | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | Google Cloud | Workflows | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google | Chrome | | | Not Affected | [link](https://security.googleblog.com/2021/12/apache-log4j-vulnerability.html) | Chrome Browser releases, infrastructure and admin console are not using versions of Log4j affected by the vulnerability. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-14 | | Gradle | Gradle | | | Unknown | [link](https://blog.gradle.org/log4j-vulnerability) | Gradle Scala Compiler Plugin depends upon log4j-core but it is not used. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Gradle | Gradle Enterprise | < 2021.3.6 | | Affected | [link](https://security.gradle.com/advisory/2021-11) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Gradle | Gradle Enterprise Build Cache Node | < 10.1 | | Affected | [link](https://security.gradle.com/advisory/2021-11) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Gradle | Gradle Enterprise Test Distribution Agent | < 1.6.2 | | Affected | [link](https://security.gradle.com/advisory/2021-11) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Grafana | | | | Unknown | [link](https://grafana.com/blog/2021/12/14/grafana-labs-core-products-not-impacted-by-log4j-cve-2021-44228-and-related-vulnerabilities/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Grandstream | | | | Unknown | [link](https://blog.grandstream.com/press-releases/grandstream-products-unaffected-by-log4j-vulnerability?hsLang=en) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Gravitee.io | | | | Unknown | [link](https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Gravitee | Access Management | | | Not Affected | [link](https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Gravitee | Access Management | | | Not Affected | [link](https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Gravitee | Alert Engine | | | Not Affected | [link](https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | @@ -1324,6 +1323,7 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Gravitee | API Management | | | Not Affected | [link](https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Gravitee | API Management | | | Not Affected | [link](https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Gravitee | Cockpit | | | Not Affected | [link](https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Gravitee.io | | | | Unknown | [link](https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Gravwell | | | | Unknown | [link](https://www.gravwell.io/blog/cve-2021-44228-log4j-does-not-impact-gravwell-products) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Graylog | Graylog Server | All versions >= 1.2.0 and <= 4.2.2 | | Affected | [link](https://www.graylog.org/post/graylog-update-for-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | GreenShot | | | | Unknown | [link](https://greenshot.atlassian.net/browse/BUG-2871) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | @@ -1396,7 +1396,11 @@ NOTE: This file is automatically generated. To submit updates, please refer to | HOLOGIC | Unifi Workspace | | | Unknown | [link](https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity) | While the Hologic software itself does not utilize Java/Log4J, the installed APC PowerChute UPS with Business Edition v9.5 software installed may. APC is still assessing its PowerChute software to determine if it is vulnerable. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | | HOLOGIC | Windows Selenia Mammography System | | | Unknown | [link](https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | | Honeywell | | | | Unknown | [link](https://www.honeywell.com/us/en/press/2021/12/honeywells-statement-on-java-apache-log4j-logging-framework-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| HPE/Micro Focus | Data Protector | | 9.09 | Fixed | [link](https://portal.microfocus.com/s/article/KM000003243) | | [https://portal.microfocus.com/s/article/KM000003050](https://portal.microfocus.com/s/article/KM000003050) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| HP | Teradici Cloud Access Controller | | < v113 | Fixed | [link](https://support.hp.com/us-en/document/ish_5268006-5268030-16) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| HP | Teradici EMSDK | | < 1.0.6 | Fixed | [link](https://support.hp.com/us-en/document/ish_5268006-5268030-16) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| HP | Teradici Management Console | | < 21.10.3 | Fixed | [link](https://support.hp.com/us-en/document/ish_5268006-5268030-16) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| HP | Teradici PCoIP Connection Manager | | < 21.03.6, < 20.07.4 | Fixed | [link](https://support.hp.com/us-en/document/ish_5268006-5268030-16) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| HP | Teradici PCoIP License Server | | | Unknown | [link](https://support.hp.com/us-en/document/ish_5268006-5268030-16) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | | HPE | 3PAR StoreServ Arrays | | | Unknown | [link](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) | Support Communication Cross Reference ID: SIK7387 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | | HPE | AirWave Management Platform | | | Unknown | [link](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) | Support Communication Cross Reference ID: SIK7387 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | | HPE | Alletra 6000 | | | Unknown | [link](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) | Support Communication Cross Reference ID: SIK7387 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | @@ -1526,11 +1530,7 @@ NOTE: This file is automatically generated. To submit updates, please refer to | HPE | Superdome Flex 280 | | | Unknown | [link](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) | Support Communication Cross Reference ID: SIK7387 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | | HPE | Superdome Flex Server | | | Unknown | [link](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) | Support Communication Cross Reference ID: SIK7387 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | | HPE | UAN (User Access Node) | | | Unknown | [link](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) | Support Communication Cross Reference ID: SIK7387 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | -| HP | Teradici Cloud Access Controller | | < v113 | Fixed | [link](https://support.hp.com/us-en/document/ish_5268006-5268030-16) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| HP | Teradici EMSDK | | < 1.0.6 | Fixed | [link](https://support.hp.com/us-en/document/ish_5268006-5268030-16) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| HP | Teradici Management Console | | < 21.10.3 | Fixed | [link](https://support.hp.com/us-en/document/ish_5268006-5268030-16) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| HP | Teradici PCoIP Connection Manager | | < 21.03.6, < 20.07.4 | Fixed | [link](https://support.hp.com/us-en/document/ish_5268006-5268030-16) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| HP | Teradici PCoIP License Server | | | Unknown | [link](https://support.hp.com/us-en/document/ish_5268006-5268030-16) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| HPE/Micro Focus | Data Protector | | 9.09 | Fixed | [link](https://portal.microfocus.com/s/article/KM000003243) | | [https://portal.microfocus.com/s/article/KM000003050](https://portal.microfocus.com/s/article/KM000003050) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | | Huawei | | | | Unknown | [link](https://www.huawei.com/en/psirt/security-notices/huawei-sn-20211210-01-log4j2-en) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Hubspot | | | | Unknown | [link](https://community.hubspot.com/t5/APIs-Integrations/Log4J-day-zero-exploit-CVE-2021-44228/td-p/541949) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | I-Net software | | | | Unknown | [link](https://faq.inetsoftware.de/t/statement-about-cve-2021-44228-log4j-vulnerability-concerning-i-net-software-products/269/3) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | @@ -2019,6 +2019,8 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Lyrasis | Fedora Repository | | | Not Affected | [link](https://groups.google.com/g/fedora-tech/c/dQMQ5jaX8Xo) | Fedora Repository is unaffiliated with Fedora Linux. Uses logback and explicitly excludes log4j. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | MailStore | | | | Unknown | [link](https://www.mailstore.com/en/blog/mailstore-affected-by-log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Maltego | | | | Unknown | [link](https://www.maltego.com/blog/our-response-to-log4j-cve-2021-44228/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| ManageEngine | AD SelfService Plus | | | Not Affected | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-27 | +| ManageEngine | Servicedesk Plus | 11305 and below | | Affected | [link](https://www.manageengine.com/products/service-desk/security-response-plan.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | ManageEngine Zoho | | | | Unknown | [link](https://pitstop.manageengine.com/portal/en/community/topic/log4j-ad-manager-plus) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | ManageEngine Zoho | ADAudit Plus | | | Unknown | [link](https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | | ManageEngine Zoho | ADManager Plus | | | Unknown | [link](https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | @@ -2032,8 +2034,6 @@ NOTE: This file is automatically generated. To submit updates, please refer to | ManageEngine Zoho | M365 Manager Plus | | | Unknown | [link](https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | | ManageEngine Zoho | M365 Security Plus | | | Unknown | [link](https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | | ManageEngine Zoho | RecoveryManager Plus | | | Unknown | [link](https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | -| ManageEngine | AD SelfService Plus | | | Not Affected | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-27 | -| ManageEngine | Servicedesk Plus | 11305 and below | | Affected | [link](https://www.manageengine.com/products/service-desk/security-response-plan.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | MariaDB | | | | Unknown | [link](https://mariadb.com/resources/blog/log4shell-and-mariadb-cve-2021-44228/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | MathWorks | All MathWorks general release desktop or server products | | | Not Affected | [link](https://www.mathworks.com/matlabcentral/answers/1610640-apache-log4j-vulnerability-cve-2021-44228-how-does-it-affect-matlab-run-time) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | | MathWorks | MATLAB | | | Not Affected | [link](https://www.mathworks.com/content/dam/mathworks/policies/mathworks-response-to-cve-2021-44228-log4j-vulnerability.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | @@ -2319,6 +2319,8 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Shibboleth | All Products | | | Not Affected | [link](https://shibboleth.net/pipermail/announce/2021-December/000253.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-10 | | Shopify | | | | Unknown | [link](https://community.shopify.com/c/technical-q-a/is-shopify-affected-by-the-log4j-vulnerability/td-p/1417625) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Siebel | | | | Unknown | [link](https://www.siebelhub.com/main/2021/12/log4j-vulnerability-cve-2021-44228-and-siebel-crm.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Siemens | Affected Products | | | Unknown | [link](https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf) | Siemens requests: See pdf for the complete list of affected products, CSAF for automated parsing of data | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| Siemens | Affected Products | | | Unknown | [link](https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf) | Siemens requests: See pdf for the complete list of affected products, CSAF for automated parsing of data | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | | Siemens Energy | Affected Products | | | Unknown | [link](https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf) | Siemens requests: See pdf for the complete list of affected products, CSAF for automated parsing of data | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | Siemens Energy | Affected Products | | | Unknown | [link](https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf) | Siemens requests: See pdf for the complete list of affected products, CSAF for automated parsing of data | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | | Siemens Energy | Affected Products | | | Unknown | [link](https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf) | Siemens requests: See pdf for the complete list of affected products, CSAF for automated parsing of data | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | @@ -2356,8 +2358,6 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Siemens Healthineers | syngo.via WebViewer VA13B / VA20A / VA20B | | | Unknown | [link](https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228) | Workaround: remove the vulnerable class from the .jar file | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | | Siemens Healthineers | X.Ceed Somaris 10 VA40* | | | Unknown | [link](https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228) | Workaround: In the meantime, we recommend preventing access to port 8090 from other devices by configuration of the hospital network. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | | Siemens Healthineers | X.Cite Somaris 10 VA30*/VA40* | | | Unknown | [link](https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228) | Workaround: In the meantime, we recommend preventing access to port 8090 from other devices by configuration of the hospital network. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Siemens | Affected Products | | | Unknown | [link](https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf) | Siemens requests: See pdf for the complete list of affected products, CSAF for automated parsing of data | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Siemens | Affected Products | | | Unknown | [link](https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf) | Siemens requests: See pdf for the complete list of affected products, CSAF for automated parsing of data | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | | Sierra Wireless | | | | Unknown | [link](https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2021-007/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Sierra Wireless | AirVantage and Octave cloud platforms | | | Unknown | [link](https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2021-007/#sthash.iT98k4HP.dpbs) | These systems do not operate with the specific non-standard configuration required for CVE-2021-25046 and hence were not vulnerable to it. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-05 | | Sierra Wireless | AM/AMM servers | | | Unknown | [link](https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2021-007/#sthash.iT98k4HP.dpbs) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-05 | @@ -2458,8 +2458,8 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Splunk | Splunk UBA OVA Software | 5.0.3a, 5.0.0 | | Affected | [link](https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-30 | | Splunk | Splunk VMWare OVA for ITSI [App ID 4760](https://splunkbase.splunk.com/app/4760/) | 1.1.1 and older | | Affected | [link](https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-30 | | Sprecher Automation | | | | Unknown | [link](https://www.sprecher-automation.com/en/it-security/security-alerts) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Spring Boot | | | | Unknown | [link](https://spring.io/blog/2021/12/10/log4j2-vulnerability-and-spring-boot) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Spring | Spring Boot | | | Unknown | [link](https://spring.io/blog/2021/12/10/log4j2-vulnerability-and-spring-boot) | Spring Boot users are only affected by this vulnerability if they have switched the default logging system to Log4J2 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Spring Boot | | | | Unknown | [link](https://spring.io/blog/2021/12/10/log4j2-vulnerability-and-spring-boot) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | StarDog | | | | Unknown | [link](https://community.stardog.com/t/stardog-7-8-1-available/3411) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | STERIS | Advantage | | | Unknown | [link](https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | | STERIS | Advantage Plus | | | Unknown | [link](https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | diff --git a/data/cisagov.yml b/data/cisagov.yml index 7633387..972d02e 100644 --- a/data/cisagov.yml +++ b/data/cisagov.yml @@ -6307,8 +6307,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BeyondTrust Bomgar - product: '' + - vendor: BeyondTrust + product: Privilege Management Cloud cves: cve-2021-4104: investigated: false @@ -6316,9 +6316,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - Unknown unaffected_versions: [] cve-2021-45046: investigated: false @@ -6331,13 +6332,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://beyondtrustcorp.service-now.com/kb_view.do?sysparm_article=KB0016542 + - https://www.beyondtrust.com/blog/entry/security-advisory-apache-log4j2-cve-2021-44228-log4shell notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' + last_updated: '2021-12-17T00:00:00' - vendor: BeyondTrust - product: Privilege Management Cloud + product: Privilege Management Reporting in BeyondInsight cves: cve-2021-4104: investigated: false @@ -6348,7 +6349,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - Unknown + - '21.2' unaffected_versions: [] cve-2021-45046: investigated: false @@ -6367,7 +6368,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: BeyondTrust - product: Privilege Management Reporting in BeyondInsight + product: Secure Remote Access appliances cves: cve-2021-4104: investigated: false @@ -6377,9 +6378,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - '21.2' - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - Unknown cve-2021-45046: investigated: false affected_versions: [] @@ -6396,8 +6397,8 @@ software: references: - '' last_updated: '2021-12-17T00:00:00' - - vendor: BeyondTrust - product: Secure Remote Access appliances + - vendor: BeyondTrust Bomgar + product: '' cves: cve-2021-4104: investigated: false @@ -6405,11 +6406,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - Unknown + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -6421,11 +6421,11 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.beyondtrust.com/blog/entry/security-advisory-apache-log4j2-cve-2021-44228-log4shell + - https://beyondtrustcorp.service-now.com/kb_view.do?sysparm_article=KB0016542 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: BioMerieux product: '' cves: @@ -27524,8 +27524,8 @@ software: references: - '' last_updated: '2021-12-15T00:00:00' - - vendor: ElasticSearch - product: all products + - vendor: Elastic + product: Swiftype cves: cve-2021-4104: investigated: false @@ -27547,13 +27547,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: Elastic - product: Swiftype + last_updated: '2021-12-15T00:00:00' + - vendor: ElasticSearch + product: all products cves: cve-2021-4104: investigated: false @@ -27575,12 +27576,11 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 + vendor_links: [] notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-12T07:18:52+00:00' - vendor: Ellucian product: Admin cves: @@ -34284,6 +34284,36 @@ software: references: - '' last_updated: '2022-01-12T07:18:52+00:00' + - vendor: Google + product: Chrome + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security.googleblog.com/2021/12/apache-log4j-vulnerability.html + notes: Chrome Browser releases, infrastructure and admin console are not using + versions of Log4j affected by the vulnerability. + references: + - '' + last_updated: '2022-01-14' - vendor: Google Cloud product: Access Transparency cves: @@ -38229,36 +38259,6 @@ software: references: - '' last_updated: '2021-12-21T00:00:00' - - vendor: Google - product: Chrome - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://security.googleblog.com/2021/12/apache-log4j-vulnerability.html - notes: Chrome Browser releases, infrastructure and admin console are not using - versions of Log4j affected by the vulnerability. - references: - - '' - last_updated: '2022-01-14' - vendor: Gradle product: Gradle cves: @@ -38436,8 +38436,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:53+00:00' - - vendor: Gravitee.io - product: '' + - vendor: Gravitee + product: Access Management cves: cve-2021-4104: investigated: false @@ -38445,10 +38445,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 3.10.x cve-2021-45046: investigated: false affected_versions: [] @@ -38478,7 +38479,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 3.10.x + - 3.5.x cve-2021-45046: investigated: false affected_versions: [] @@ -38496,7 +38497,7 @@ software: - '' last_updated: '2022-01-12T07:18:53+00:00' - vendor: Gravitee - product: Access Management + product: Alert Engine cves: cve-2021-4104: investigated: false @@ -38508,7 +38509,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 3.5.x + - 1.5.x cve-2021-45046: investigated: false affected_versions: [] @@ -38538,7 +38539,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 1.5.x + - 1.4.x cve-2021-45046: investigated: false affected_versions: [] @@ -38556,7 +38557,7 @@ software: - '' last_updated: '2022-01-12T07:18:53+00:00' - vendor: Gravitee - product: Alert Engine + product: API Management cves: cve-2021-4104: investigated: false @@ -38568,7 +38569,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 1.4.x + - 3.10.x cve-2021-45046: investigated: false affected_versions: [] @@ -38598,7 +38599,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 3.10.x + - 3.5.x cve-2021-45046: investigated: false affected_versions: [] @@ -38616,7 +38617,7 @@ software: - '' last_updated: '2022-01-12T07:18:53+00:00' - vendor: Gravitee - product: API Management + product: Cockpit cves: cve-2021-4104: investigated: false @@ -38628,7 +38629,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 3.5.x + - 1.4.x cve-2021-45046: investigated: false affected_versions: [] @@ -38645,8 +38646,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:53+00:00' - - vendor: Gravitee - product: Cockpit + - vendor: Gravitee.io + product: '' cves: cve-2021-4104: investigated: false @@ -38654,11 +38655,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - 1.4.x + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -40824,8 +40824,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:53+00:00' - - vendor: HPE/Micro Focus - product: Data Protector + - vendor: HP + product: Teradici Cloud Access Controller cves: cve-2021-4104: investigated: false @@ -40836,7 +40836,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '9.09' + - < v113 unaffected_versions: [] cve-2021-45046: investigated: false @@ -40849,13 +40849,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://portal.microfocus.com/s/article/KM000003243 + - https://support.hp.com/us-en/document/ish_5268006-5268030-16 notes: '' references: - - '[https://portal.microfocus.com/s/article/KM000003050](https://portal.microfocus.com/s/article/KM000003050)' + - '' last_updated: '2021-12-17T00:00:00' - - vendor: HPE - product: 3PAR StoreServ Arrays + - vendor: HP + product: Teradici EMSDK cves: cve-2021-4104: investigated: false @@ -40863,9 +40863,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - < 1.0.6 unaffected_versions: [] cve-2021-45046: investigated: false @@ -40878,13 +40879,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://support.hp.com/us-en/document/ish_5268006-5268030-16 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: AirWave Management Platform + last_updated: '2021-12-17T00:00:00' + - vendor: HP + product: Teradici Management Console cves: cve-2021-4104: investigated: false @@ -40892,10 +40893,42 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - < 21.10.3 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hp.com/us-en/document/ish_5268006-5268030-16 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: HP + product: Teradici PCoIP Connection Manager + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - < 21.03.6 + - < 20.07.4 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -40907,13 +40940,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://support.hp.com/us-en/document/ish_5268006-5268030-16 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Alletra 6000 + last_updated: '2021-12-17T00:00:00' + - vendor: HP + product: Teradici PCoIP License Server cves: cve-2021-4104: investigated: false @@ -40936,13 +40969,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://support.hp.com/us-en/document/ish_5268006-5268030-16 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' + last_updated: '2021-12-17T00:00:00' - vendor: HPE - product: Alletra 9k + product: 3PAR StoreServ Arrays cves: cve-2021-4104: investigated: false @@ -40971,7 +41004,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Aruba Central + product: AirWave Management Platform cves: cve-2021-4104: investigated: false @@ -41000,7 +41033,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Aruba ClearPass Policy Manager + product: Alletra 6000 cves: cve-2021-4104: investigated: false @@ -41029,7 +41062,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Aruba ClearPass Policy Manager + product: Alletra 9k cves: cve-2021-4104: investigated: false @@ -41058,7 +41091,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Aruba Instant (IAP) + product: Aruba Central cves: cve-2021-4104: investigated: false @@ -41087,7 +41120,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Aruba Location Services + product: Aruba ClearPass Policy Manager cves: cve-2021-4104: investigated: false @@ -41116,7 +41149,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Aruba NetEdit + product: Aruba ClearPass Policy Manager cves: cve-2021-4104: investigated: false @@ -41145,7 +41178,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Aruba PVOS Switches + product: Aruba Instant (IAP) cves: cve-2021-4104: investigated: false @@ -41174,7 +41207,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Aruba SDN VAN Controller + product: Aruba Location Services cves: cve-2021-4104: investigated: false @@ -41203,7 +41236,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Aruba User Experience Insight (UXI) + product: Aruba NetEdit cves: cve-2021-4104: investigated: false @@ -41232,7 +41265,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Aruba VIA Client + product: Aruba PVOS Switches cves: cve-2021-4104: investigated: false @@ -41261,7 +41294,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: ArubaOS SD-WAN Controllers and Gateways + product: Aruba SDN VAN Controller cves: cve-2021-4104: investigated: false @@ -41290,7 +41323,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: ArubaOS Wi-Fi Controllers and Gateways + product: Aruba User Experience Insight (UXI) cves: cve-2021-4104: investigated: false @@ -41319,7 +41352,94 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: ArubaOS-CX switches + product: Aruba VIA Client + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: ArubaOS SD-WAN Controllers and Gateways + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: ArubaOS Wi-Fi Controllers and Gateways + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: ArubaOS-CX switches cves: cve-2021-4104: investigated: false @@ -44597,98 +44717,8 @@ software: references: - '' last_updated: '2021-12-12T00:00:00' - - vendor: HP - product: Teradici Cloud Access Controller - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - < v113 - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://support.hp.com/us-en/document/ish_5268006-5268030-16 - notes: '' - references: - - '' - last_updated: '2021-12-17T00:00:00' - - vendor: HP - product: Teradici EMSDK - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - < 1.0.6 - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://support.hp.com/us-en/document/ish_5268006-5268030-16 - notes: '' - references: - - '' - last_updated: '2021-12-17T00:00:00' - - vendor: HP - product: Teradici Management Console - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - < 21.10.3 - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://support.hp.com/us-en/document/ish_5268006-5268030-16 - notes: '' - references: - - '' - last_updated: '2021-12-17T00:00:00' - - vendor: HP - product: Teradici PCoIP Connection Manager + - vendor: HPE/Micro Focus + product: Data Protector cves: cve-2021-4104: investigated: false @@ -44699,37 +44729,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - < 21.03.6 - - < 20.07.4 - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://support.hp.com/us-en/document/ish_5268006-5268030-16 - notes: '' - references: - - '' - last_updated: '2021-12-17T00:00:00' - - vendor: HP - product: Teradici PCoIP License Server - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] + - '9.09' unaffected_versions: [] cve-2021-45046: investigated: false @@ -44742,10 +44742,10 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hp.com/us-en/document/ish_5268006-5268030-16 + - https://portal.microfocus.com/s/article/KM000003243 notes: '' references: - - '' + - '[https://portal.microfocus.com/s/article/KM000003050](https://portal.microfocus.com/s/article/KM000003050)' last_updated: '2021-12-17T00:00:00' - vendor: Huawei product: '' @@ -59063,8 +59063,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:54+00:00' - - vendor: ManageEngine Zoho - product: '' + - vendor: ManageEngine + product: AD SelfService Plus cves: cve-2021-4104: investigated: false @@ -59072,10 +59072,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - Build 6.1 build 6114 cve-2021-45046: investigated: false affected_versions: [] @@ -59086,14 +59087,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://pitstop.manageengine.com/portal/en/community/topic/log4j-ad-manager-plus + vendor_links: [] notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: ManageEngine Zoho - product: ADAudit Plus + last_updated: '2021-12-27T00:00:00' + - vendor: ManageEngine + product: Servicedesk Plus cves: cve-2021-4104: investigated: false @@ -59101,8 +59101,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 11305 and below fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -59116,13 +59117,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1 + - https://www.manageengine.com/products/service-desk/security-response-plan.html notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' + last_updated: '2021-12-15T00:00:00' - vendor: ManageEngine Zoho - product: ADManager Plus + product: '' cves: cve-2021-4104: investigated: false @@ -59145,13 +59146,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1 + - https://pitstop.manageengine.com/portal/en/community/topic/log4j-ad-manager-plus notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' + last_updated: '2022-01-12T07:18:54+00:00' - vendor: ManageEngine Zoho - product: Analytics Plus + product: ADAudit Plus cves: cve-2021-4104: investigated: false @@ -59180,7 +59181,7 @@ software: - '' last_updated: '2021-12-16T00:00:00' - vendor: ManageEngine Zoho - product: Cloud Security Plus + product: ADManager Plus cves: cve-2021-4104: investigated: false @@ -59209,7 +59210,7 @@ software: - '' last_updated: '2021-12-16T00:00:00' - vendor: ManageEngine Zoho - product: DataSecurity Plus + product: Analytics Plus cves: cve-2021-4104: investigated: false @@ -59238,7 +59239,7 @@ software: - '' last_updated: '2021-12-16T00:00:00' - vendor: ManageEngine Zoho - product: EventLog Analyzer + product: Cloud Security Plus cves: cve-2021-4104: investigated: false @@ -59267,7 +59268,7 @@ software: - '' last_updated: '2021-12-16T00:00:00' - vendor: ManageEngine Zoho - product: Exchange Reporter Plus + product: DataSecurity Plus cves: cve-2021-4104: investigated: false @@ -59296,7 +59297,7 @@ software: - '' last_updated: '2021-12-16T00:00:00' - vendor: ManageEngine Zoho - product: Log360 + product: EventLog Analyzer cves: cve-2021-4104: investigated: false @@ -59325,7 +59326,7 @@ software: - '' last_updated: '2021-12-16T00:00:00' - vendor: ManageEngine Zoho - product: Log360 UEBA + product: Exchange Reporter Plus cves: cve-2021-4104: investigated: false @@ -59354,7 +59355,7 @@ software: - '' last_updated: '2021-12-16T00:00:00' - vendor: ManageEngine Zoho - product: M365 Manager Plus + product: Log360 cves: cve-2021-4104: investigated: false @@ -59383,7 +59384,7 @@ software: - '' last_updated: '2021-12-16T00:00:00' - vendor: ManageEngine Zoho - product: M365 Security Plus + product: Log360 UEBA cves: cve-2021-4104: investigated: false @@ -59412,7 +59413,7 @@ software: - '' last_updated: '2021-12-16T00:00:00' - vendor: ManageEngine Zoho - product: RecoveryManager Plus + product: M365 Manager Plus cves: cve-2021-4104: investigated: false @@ -59440,8 +59441,8 @@ software: references: - '' last_updated: '2021-12-16T00:00:00' - - vendor: ManageEngine - product: AD SelfService Plus + - vendor: ManageEngine Zoho + product: M365 Security Plus cves: cve-2021-4104: investigated: false @@ -59449,11 +59450,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - Build 6.1 build 6114 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -59464,13 +59464,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1 notes: '' references: - '' - last_updated: '2021-12-27T00:00:00' - - vendor: ManageEngine - product: Servicedesk Plus + last_updated: '2021-12-16T00:00:00' + - vendor: ManageEngine Zoho + product: RecoveryManager Plus cves: cve-2021-4104: investigated: false @@ -59478,9 +59479,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 11305 and below + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -59494,11 +59494,11 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.manageengine.com/products/service-desk/security-response-plan.html + - https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2021-12-16T00:00:00' - vendor: MariaDB product: '' cves: @@ -67919,6 +67919,66 @@ software: references: - '' last_updated: '2022-01-12T07:18:55+00:00' + - vendor: Siemens + product: Affected Products + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf + notes: 'Siemens requests: See pdf for the complete list of affected products, + CSAF for automated parsing of data' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens + product: Affected Products + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf + notes: 'Siemens requests: See pdf for the complete list of affected products, + CSAF for automated parsing of data' + references: + - '' + last_updated: '2021-12-19T00:00:00' - vendor: Siemens Energy product: Affected Products cves: @@ -69037,66 +69097,6 @@ software: references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Siemens - product: Affected Products - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf - notes: 'Siemens requests: See pdf for the complete list of affected products, - CSAF for automated parsing of data' - references: - - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Siemens - product: Affected Products - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf - notes: 'Siemens requests: See pdf for the complete list of affected products, - CSAF for automated parsing of data' - references: - - '' - last_updated: '2021-12-19T00:00:00' - vendor: Sierra Wireless product: '' cves: @@ -72077,8 +72077,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:55+00:00' - - vendor: Spring Boot - product: '' + - vendor: Spring + product: Spring Boot cves: cve-2021-4104: investigated: false @@ -72102,12 +72102,13 @@ software: unaffected_versions: [] vendor_links: - https://spring.io/blog/2021/12/10/log4j2-vulnerability-and-spring-boot - notes: '' + notes: Spring Boot users are only affected by this vulnerability if they have + switched the default logging system to Log4J2 references: - '' last_updated: '2022-01-12T07:18:55+00:00' - - vendor: Spring - product: Spring Boot + - vendor: Spring Boot + product: '' cves: cve-2021-4104: investigated: false @@ -72131,8 +72132,7 @@ software: unaffected_versions: [] vendor_links: - https://spring.io/blog/2021/12/10/log4j2-vulnerability-and-spring-boot - notes: Spring Boot users are only affected by this vulnerability if they have - switched the default logging system to Log4J2 + notes: '' references: - '' last_updated: '2022-01-12T07:18:55+00:00' diff --git a/data/cisagov_A.yml b/data/cisagov_A.yml index 03f5dd2..f569214 100644 --- a/data/cisagov_A.yml +++ b/data/cisagov_A.yml @@ -475,8 +475,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: AFAS Software - product: '' + - vendor: Advanced Systems Concepts (formally Jscape) + product: Active MFT cves: cve-2021-4104: investigated: false @@ -499,13 +499,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.afas.nl/vraagantwoord/NL/SE/120439.htm - notes: '' + - https://support.advsyscon.com/hc/en-us/articles/4413631831569 + notes: This advisory is available to customers only and has not been reviewed + by CISA references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: AFHCAN Global LLC - product: AFHCANsuite + last_updated: '2021-12-14T00:00:00' + - vendor: Advanced Systems Concepts (formally Jscape) + product: MFT cves: cve-2021-4104: investigated: false @@ -513,11 +514,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - 8.0.7 - 8.4.3 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -529,13 +529,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://afhcan.org/support.aspx - notes: '' + - https://support.advsyscon.com/hc/en-us/articles/4413631831569 + notes: This advisory is available to customers only and has not been reviewed + by CISA references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: AFHCAN Global LLC - product: AFHCANServer + last_updated: '2021-12-14T00:00:00' + - vendor: Advanced Systems Concepts (formally Jscape) + product: MFT Gateway cves: cve-2021-4104: investigated: false @@ -543,11 +544,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - 8.0.7 - 8.4.3 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -559,13 +559,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://afhcan.org/support.aspx - notes: '' + - https://support.advsyscon.com/hc/en-us/articles/4413631831569 + notes: This advisory is available to customers only and has not been reviewed + by CISA references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: AFHCAN Global LLC - product: AFHCANcart + last_updated: '2021-12-14T00:00:00' + - vendor: Advanced Systems Concepts (formally Jscape) + product: MFT Server cves: cve-2021-4104: investigated: false @@ -573,11 +574,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - 8.0.7 - 8.4.3 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -589,13 +589,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://afhcan.org/support.aspx - notes: '' + - https://support.advsyscon.com/hc/en-us/articles/4413631831569 + notes: This advisory is available to customers only and has not been reviewed + by CISA references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: AFHCAN Global LLC - product: AFHCANweb + last_updated: '2021-12-14T00:00:00' + - vendor: AFAS Software + product: '' cves: cve-2021-4104: investigated: false @@ -603,11 +604,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - 8.0.7 - 8.4.3 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -619,13 +619,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://afhcan.org/support.aspx + - https://help.afas.nl/vraagantwoord/NL/SE/120439.htm notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: AFHCAN Global LLC - product: AFHCANmobile + product: AFHCANcart cves: cve-2021-4104: investigated: false @@ -655,7 +655,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: AFHCAN Global LLC - product: AFHCANupdate + product: AFHCANmobile cves: cve-2021-4104: investigated: false @@ -684,8 +684,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Agilysys - product: '' + - vendor: AFHCAN Global LLC + product: AFHCANServer cves: cve-2021-4104: investigated: false @@ -693,10 +693,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 8.0.7 - 8.4.3 cve-2021-45046: investigated: false affected_versions: [] @@ -708,13 +709,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://info.agilysys.com/webmail/76642/2001127877/c3fda575e2313fac1f6a203dc6fc1db2439c3db0da22bde1b6c1b6747d7f0e2f + - https://afhcan.org/support.aspx notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Advanced Systems Concepts (formally Jscape) - product: Active MFT + - vendor: AFHCAN Global LLC + product: AFHCANsuite cves: cve-2021-4104: investigated: false @@ -722,10 +723,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 8.0.7 - 8.4.3 cve-2021-45046: investigated: false affected_versions: [] @@ -737,14 +739,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.advsyscon.com/hc/en-us/articles/4413631831569 - notes: This advisory is available to customers only and has not been reviewed - by CISA + - https://afhcan.org/support.aspx + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Advanced Systems Concepts (formally Jscape) - product: MFT Server + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: AFHCAN Global LLC + product: AFHCANupdate cves: cve-2021-4104: investigated: false @@ -752,10 +753,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 8.0.7 - 8.4.3 cve-2021-45046: investigated: false affected_versions: [] @@ -767,14 +769,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.advsyscon.com/hc/en-us/articles/4413631831569 - notes: This advisory is available to customers only and has not been reviewed - by CISA + - https://afhcan.org/support.aspx + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Advanced Systems Concepts (formally Jscape) - product: MFT Gateway + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: AFHCAN Global LLC + product: AFHCANweb cves: cve-2021-4104: investigated: false @@ -782,10 +783,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 8.0.7 - 8.4.3 cve-2021-45046: investigated: false affected_versions: [] @@ -797,14 +799,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.advsyscon.com/hc/en-us/articles/4413631831569 - notes: This advisory is available to customers only and has not been reviewed - by CISA + - https://afhcan.org/support.aspx + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Advanced Systems Concepts (formally Jscape) - product: MFT + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Agilysys + product: '' cves: cve-2021-4104: investigated: false @@ -827,12 +828,11 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.advsyscon.com/hc/en-us/articles/4413631831569 - notes: This advisory is available to customers only and has not been reviewed - by CISA + - https://info.agilysys.com/webmail/76642/2001127877/c3fda575e2313fac1f6a203dc6fc1db2439c3db0da22bde1b6c1b6747d7f0e2f + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Akamai product: SIEM Splunk Connector cves: @@ -1192,7 +1192,7 @@ software: - '' last_updated: '2021-12-23T00:00:00' - vendor: Amazon - product: AWS Lambda + product: AWS DynamoDB cves: cve-2021-4104: investigated: false @@ -1201,9 +1201,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: + affected_versions: [] + fixed_versions: - Unknown - fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -1216,13 +1216,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' + last_updated: '2021-12-17T00:00:00' - vendor: Amazon - product: AWS DynamoDB + product: AWS EKS, ECS, Fargate cves: cve-2021-4104: investigated: false @@ -1231,9 +1231,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: + affected_versions: - Unknown + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -1247,10 +1247,16 @@ software: unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: '' + notes: To help mitigate the impact of the open-source Apache “Log4j2" utility + (CVE-2021-44228 and CVE-2021-45046) security issues on customers’ containers, + Amazon EKS, Amazon ECS, and AWS Fargate are deploying a Linux-based update (hot-patch). + This hot-patch will require customer opt-in to use, and disables JNDI lookups + from the Log4J2 library in customers’ containers. These updates are available + as an Amazon Linux package for Amazon ECS customers, as a DaemonSet for Kubernetes + users on AWS, and will be in supported AWS Fargate platform versions references: - '' - last_updated: '2021-12-17T00:00:00' + last_updated: '2021-12-16T00:00:00' - vendor: Amazon product: AWS ElastiCache cves: @@ -1282,7 +1288,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Amazon - product: AWS Inspector + product: AWS ELB cves: cve-2021-4104: investigated: false @@ -1310,9 +1316,9 @@ software: notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' + last_updated: '2021-12-16T00:00:00' - vendor: Amazon - product: AWS RDS + product: AWS Inspector cves: cve-2021-4104: investigated: false @@ -1337,13 +1343,12 @@ software: unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: Amazon RDS and Amazon Aurora have been updated to mitigate the issues identified - in CVE-2021-44228 + notes: '' references: - '' last_updated: '2021-12-17T00:00:00' - vendor: Amazon - product: AWS S3 + product: AWS Kinesis Data Stream cves: cve-2021-4104: investigated: false @@ -1352,9 +1357,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: + affected_versions: - Unknown + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -1368,12 +1373,16 @@ software: unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: '' + notes: We are actively patching all sub-systems that use Log4j2 by applying updates. + The Kinesis Client Library (KCL) version 2.X and the Kinesis Producer Library + (KPL) are not impacted. For customers using KCL 1.x, we have released an updated + version and we strongly recommend that all KCL version 1.x customers upgrade + to KCL version 1.14.5 (or higher) references: - '' last_updated: '2021-12-14T00:00:00' - vendor: Amazon - product: AWS SNS + product: AWS Lambda cves: cve-2021-4104: investigated: false @@ -1382,9 +1391,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: + affected_versions: - Unknown + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -1397,15 +1406,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: Amazon SNS systems that serve customer traffic are patched against the - Log4j2 issue. We are working to apply the Log4j2 patch to sub-systems that operate - separately from SNS’s systems that serve customer traffic + - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon - product: AWS SQS + product: AWS Lambda cves: cve-2021-4104: investigated: false @@ -1414,9 +1421,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: + affected_versions: - Unknown + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -1429,13 +1436,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon - product: AWS EKS, ECS, Fargate + product: AWS RDS cves: cve-2021-4104: investigated: false @@ -1444,9 +1451,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: + affected_versions: [] + fixed_versions: - Unknown - fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -1460,18 +1467,13 @@ software: unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: To help mitigate the impact of the open-source Apache “Log4j2" utility - (CVE-2021-44228 and CVE-2021-45046) security issues on customers’ containers, - Amazon EKS, Amazon ECS, and AWS Fargate are deploying a Linux-based update (hot-patch). - This hot-patch will require customer opt-in to use, and disables JNDI lookups - from the Log4J2 library in customers’ containers. These updates are available - as an Amazon Linux package for Amazon ECS customers, as a DaemonSet for Kubernetes - users on AWS, and will be in supported AWS Fargate platform versions + notes: Amazon RDS and Amazon Aurora have been updated to mitigate the issues identified + in CVE-2021-44228 references: - '' - last_updated: '2021-12-16T00:00:00' + last_updated: '2021-12-17T00:00:00' - vendor: Amazon - product: AWS ELB + product: AWS S3 cves: cve-2021-4104: investigated: false @@ -1499,9 +1501,9 @@ software: notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' + last_updated: '2021-12-14T00:00:00' - vendor: Amazon - product: AWS Kinesis Data Stream + product: AWS SNS cves: cve-2021-4104: investigated: false @@ -1510,9 +1512,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: + affected_versions: [] + fixed_versions: - Unknown - fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -1526,16 +1528,14 @@ software: unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: We are actively patching all sub-systems that use Log4j2 by applying updates. - The Kinesis Client Library (KCL) version 2.X and the Kinesis Producer Library - (KPL) are not impacted. For customers using KCL 1.x, we have released an updated - version and we strongly recommend that all KCL version 1.x customers upgrade - to KCL version 1.14.5 (or higher) + notes: Amazon SNS systems that serve customer traffic are patched against the + Log4j2 issue. We are working to apply the Log4j2 patch to sub-systems that operate + separately from SNS’s systems that serve customer traffic references: - '' last_updated: '2021-12-14T00:00:00' - vendor: Amazon - product: AWS Lambda + product: AWS SQS cves: cve-2021-4104: investigated: false @@ -1544,9 +1544,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: + affected_versions: [] + fixed_versions: - Unknown - fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -1559,11 +1559,11 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' + last_updated: '2021-12-15T00:00:00' - vendor: Amazon product: CloudFront cves: @@ -2045,7 +2045,7 @@ software: - '' last_updated: '2021-12-13T00:00:00' - vendor: Apache - product: Camel Quarkus + product: Camel 2 cves: cve-2021-4104: investigated: false @@ -2074,7 +2074,7 @@ software: - '' last_updated: '2021-12-13T00:00:00' - vendor: Apache - product: Camel K + product: Camel JBang cves: cve-2021-4104: investigated: false @@ -2082,8 +2082,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - <=3.1.4 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -2103,7 +2104,7 @@ software: - '' last_updated: '2021-12-13T00:00:00' - vendor: Apache - product: CamelKafka Connector + product: Camel K cves: cve-2021-4104: investigated: false @@ -2162,7 +2163,7 @@ software: - '' last_updated: '2021-12-13T00:00:00' - vendor: Apache - product: Camel JBang + product: Camel Quarkus cves: cve-2021-4104: investigated: false @@ -2170,9 +2171,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - <=3.1.4 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -2192,7 +2192,7 @@ software: - '' last_updated: '2021-12-13T00:00:00' - vendor: Apache - product: Camel 2 + product: CamelKafka Connector cves: cve-2021-4104: investigated: false @@ -2480,8 +2480,8 @@ software: references: - '' last_updated: '2021-12-21T00:00:00' - - vendor: Apereo - product: CAS + - vendor: APC by Schneider Electric + product: Powerchute Business Edition cves: cve-2021-4104: investigated: false @@ -2490,10 +2490,47 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 6.3.x & 6.4.x + affected_versions: [] + fixed_versions: + - v9.5 + - v10.0.1 + - v10.0.2 + - v10.0.3 + - v10.0.4 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] + vendor_links: + - https://community.exchange.se.com/t5/APC-UPS-Data-Center-Backup/Log4-versions-used-in-Powerchute-vulnerable/m-p/379866/highlight/true#M47345 + notes: Mitigation instructions to remove the affected class. + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: APC by Schneider Electric + product: Powerchute Network Shutdown + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '4.2' + - '4.3' + - '4.4' + - 4.4.1 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2505,13 +2542,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://apereo.github.io/2021/12/11/log4j-vuln/ - notes: '' + - https://community.exchange.se.com/t5/APC-UPS-Data-Center-Backup/Log4-versions-used-in-Powerchute-vulnerable/m-p/379866/highlight/true#M47345 + notes: Mitigation instructions to remove the affected class. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' + last_updated: '2021-12-15T00:00:00' - vendor: Apereo - product: Opencast + product: CAS cves: cve-2021-4104: investigated: false @@ -2521,8 +2558,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - < 9.10 - - < 10.6 + - 6.3.x & 6.4.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -2536,13 +2572,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://github.com/opencast/opencast/security/advisories/GHSA-mf4f-j588-5xm8 + - https://apereo.github.io/2021/12/11/log4j-vuln/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Application Performance Ltd - product: DBMarlin + - vendor: Apereo + product: Opencast cves: cve-2021-4104: investigated: false @@ -2550,9 +2586,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: - - Not Affected + - < 9.10 + - < 10.6 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -2565,11 +2602,12 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://github.com/opencast/opencast/security/advisories/GHSA-mf4f-j588-5xm8 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Apigee product: '' cves: @@ -2755,7 +2793,8 @@ software: unaffected_versions: [] cve-2021-44228: investigated: false - affected_versions: [] + affected_versions: + - Not Affected fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -2768,14 +2807,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://docs.dbmarlin.com/docs/faqs/frequently-asked-questions/?_ga=2.72968147.1563671049.1639624574-1296952804.1639624574#apache-log4j-vulnerability-cve-2021-4428 + vendor_links: [] notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - - vendor: APPSHEET - product: '' + - vendor: Application Performance Ltd + product: DBMarlin cves: cve-2021-4104: investigated: false @@ -2798,13 +2836,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.appsheet.com/t/appsheet-statement-on-log4j-vulnerability-cve-2021-44228/59976 + - https://docs.dbmarlin.com/docs/faqs/frequently-asked-questions/?_ga=2.72968147.1563671049.1639624574-1296952804.1639624574#apache-log4j-vulnerability-cve-2021-4428 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Aptible - product: Aptible + last_updated: '2021-12-15T00:00:00' + - vendor: APPSHEET + product: '' cves: cve-2021-4104: investigated: false @@ -2812,9 +2850,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - ElasticSearch 5.x + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -2828,13 +2865,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://status.aptible.com/incidents/gk1rh440h36s?u=zfbcrbt2lkv4 + - https://community.appsheet.com/t/appsheet-statement-on-log4j-vulnerability-cve-2021-44228/59976 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: APC by Schneider Electric - product: Powerchute Business Edition + - vendor: Aptible + product: Aptible cves: cve-2021-4104: investigated: false @@ -2843,47 +2880,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: - - v9.5 - - v10.0.1 - - v10.0.2 - - v10.0.3 - - v10.0.4 - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.exchange.se.com/t5/APC-UPS-Data-Center-Backup/Log4-versions-used-in-Powerchute-vulnerable/m-p/379866/highlight/true#M47345 - notes: Mitigation instructions to remove the affected class. - references: - - '' - last_updated: '2021-12-15T00:00:00' - - vendor: APC by Schneider Electric - product: Powerchute Network Shutdown - cves: - cve-2021-4104: - investigated: false - affected_versions: [] + affected_versions: + - ElasticSearch 5.x fixed_versions: [] unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - '4.2' - - '4.3' - - '4.4' - - 4.4.1 - unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2895,11 +2895,11 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.exchange.se.com/t5/APC-UPS-Data-Center-Backup/Log4-versions-used-in-Powerchute-vulnerable/m-p/379866/highlight/true#M47345 - notes: Mitigation instructions to remove the affected class. + - https://status.aptible.com/incidents/gk1rh440h36s?u=zfbcrbt2lkv4 + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Aqua Security product: '' cves: @@ -3718,7 +3718,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -3731,7 +3731,9 @@ software: unaffected_versions: [] vendor_links: - https://www.atvise.com/en/articles/at-log4j-sicherheitsluecke-atvise-produkte-und-terminals-nicht-betroffen - notes: The security vulnerability does NOT affect our applications and products or pose any threat. This applies to all Bachmann applications and products, including atvise solutions. + notes: The security vulnerability does NOT affect our applications and products + or pose any threat. This applies to all Bachmann applications and products, + including atvise solutions. references: - '' last_updated: '2022-01-17T00:00:00' @@ -4081,6 +4083,38 @@ software: references: - '' last_updated: '2021-12-14T00:00:00' + - vendor: Avaya + product: Avaya Aura® Device Services + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 8.0.1 + - 8.0.2 + - 8.1.3 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' - vendor: Avaya product: Avaya Aura® Media Server cves: @@ -4816,38 +4850,6 @@ software: references: - '' last_updated: '2021-12-14T00:00:00' - - vendor: Avaya - product: Avaya Aura® Device Services - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: - - 8.0.1 - - 8.0.2 - - 8.1.3 - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 - notes: '' - references: - - '' - last_updated: '2021-12-14T00:00:00' - vendor: AVEPOINT product: '' cves: diff --git a/data/cisagov_B.yml b/data/cisagov_B.yml index 5a00349..96dd688 100644 --- a/data/cisagov_B.yml +++ b/data/cisagov_B.yml @@ -33,7 +33,7 @@ software: references: - '' last_updated: '2021-12-16T00:00:00' - - vendor: Baxter + - vendor: BackBox product: '' cves: cve-2021-4104: @@ -57,12 +57,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.baxter.com/sites/g/files/ebysai746/files/2021-12/Apache_Log4j_Vulnerability.pdf + - https://updates.backbox.com/V6.5/Docs/CVE-2021-44228.pdf notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BackBox + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Balbix product: '' cves: cve-2021-4104: @@ -86,12 +86,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://updates.backbox.com/V6.5/Docs/CVE-2021-44228.pdf + - https://www.balbix.com/blog/broad-exposure-to-log4shell-cve-2021-44228-highlights-how-the-attack-surface-has-exploded/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Balbix + - vendor: Baramundi Products product: '' cves: cve-2021-4104: @@ -115,12 +115,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.balbix.com/blog/broad-exposure-to-log4shell-cve-2021-44228-highlights-how-the-attack-surface-has-exploded/ + - https://forum.baramundi.com/index.php?threads/baramundi-produkte-von-log4shell-schwachstelle-in-log4j-nicht-betroffen.12539/#post-62875 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Baramundi Products + - vendor: Barco product: '' cves: cve-2021-4104: @@ -144,12 +144,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forum.baramundi.com/index.php?threads/baramundi-produkte-von-log4shell-schwachstelle-in-log4j-nicht-betroffen.12539/#post-62875 + - https://www.barco.com/en/support/knowledge-base/kb12495 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Barco + - vendor: Barracuda product: '' cves: cve-2021-4104: @@ -173,12 +173,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.barco.com/en/support/knowledge-base/kb12495 + - https://www.barracuda.com/company/legal/trust-center notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Barracuda + - vendor: Baxter product: '' cves: cve-2021-4104: @@ -202,13 +202,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.barracuda.com/company/legal/trust-center + - https://www.baxter.com/sites/g/files/ebysai746/files/2021-12/Apache_Log4j_Vulnerability.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' + last_updated: '2021-12-20T00:00:00' - vendor: BBraun - product: Outlook® Safety Infusion System Pump family + product: APEX® Compounder cves: cve-2021-4104: investigated: false @@ -237,8 +237,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: BBraun - product: Space® Infusion Pump family (Infusomat® Space® Infusion Pump, Perfusor® - Space® Infusion + product: DoseTrac® Server, DoseLink™ Server, and Space® Online Suite Server software cves: cve-2021-4104: investigated: false @@ -267,7 +266,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: BBraun - product: Pump, SpaceStation, and Space® Wireless Battery) + product: Outlook® Safety Infusion System Pump family cves: cve-2021-4104: investigated: false @@ -296,7 +295,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: BBraun - product: DoseTrac® Server, DoseLink™ Server, and Space® Online Suite Server software + product: Pinnacle® Compounder cves: cve-2021-4104: investigated: false @@ -325,7 +324,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: BBraun - product: Pinnacle® Compounder + product: Pump, SpaceStation, and Space® Wireless Battery) cves: cve-2021-4104: investigated: false @@ -354,7 +353,8 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: BBraun - product: APEX® Compounder + product: Space® Infusion Pump family (Infusomat® Space® Infusion Pump, Perfusor® + Space® Infusion cves: cve-2021-4104: investigated: false @@ -615,7 +615,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: BD - product: BD Knowledge Portal for Infusion Technologies + product: BD Knowledge Portal for BD Pyxis™ Supply cves: cve-2021-4104: investigated: false @@ -644,7 +644,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: BD - product: BD Knowledge Portal for Medication Technologies + product: BD Knowledge Portal for Infusion Technologies cves: cve-2021-4104: investigated: false @@ -673,7 +673,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: BD - product: BD Knowledge Portal for BD Pyxis™ Supply + product: BD Knowledge Portal for Medication Technologies cves: cve-2021-4104: investigated: false @@ -1049,7 +1049,7 @@ software: references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: BioMerieux + - vendor: Bender product: '' cves: cve-2021-4104: @@ -1073,12 +1073,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.biomerieux.com/en/cybersecurity-data-privacy + - https://www.bender.de/en/cert notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Bender + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Best Practical Request Tracker (RT) and Request Tracker for Incident Response + (RTIR) product: '' cves: cve-2021-4104: @@ -1102,14 +1103,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.bender.de/en/cert + - https://bestpractical.com/blog/2021/12/request-tracker-rt-and-request-tracker-for-incident-response-rtir-do-not-use-log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Best Practical Request Tracker (RT) and Request Tracker for Incident Response - (RTIR) - product: '' + - vendor: BeyondTrust + product: Privilege Management Cloud cves: cve-2021-4104: investigated: false @@ -1117,9 +1117,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - Unknown unaffected_versions: [] cve-2021-45046: investigated: false @@ -1132,13 +1133,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://bestpractical.com/blog/2021/12/request-tracker-rt-and-request-tracker-for-incident-response-rtir-do-not-use-log4j + - https://www.beyondtrust.com/blog/entry/security-advisory-apache-log4j2-cve-2021-44228-log4shell notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' + last_updated: '2021-12-17T00:00:00' - vendor: BeyondTrust - product: Privilege Management Cloud + product: Privilege Management Reporting in BeyondInsight cves: cve-2021-4104: investigated: false @@ -1149,7 +1150,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - Unknown + - '21.2' unaffected_versions: [] cve-2021-45046: investigated: false @@ -1168,7 +1169,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: BeyondTrust - product: Privilege Management Reporting in BeyondInsight + product: Secure Remote Access appliances cves: cve-2021-4104: investigated: false @@ -1178,9 +1179,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - '21.2' - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - Unknown cve-2021-45046: investigated: false affected_versions: [] @@ -1197,8 +1198,8 @@ software: references: - '' last_updated: '2021-12-17T00:00:00' - - vendor: BeyondTrust - product: Secure Remote Access appliances + - vendor: BeyondTrust Bomgar + product: '' cves: cve-2021-4104: investigated: false @@ -1206,11 +1207,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - Unknown + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1222,12 +1222,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.beyondtrust.com/blog/entry/security-advisory-apache-log4j2-cve-2021-44228-log4shell + - https://beyondtrustcorp.service-now.com/kb_view.do?sysparm_article=KB0016542 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: BeyondTrust Bomgar + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BioMerieux product: '' cves: cve-2021-4104: @@ -1251,11 +1251,11 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://beyondtrustcorp.service-now.com/kb_view.do?sysparm_article=KB0016542 + - https://www.biomerieux.com/en/cybersecurity-data-privacy notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' + last_updated: '2021-12-22T00:00:00' - vendor: BisectHosting product: '' cves: @@ -2590,7 +2590,7 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Boston Scientific + - vendor: Bosch product: '' cves: cve-2021-4104: @@ -2614,12 +2614,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.bostonscientific.com/content/dam/bostonscientific/corporate/product-security/bsc_statement_on_apache_log4j-v1.pdf + - https://bosch-iot-suite.com/news/apache-log4j-rce-vulnerability/ notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Bosch + last_updated: '2021-12-22T00:00:00' + - vendor: Boston Scientific product: '' cves: cve-2021-4104: @@ -2643,11 +2643,11 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://bosch-iot-suite.com/news/apache-log4j-rce-vulnerability/ + - https://www.bostonscientific.com/content/dam/bostonscientific/corporate/product-security/bsc_statement_on_apache_log4j-v1.pdf notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' + last_updated: '2021-12-20T00:00:00' - vendor: Box product: '' cves: diff --git a/data/cisagov_C.yml b/data/cisagov_C.yml index 648dacb..60b11b6 100644 --- a/data/cisagov_C.yml +++ b/data/cisagov_C.yml @@ -121,7 +121,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Canon - product: CT Medical Imaging Products + product: Alphenix (Angio Workstation) cves: cve-2021-4104: investigated: false @@ -150,7 +150,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Canon - product: MR Medical Imaging Products + product: CT Medical Imaging Products cves: cve-2021-4104: investigated: false @@ -179,7 +179,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Canon - product: UL Medical Imaging Products + product: Infinix-i (Angio Workstation) cves: cve-2021-4104: investigated: false @@ -208,7 +208,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Canon - product: XR Medical Imaging Products + product: MR Medical Imaging Products cves: cve-2021-4104: investigated: false @@ -266,7 +266,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Canon - product: Vitrea Advanced 7.x + product: UL Medical Imaging Products cves: cve-2021-4104: investigated: false @@ -295,7 +295,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Canon - product: Infinix-i (Angio Workstation) + product: Vitrea Advanced 7.x cves: cve-2021-4104: investigated: false @@ -324,7 +324,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Canon - product: Alphenix (Angio Workstation) + product: XR Medical Imaging Products cves: cve-2021-4104: investigated: false @@ -997,65 +997,7 @@ software: - '' last_updated: '2022-01-12T07:18:51+00:00' - vendor: Cisco - product: Cisco Common Services Platform Collector - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco Network Services Orchestrator (NSO) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco System Architecture Evolution Gateway (SAEGW) + product: Cisco ACI Multi-Site Orchestrator cves: cve-2021-4104: investigated: false @@ -1084,7 +1026,7 @@ software: - '' last_updated: '2022-01-12T07:18:51+00:00' - vendor: Cisco - product: Cisco ACI Multi-Site Orchestrator + product: Cisco ACI Virtual Edge cves: cve-2021-4104: investigated: false @@ -1113,7 +1055,7 @@ software: - '' last_updated: '2022-01-12T07:18:51+00:00' - vendor: Cisco - product: Cisco ACI Virtual Edge + product: Cisco Adaptive Security Appliance (ASA) Software cves: cve-2021-4104: investigated: false @@ -1142,7 +1084,7 @@ software: - '' last_updated: '2022-01-12T07:18:51+00:00' - vendor: Cisco - product: Cisco Adaptive Security Appliance (ASA) Software + product: Cisco Advanced Web Security Reporting Application cves: cve-2021-4104: investigated: false @@ -1171,7 +1113,7 @@ software: - '' last_updated: '2022-01-12T07:18:51+00:00' - vendor: Cisco - product: Cisco Advanced Web Security Reporting Application + product: Cisco AMP Virtual Private Cloud Appliance cves: cve-2021-4104: investigated: false @@ -1200,7 +1142,7 @@ software: - '' last_updated: '2022-01-12T07:18:51+00:00' - vendor: Cisco - product: Cisco AMP Virtual Private Cloud Appliance + product: Cisco AnyConnect Secure Mobility Client cves: cve-2021-4104: investigated: false @@ -1229,7 +1171,7 @@ software: - '' last_updated: '2022-01-12T07:18:51+00:00' - vendor: Cisco - product: Cisco AnyConnect Secure Mobility Client + product: Cisco Application Policy Infrastructure Controller (APIC) cves: cve-2021-4104: investigated: false @@ -1258,7 +1200,7 @@ software: - '' last_updated: '2022-01-12T07:18:51+00:00' - vendor: Cisco - product: Cisco Application Policy Infrastructure Controller (APIC) + product: Cisco ASR 5000 Series Routers cves: cve-2021-4104: investigated: false @@ -1287,7 +1229,7 @@ software: - '' last_updated: '2022-01-12T07:18:51+00:00' - vendor: Cisco - product: Cisco ASR 5000 Series Routers + product: Cisco Broadcloud Calling cves: cve-2021-4104: investigated: false @@ -1316,7 +1258,7 @@ software: - '' last_updated: '2022-01-12T07:18:51+00:00' - vendor: Cisco - product: Cisco Broadcloud Calling + product: Cisco BroadWorks cves: cve-2021-4104: investigated: false @@ -1345,7 +1287,7 @@ software: - '' last_updated: '2022-01-12T07:18:51+00:00' - vendor: Cisco - product: Cisco BroadWorks + product: Cisco Catalyst 9800 Series Wireless Controllers cves: cve-2021-4104: investigated: false @@ -1374,7 +1316,7 @@ software: - '' last_updated: '2022-01-12T07:18:51+00:00' - vendor: Cisco - product: Cisco Catalyst 9800 Series Wireless Controllers + product: Cisco CloudCenter Suite Admin cves: cve-2021-4104: investigated: false @@ -1403,7 +1345,7 @@ software: - '' last_updated: '2022-01-12T07:18:51+00:00' - vendor: Cisco - product: Cisco CloudCenter Suite Admin + product: Cisco CloudCenter Workload Manager cves: cve-2021-4104: investigated: false @@ -1432,7 +1374,7 @@ software: - '' last_updated: '2022-01-12T07:18:51+00:00' - vendor: Cisco - product: Cisco CloudCenter Workload Manager + product: Cisco Cognitive Intelligence cves: cve-2021-4104: investigated: false @@ -1461,7 +1403,7 @@ software: - '' last_updated: '2022-01-12T07:18:51+00:00' - vendor: Cisco - product: Cisco Cognitive Intelligence + product: Cisco Common Services Platform Collector cves: cve-2021-4104: investigated: false @@ -1866,34 +1808,6 @@ software: references: - '' last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: DUO network gateway (on-prem/self-hosted) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: [] - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:51+00:00' - vendor: Cisco product: Cisco Elastic Services Controller (ESC) cves: @@ -2736,6 +2650,35 @@ software: references: - '' last_updated: '2022-01-12T07:18:51+00:00' + - vendor: Cisco + product: Cisco Network Services Orchestrator (NSO) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:51+00:00' - vendor: Cisco product: Cisco Nexus 5500 Platform Switches cves: @@ -3028,7 +2971,7 @@ software: - '' last_updated: '2022-01-12T07:18:51+00:00' - vendor: Cisco - product: Cisco Paging Server (InformaCast) + product: Cisco Paging Server cves: cve-2021-4104: investigated: false @@ -3057,7 +3000,7 @@ software: - '' last_updated: '2022-01-12T07:18:51+00:00' - vendor: Cisco - product: Cisco Paging Server + product: Cisco Paging Server (InformaCast) cves: cve-2021-4104: investigated: false @@ -3665,6 +3608,35 @@ software: references: - '' last_updated: '2022-01-12T07:18:51+00:00' + - vendor: Cisco + product: Cisco System Architecture Evolution Gateway (SAEGW) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:51+00:00' - vendor: Cisco product: Cisco TelePresence Management Suite cves: @@ -3956,7 +3928,7 @@ software: - '' last_updated: '2022-01-12T07:18:51+00:00' - vendor: Cisco - product: Cisco Unified Contact Center Enterprise - Live Data server + product: Cisco Unified Contact Center Enterprise cves: cve-2021-4104: investigated: false @@ -3985,7 +3957,7 @@ software: - '' last_updated: '2022-01-12T07:18:51+00:00' - vendor: Cisco - product: Cisco Unified Contact Center Enterprise + product: Cisco Unified Contact Center Enterprise - Live Data server cves: cve-2021-4104: investigated: false @@ -4419,6 +4391,34 @@ software: references: - '' last_updated: '2022-01-12T07:18:51+00:00' + - vendor: Cisco + product: DUO network gateway (on-prem/self-hosted) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: [] + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:51+00:00' - vendor: Cisco product: duo network gateway (on-prem/self-hosted) cves: @@ -4811,7 +4811,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Citrix - product: ShareFile Storage Zones Controller + product: Citrix Virtual Apps and Desktops (XenApp & XenDesktop) cves: cve-2021-4104: investigated: false @@ -4835,16 +4835,19 @@ software: unaffected_versions: [] vendor_links: - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + notes: 'IMPACTED: Linux VDA (non-LTSR versions only)- CVE-2021-44228 and CVE-2021-45046: + Customers are advised to apply the latest update as soon as possible to reduce + the risk of exploitation. [Linux Virtual Delivery Agent 2112](https://www.citrix.com/downloads/citrix-virtual-apps-and-desktops/components/linux-vda-2112.html). + See the [Citrix Statement](https://support.citrix.com/article/CTX335705) for + additional mitigations. For CVE-2021-45105: Investigation has shown that Linux + VDA is not impacted. Nonetheless, the Linux VDA 2112 has been updated (21.12.0.30, + released December 20th) to contain Apache log4j version 2.17.0. NOT IMPACTED: + Linux VDA LTSR all versions; All other CVAD components.' references: - '' last_updated: '2021-12-21T00:00:00' - vendor: Citrix - product: Citrix Virtual Apps and Desktops (XenApp & XenDesktop) + product: Citrix Workspace App cves: cve-2021-4104: investigated: false @@ -4852,10 +4855,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45046: investigated: false affected_versions: [] @@ -4868,19 +4872,16 @@ software: unaffected_versions: [] vendor_links: - https://support.citrix.com/article/CTX335705 - notes: 'IMPACTED: Linux VDA (non-LTSR versions only)- CVE-2021-44228 and CVE-2021-45046: - Customers are advised to apply the latest update as soon as possible to reduce - the risk of exploitation. [Linux Virtual Delivery Agent 2112](https://www.citrix.com/downloads/citrix-virtual-apps-and-desktops/components/linux-vda-2112.html). - See the [Citrix Statement](https://support.citrix.com/article/CTX335705) for - additional mitigations. For CVE-2021-45105: Investigation has shown that Linux - VDA is not impacted. Nonetheless, the Linux VDA 2112 has been updated (21.12.0.30, - released December 20th) to contain Apache log4j version 2.17.0. NOT IMPACTED: - Linux VDA LTSR all versions; All other CVAD components.' + notes: Citrix continues to investigate any potential impact on Citrix-managed + cloud services. If, as the investigation continues, any Citrix-managed services + are found to be affected by this issue, Citrix will take immediate action to + remediate the problem. Customers using Citrix-managed cloud services do not + need to take any action. references: - '' last_updated: '2021-12-21T00:00:00' - vendor: Citrix - product: Citrix Workspace App + product: ShareFile Storage Zones Controller cves: cve-2021-4104: investigated: false @@ -4888,11 +4889,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All Platforms + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -6163,7 +6163,7 @@ software: - '' last_updated: '2022-01-12T07:18:51+00:00' - vendor: Cloudera - product: Workload XM (SaaS) + product: Workload XM cves: cve-2021-4104: investigated: false @@ -6171,8 +6171,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - All versions fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -6192,7 +6193,7 @@ software: - '' last_updated: '2022-01-12T07:18:51+00:00' - vendor: Cloudera - product: Workload XM + product: Workload XM (SaaS) cves: cve-2021-4104: investigated: false @@ -6200,9 +6201,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - All versions + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -6663,7 +6663,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Confluent - product: Confluent Platform + product: Confluent ElasticSearch Sink Connector cves: cve-2021-4104: investigated: false @@ -6673,7 +6673,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - <7.0.1 + - <11.1.7 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -6723,7 +6723,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Confluent - product: Confluent Kafka Connectors + product: Confluent Google DataProc Sink Connector cves: cve-2021-4104: investigated: false @@ -6732,10 +6732,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - <1.1.5 fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -6753,7 +6753,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Confluent - product: Confluent ElasticSearch Sink Connector + product: Confluent HDFS 2 Sink Connector cves: cve-2021-4104: investigated: false @@ -6763,7 +6763,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - <11.1.7 + - <10.1.3 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -6783,7 +6783,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Confluent - product: Confluent Google DataProc Sink Connector + product: Confluent HDFS 3 Sink Connector cves: cve-2021-4104: investigated: false @@ -6793,7 +6793,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - <1.1.5 + - <1.1.8 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -6813,7 +6813,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Confluent - product: Confluent Splunk Sink Connector + product: Confluent Kafka Connectors cves: cve-2021-4104: investigated: false @@ -6822,10 +6822,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - <2.05 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -6843,7 +6843,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Confluent - product: Confluent HDFS 2 Sink Connector + product: Confluent Platform cves: cve-2021-4104: investigated: false @@ -6853,7 +6853,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - <10.1.3 + - <7.0.1 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -6873,7 +6873,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Confluent - product: Confluent HDFS 3 Sink Connector + product: Confluent Splunk Sink Connector cves: cve-2021-4104: investigated: false @@ -6883,7 +6883,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - <1.1.8 + - <2.05 fixed_versions: [] unaffected_versions: [] cve-2021-45046: diff --git a/data/cisagov_D.yml b/data/cisagov_D.yml index 1fefa45..1a63d55 100644 --- a/data/cisagov_D.yml +++ b/data/cisagov_D.yml @@ -34,7 +34,7 @@ software: - '' last_updated: '2022-01-06T00:00:00' - vendor: Daktronics - product: Data Vision Software (DVS) + product: Dakronics Media Player cves: cve-2021-4104: investigated: false @@ -42,10 +42,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - DMP (any series) cve-2021-45046: investigated: false affected_versions: [] @@ -58,8 +59,7 @@ software: unaffected_versions: [] vendor_links: - https://www.daktronics.com/en-us/support/kb/000025337 - notes: DVS has one microservice that uses Log4j, but it uses a version that is - not impacted. + notes: '' references: - '' last_updated: '2022-01-06T00:00:00' @@ -95,7 +95,7 @@ software: - '' last_updated: '2022-01-06T00:00:00' - vendor: Daktronics - product: Dakronics Media Player + product: Data Vision Software (DVS) cves: cve-2021-4104: investigated: false @@ -103,11 +103,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - DMP (any series) + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -120,7 +119,8 @@ software: unaffected_versions: [] vendor_links: - https://www.daktronics.com/en-us/support/kb/000025337 - notes: '' + notes: DVS has one microservice that uses Log4j, but it uses a version that is + not impacted. references: - '' last_updated: '2022-01-06T00:00:00' @@ -882,7 +882,7 @@ software: - '' last_updated: '2022-01-12T07:18:51+00:00' - vendor: Dell - product: Alienware Command Center + product: '"Dell EMC PowerMax VMAX VMAX3 and VMAX AFA"' cves: cve-2021-4104: investigated: false @@ -912,7 +912,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Alienware OC Controls + product: '"Dell EMC PowerSwitch Z9264F-ON BMC Dell EMC PowerSwitch Z9432F-ON BMC"' cves: cve-2021-4104: investigated: false @@ -942,7 +942,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Alienware On Screen Display + product: Alienware Command Center cves: cve-2021-4104: investigated: false @@ -972,7 +972,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Alienware Update + product: Alienware OC Controls cves: cve-2021-4104: investigated: false @@ -1002,7 +1002,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Atmos + product: Alienware On Screen Display cves: cve-2021-4104: investigated: false @@ -1032,7 +1032,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Azure Stack HCI + product: Alienware Update cves: cve-2021-4104: investigated: false @@ -1062,7 +1062,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: CalMAN Powered Calibration Firmware + product: APEX Console cves: cve-2021-4104: investigated: false @@ -1072,9 +1072,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: + fixed_versions: - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1087,12 +1087,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Cloud environment patched references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: CalMAN Ready for Dell + product: APEX Data Storage Services cves: cve-2021-4104: investigated: false @@ -1100,11 +1100,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1117,12 +1116,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Cloud environment patch in progress references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Centera + product: Atmos cves: cve-2021-4104: investigated: false @@ -1152,7 +1151,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Chameleon Linux Based Diagnostics + product: Azure Stack HCI cves: cve-2021-4104: investigated: false @@ -1182,7 +1181,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Chassis Management Controller (CMC) + product: CalMAN Powered Calibration Firmware cves: cve-2021-4104: investigated: false @@ -1212,7 +1211,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: China HDD Deluxe + product: CalMAN Ready for Dell cves: cve-2021-4104: investigated: false @@ -1242,7 +1241,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Cloud Mobility for Dell EMC Storage + product: Centera cves: cve-2021-4104: investigated: false @@ -1272,7 +1271,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Cloud Tiering Appliance + product: Chameleon Linux Based Diagnostics cves: cve-2021-4104: investigated: false @@ -1302,7 +1301,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Connectrix (Cisco MDS 9000 switches) + product: Chassis Management Controller (CMC) cves: cve-2021-4104: investigated: false @@ -1332,7 +1331,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Connextrix B Series + product: China HDD Deluxe cves: cve-2021-4104: investigated: false @@ -1362,7 +1361,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: CyberSecIQ Application + product: Cloud IQ cves: cve-2021-4104: investigated: false @@ -1370,11 +1369,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1387,12 +1385,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Cloud environment patched references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: CyberSense for PowerProtect Cyber Recovery + product: Cloud Mobility for Dell EMC Storage cves: cve-2021-4104: investigated: false @@ -1422,7 +1420,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell BSAFE Crypto-C Micro Edition + product: Cloud Tiering Appliance cves: cve-2021-4104: investigated: false @@ -1452,7 +1450,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell BSAFE Crypto-J + product: Connectrix (Cisco MDS 9000 switches) cves: cve-2021-4104: investigated: false @@ -1482,7 +1480,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell BSAFE Micro Edition Suite + product: Connectrix (Cisco MDS DCNM) cves: cve-2021-4104: investigated: false @@ -1490,11 +1488,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1507,12 +1504,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch expected by 12/23/21 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Calibration Assistant + product: Connectrix B-Series SANnav cves: cve-2021-4104: investigated: false @@ -1521,10 +1518,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 2.1.1 fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1537,12 +1534,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch expected by 3/31/2022 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Cinema Color + product: Connextrix B Series cves: cve-2021-4104: investigated: false @@ -1572,7 +1569,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Cloud Command Repository Manager + product: CyberSecIQ Application cves: cve-2021-4104: investigated: false @@ -1602,7 +1599,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Cloud Management Agent + product: CyberSense for PowerProtect Cyber Recovery cves: cve-2021-4104: investigated: false @@ -1632,7 +1629,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Color Management + product: Data Domain OS cves: cve-2021-4104: investigated: false @@ -1641,10 +1638,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - Versions between 7.3.0.5 and 7.7.0.6;Versions before 7.6.0.30 fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1657,12 +1654,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021-274 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Command Configure + product: Dell BSAFE Crypto-C Micro Edition cves: cve-2021-4104: investigated: false @@ -1692,7 +1689,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Command Integration Suite for System Center + product: Dell BSAFE Crypto-J cves: cve-2021-4104: investigated: false @@ -1722,7 +1719,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Command Intel vPro Out of Band + product: Dell BSAFE Micro Edition Suite cves: cve-2021-4104: investigated: false @@ -1752,7 +1749,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Command Monitor + product: Dell Calibration Assistant cves: cve-2021-4104: investigated: false @@ -1782,7 +1779,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Command Power Manager + product: Dell Cinema Color cves: cve-2021-4104: investigated: false @@ -1812,7 +1809,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Command PowerShell Provider + product: Dell Cloud Command Repository Manager cves: cve-2021-4104: investigated: false @@ -1842,7 +1839,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Command Update + product: Dell Cloud Management Agent cves: cve-2021-4104: investigated: false @@ -1872,7 +1869,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Customer Connect + product: Dell Color Management cves: cve-2021-4104: investigated: false @@ -1902,7 +1899,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Data Guardian* + product: Dell Command Configure cves: cve-2021-4104: investigated: false @@ -1932,7 +1929,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Data Protection* + product: Dell Command Integration Suite for System Center cves: cve-2021-4104: investigated: false @@ -1962,7 +1959,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Data Recovery Environment + product: Dell Command Intel vPro Out of Band cves: cve-2021-4104: investigated: false @@ -1992,7 +1989,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Data Vault + product: Dell Command Monitor cves: cve-2021-4104: investigated: false @@ -2022,7 +2019,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Data Vault for Chrome OS + product: Dell Command Power Manager cves: cve-2021-4104: investigated: false @@ -2052,7 +2049,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Deployment Agent + product: Dell Command PowerShell Provider cves: cve-2021-4104: investigated: false @@ -2082,7 +2079,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Digital Delivery + product: Dell Command Update cves: cve-2021-4104: investigated: false @@ -2112,7 +2109,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Direct USB Key + product: Dell Customer Connect cves: cve-2021-4104: investigated: false @@ -2142,7 +2139,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Display Manager 1.5 for Windows / macOS + product: Dell Data Guardian* cves: cve-2021-4104: investigated: false @@ -2172,7 +2169,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Display Manager 2.0 for Windows / macOS + product: Dell Data Protection* cves: cve-2021-4104: investigated: false @@ -2202,7 +2199,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC AppSync + product: Dell Data Recovery Environment cves: cve-2021-4104: investigated: false @@ -2232,7 +2229,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Cloudboost + product: Dell Data Vault cves: cve-2021-4104: investigated: false @@ -2262,7 +2259,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC CloudLink + product: Dell Data Vault for Chrome OS cves: cve-2021-4104: investigated: false @@ -2292,7 +2289,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Container Storage Modules + product: Dell Deployment Agent cves: cve-2021-4104: investigated: false @@ -2322,7 +2319,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Data Computing Appliance (DCA) + product: Dell Digital Delivery cves: cve-2021-4104: investigated: false @@ -2352,7 +2349,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Data Protection Advisor + product: Dell Direct USB Key cves: cve-2021-4104: investigated: false @@ -2382,7 +2379,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC DataIQ + product: Dell Display Manager 1.5 for Windows / macOS cves: cve-2021-4104: investigated: false @@ -2412,7 +2409,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Disk Library for Mainframe + product: Dell Display Manager 2.0 for Windows / macOS cves: cve-2021-4104: investigated: false @@ -2442,7 +2439,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC GeoDrive + product: Dell EMC AppSync cves: cve-2021-4104: investigated: false @@ -2472,7 +2469,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Isilon InsightIQ + product: Dell EMC Avamar cves: cve-2021-4104: investigated: false @@ -2481,10 +2478,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - '"18.2 19.1 19.2 19.3 19.4"' fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2497,12 +2494,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch expected by 12/20/21 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC License Manager + product: Dell EMC BSN Controller Node cves: cve-2021-4104: investigated: false @@ -2510,11 +2507,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2527,12 +2523,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021-305 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Networking Onie + product: Dell EMC Cloud Disaster Recovery cves: cve-2021-4104: investigated: false @@ -2541,10 +2537,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: + affected_versions: - N/A + fixed_versions: [] + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2557,12 +2553,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch pending references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC OpenManage Ansible Modules + product: Dell EMC Cloudboost cves: cve-2021-4104: investigated: false @@ -2592,7 +2588,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC OpenManage integration for Splunk + product: Dell EMC CloudLink cves: cve-2021-4104: investigated: false @@ -2622,7 +2618,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC OpenManage Integration for VMware vCenter + product: Dell EMC Container Storage Modules cves: cve-2021-4104: investigated: false @@ -2652,7 +2648,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC OpenManage Management pack for vRealize Operations + product: Dell EMC Data Computing Appliance (DCA) cves: cve-2021-4104: investigated: false @@ -2682,8 +2678,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC OpenManage Operations Connector for Micro Focus Operations Bridge - Manager + product: Dell EMC Data Protection Advisor cves: cve-2021-4104: investigated: false @@ -2713,7 +2708,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: '"Dell EMC PowerMax VMAX VMAX3 and VMAX AFA"' + product: Dell EMC Data Protection Central cves: cve-2021-4104: investigated: false @@ -2721,11 +2716,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2738,12 +2732,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021- 269 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerPath + product: Dell EMC Data Protection Search cves: cve-2021-4104: investigated: false @@ -2752,10 +2746,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - Versions before 19.5.0.7 fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2768,12 +2762,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021-279 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerPath Management Appliance + product: Dell EMC DataIQ cves: cve-2021-4104: investigated: false @@ -2803,7 +2797,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerProtect Cyber Recovery + product: Dell EMC Disk Library for Mainframe cves: cve-2021-4104: investigated: false @@ -2833,7 +2827,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerScale OneFS + product: Dell EMC ECS cves: cve-2021-4104: investigated: false @@ -2841,11 +2835,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2858,12 +2851,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch expected by 12/18/21 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerShell for PowerMax + product: Dell EMC Enterprise Storage Analytics for vRealize Operations cves: cve-2021-4104: investigated: false @@ -2872,10 +2865,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - '"<6.0.0 6.1.0 6.2.x"' fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2888,12 +2881,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021-278 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerShell for Powerstore + product: Dell EMC GeoDrive cves: cve-2021-4104: investigated: false @@ -2923,7 +2916,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerShell for Unity + product: Dell EMC Integrated System for Azure Stack HCI cves: cve-2021-4104: investigated: false @@ -2932,10 +2925,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: + affected_versions: - N/A + fixed_versions: [] + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2948,12 +2941,16 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: '"Dell EMC Integrated System for Azure Stack HCI is not impacted by this + advisory. If Dell EMC SupportAssist Enterprise (SAE) or Dell EMC Secure Connect + Gateway (SCG) were optionally installed with Dell EMC Integrated System for + Azure Stack HCI monitor the following advisories. Apply workaround guidance + and remediations as they become [available:](https://www.dell.com/support/kbdoc/en-us/000194622/dsa-2021-307-dell-emc-integrated-system-for-azure-stack-hci-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: '"Dell EMC PowerSwitch Z9264F-ON BMC Dell EMC PowerSwitch Z9432F-ON BMC"' + product: Dell EMC Integrated System for Microsoft Azure Stack Hub cves: cve-2021-4104: investigated: false @@ -2962,10 +2959,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: + affected_versions: - N/A + fixed_versions: [] + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2978,12 +2975,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch pending references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerVault ME4 Series Storage Arrays + product: Dell EMC Isilon InsightIQ cves: cve-2021-4104: investigated: false @@ -3013,7 +3010,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerVault MD3 Series Storage Arrays + product: Dell EMC License Manager cves: cve-2021-4104: investigated: false @@ -3043,7 +3040,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Repository Manager (DRM) + product: Dell EMC Metro Node cves: cve-2021-4104: investigated: false @@ -3052,10 +3049,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 7.0.x fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3068,12 +3065,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021-308 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC SourceOne + product: Dell EMC NetWorker Server cves: cve-2021-4104: investigated: false @@ -3082,10 +3079,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - '"19.5.x 19.4.x 19.3.x"' fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3098,12 +3095,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch expected by 12/20/21 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Systems Update (DSU) + product: Dell EMC NetWorker Virtual Edition cves: cve-2021-4104: investigated: false @@ -3112,10 +3109,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - '"19.5.x 19.4.x 19.3.x"' fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3128,12 +3125,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch expected by 12/20/21 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Unisphere 360 + product: Dell EMC Networking Onie cves: cve-2021-4104: investigated: false @@ -3163,7 +3160,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Virtual Storage Integrator + product: Dell EMC Networking Virtual Edge Platform with VersaOS cves: cve-2021-4104: investigated: false @@ -3172,10 +3169,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - '"with Versa Concerto with Versa Analytics with Versa Concero Director"' fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3188,12 +3185,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021-304 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC VPLEX + product: Dell EMC OpenManage Ansible Modules cves: cve-2021-4104: investigated: false @@ -3223,7 +3220,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC XtremIO + product: Dell EMC OpenManage integration for Splunk cves: cve-2021-4104: investigated: false @@ -3253,7 +3250,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Encryption Enterprise* + product: Dell EMC OpenManage Integration for VMware vCenter cves: cve-2021-4104: investigated: false @@ -3283,7 +3280,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Encryption Personal* + product: Dell EMC OpenManage Management pack for vRealize Operations cves: cve-2021-4104: investigated: false @@ -3313,7 +3310,8 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Endpoint Security Suite Enterprise* + product: Dell EMC OpenManage Operations Connector for Micro Focus Operations Bridge + Manager cves: cve-2021-4104: investigated: false @@ -3343,7 +3341,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Hybrid Client + product: Dell EMC PowerFlex Appliance cves: cve-2021-4104: investigated: false @@ -3352,10 +3350,11 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - '"All versions up to Intelligent Catalog 38_356_00_r10.zip All versions + up to Intelligent Catalog 38_362_00_r7.zip"' fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3368,12 +3367,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch pending references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell ImageAssist + product: Dell EMC PowerFlex Rack cves: cve-2021-4104: investigated: false @@ -3382,10 +3381,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: + affected_versions: - N/A + fixed_versions: [] + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3398,12 +3397,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch pending references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Insights Client + product: Dell EMC PowerFlex Software (SDS) cves: cve-2021-4104: investigated: false @@ -3412,10 +3411,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - '"3.5 3.5.1 3.5.1.1 3.5.1.2 3.5.1.3 3.5.1.4 3.6 3.6.0.1 3.6.0.2"' fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3428,12 +3427,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch pending references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Linux Assistant + product: Dell EMC PowerPath cves: cve-2021-4104: investigated: false @@ -3463,7 +3462,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Mobile Connect + product: Dell EMC PowerPath Management Appliance cves: cve-2021-4104: investigated: false @@ -3493,7 +3492,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Monitor ISP (Windows/Mac/Linux) + product: Dell EMC PowerProtect Cyber Recovery cves: cve-2021-4104: investigated: false @@ -3523,7 +3522,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Monitor SDK + product: Dell EMC PowerProtect Data Manager cves: cve-2021-4104: investigated: false @@ -3532,10 +3531,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - All versions 19.9 and earlier fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3548,12 +3547,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch pending references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Networking X-Series + product: Dell EMC PowerProtect DP Series Appliance (iDPA) cves: cve-2021-4104: investigated: false @@ -3562,10 +3561,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 2.7.0 and earlier fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3578,12 +3577,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch pending references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Open Manage Mobile + product: Dell EMC PowerScale OneFS cves: cve-2021-4104: investigated: false @@ -3613,7 +3612,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Open Manage Server Administrator + product: Dell EMC PowerShell for PowerMax cves: cve-2021-4104: investigated: false @@ -3643,7 +3642,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell OpenManage Change Management + product: Dell EMC PowerShell for Powerstore cves: cve-2021-4104: investigated: false @@ -3673,7 +3672,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell OpenManage Enterprise Power Manager Plugin + product: Dell EMC PowerShell for Unity cves: cve-2021-4104: investigated: false @@ -3703,7 +3702,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Optimizer + product: Dell EMC PowerStore cves: cve-2021-4104: investigated: false @@ -3711,11 +3710,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3728,12 +3726,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch expected by 12/23/21 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell OS Recovery Tool + product: Dell EMC PowerVault MD3 Series Storage Arrays cves: cve-2021-4104: investigated: false @@ -3763,7 +3761,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Peripheral Manager 1.4 / 1.5 for Windows + product: Dell EMC PowerVault ME4 Series Storage Arrays cves: cve-2021-4104: investigated: false @@ -3793,7 +3791,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Platform Service + product: Dell EMC RecoverPoint Classic cves: cve-2021-4104: investigated: false @@ -3802,10 +3800,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - All 5.1.x and later versions fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3818,12 +3816,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch pending references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Power Manager + product: Dell EMC RecoverPoint for Virtual Machine cves: cve-2021-4104: investigated: false @@ -3832,10 +3830,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - All 5.0.x and later versions fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3848,12 +3846,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch pending references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Power Manager Lite + product: Dell EMC Repository Manager (DRM) cves: cve-2021-4104: investigated: false @@ -3883,7 +3881,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Precision Optimizer + product: Dell EMC Ruckus SmartZone 100 Controller cves: cve-2021-4104: investigated: false @@ -3891,11 +3889,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3908,12 +3905,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021-303 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Precision Optimizer for Linux + product: Dell EMC Ruckus SmartZone 300 Controller cves: cve-2021-4104: investigated: false @@ -3921,11 +3918,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3938,12 +3934,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021-303 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Premier Color + product: Dell EMC Ruckus Virtual Software cves: cve-2021-4104: investigated: false @@ -3951,11 +3947,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3968,12 +3963,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021-303 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Recovery (Linux) + product: Dell EMC SourceOne cves: cve-2021-4104: investigated: false @@ -4003,7 +3998,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Remediation Platform + product: Dell EMC SRM vApp cves: cve-2021-4104: investigated: false @@ -4012,10 +4007,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - Versions before 4.6.0.2 fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -4028,12 +4023,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch expected by 1/25/2022 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Remote Execution Engine (DRONE) + product: Dell EMC Streaming Data Platform cves: cve-2021-4104: investigated: false @@ -4041,11 +4036,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -4058,12 +4052,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch expected by 12/18/21 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Security Advisory Update - DSA-2021-088 + product: Dell EMC Systems Update (DSU) cves: cve-2021-4104: investigated: false @@ -4093,7 +4087,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Security Management Server & Dell Security Management Server Virtual* + product: Dell EMC Unisphere 360 cves: cve-2021-4104: investigated: false @@ -4123,7 +4117,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell SupportAssist SOS + product: Dell EMC Unity cves: cve-2021-4104: investigated: false @@ -4131,11 +4125,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -4148,12 +4141,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch expected by 12/29/21 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Thin OS + product: Dell EMC Virtual Storage Integrator cves: cve-2021-4104: investigated: false @@ -4183,7 +4176,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Threat Defense + product: Dell EMC VPLEX cves: cve-2021-4104: investigated: false @@ -4213,7 +4206,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell True Color + product: Dell EMC VxRail cves: cve-2021-4104: investigated: false @@ -4222,10 +4215,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - '"4.5.x 4.7.x 7.0.x"' fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -4238,12 +4231,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch pending references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Trusted Device + product: Dell EMC XtremIO cves: cve-2021-4104: investigated: false @@ -4273,7 +4266,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Update + product: Dell Encryption Enterprise* cves: cve-2021-4104: investigated: false @@ -4303,7 +4296,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dream Catcher + product: Dell Encryption Personal* cves: cve-2021-4104: investigated: false @@ -4333,7 +4326,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: DUP Creation Service + product: Dell Endpoint Security Suite Enterprise* cves: cve-2021-4104: investigated: false @@ -4363,7 +4356,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: DUP Framework (ISG) + product: Dell Hybrid Client cves: cve-2021-4104: investigated: false @@ -4393,7 +4386,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Embedded NAS + product: Dell ImageAssist cves: cve-2021-4104: investigated: false @@ -4423,7 +4416,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Embedded Service Enabler + product: Dell Insights Client cves: cve-2021-4104: investigated: false @@ -4453,7 +4446,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Equallogic PS + product: Dell Linux Assistant cves: cve-2021-4104: investigated: false @@ -4483,7 +4476,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Fluid FS + product: Dell Mobile Connect cves: cve-2021-4104: investigated: false @@ -4513,7 +4506,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: iDRAC Service Module (iSM) + product: Dell Monitor ISP (Windows/Mac/Linux) cves: cve-2021-4104: investigated: false @@ -4543,7 +4536,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Infinity MLK (firmware) + product: Dell Monitor SDK cves: cve-2021-4104: investigated: false @@ -4573,7 +4566,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Integrated Dell Remote Access Controller (iDRAC) + product: Dell Networking X-Series cves: cve-2021-4104: investigated: false @@ -4603,7 +4596,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: ISG Accelerators + product: Dell Open Manage Mobile cves: cve-2021-4104: investigated: false @@ -4633,7 +4626,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: ISG Board & Electrical + product: Dell Open Manage Server Administrator cves: cve-2021-4104: investigated: false @@ -4663,7 +4656,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: IsilonSD Management Server + product: Dell Open Management Enterprise - Modular cves: cve-2021-4104: investigated: false @@ -4672,10 +4665,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - <1.40.10 fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -4688,12 +4681,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021-268 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: IVE-WinDiag + product: Dell OpenManage Change Management cves: cve-2021-4104: investigated: false @@ -4723,7 +4716,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Mainframe Enablers + product: Dell OpenManage Enterprise Power Manager Plugin cves: cve-2021-4104: investigated: false @@ -4753,7 +4746,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: My Dell + product: Dell Optimizer cves: cve-2021-4104: investigated: false @@ -4783,7 +4776,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: MyDell Mobile + product: Dell OS Recovery Tool cves: cve-2021-4104: investigated: false @@ -4813,7 +4806,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: NetWorker Management Console + product: Dell Peripheral Manager 1.4 / 1.5 for Windows cves: cve-2021-4104: investigated: false @@ -4843,7 +4836,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Networking BIOS + product: Dell Platform Service cves: cve-2021-4104: investigated: false @@ -4873,7 +4866,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Networking DIAG + product: Dell Power Manager cves: cve-2021-4104: investigated: false @@ -4903,7 +4896,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Networking N-Series + product: Dell Power Manager Lite cves: cve-2021-4104: investigated: false @@ -4933,7 +4926,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Networking OS 10 + product: Dell Precision Optimizer cves: cve-2021-4104: investigated: false @@ -4963,7 +4956,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Networking OS9 + product: Dell Precision Optimizer for Linux cves: cve-2021-4104: investigated: false @@ -4993,7 +4986,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Networking SD-WAN Edge SD-WAN + product: Dell Premier Color cves: cve-2021-4104: investigated: false @@ -5023,7 +5016,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Networking W-Series + product: Dell Recovery (Linux) cves: cve-2021-4104: investigated: false @@ -5053,7 +5046,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Networking X-Series + product: Dell Remediation Platform cves: cve-2021-4104: investigated: false @@ -5083,7 +5076,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: OMIMSSC (OpenManage Integration for Microsoft System Center) + product: Dell Remote Execution Engine (DRONE) cves: cve-2021-4104: investigated: false @@ -5113,7 +5106,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: OMNIA + product: Dell Security Advisory Update - DSA-2021-088 cves: cve-2021-4104: investigated: false @@ -5143,7 +5136,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: OpenManage Connections - Nagios + product: Dell Security Management Server & Dell Security Management Server Virtual* cves: cve-2021-4104: investigated: false @@ -5173,7 +5166,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: OpenManage Connections - ServiceNow + product: Dell SupportAssist SOS cves: cve-2021-4104: investigated: false @@ -5203,8 +5196,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: OpenManage Integration for Microsoft System Center for System Center - Operations Manager + product: Dell Thin OS cves: cve-2021-4104: investigated: false @@ -5234,7 +5226,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: OpenManage Integration with Microsoft Windows Admin Center + product: Dell Threat Defense cves: cve-2021-4104: investigated: false @@ -5264,7 +5256,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: OpenManage Network Integration + product: Dell True Color cves: cve-2021-4104: investigated: false @@ -5294,7 +5286,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: PowerConnect N3200 + product: Dell Trusted Device cves: cve-2021-4104: investigated: false @@ -5324,7 +5316,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: PowerConnect PC2800 + product: Dell Update cves: cve-2021-4104: investigated: false @@ -5354,7 +5346,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: PowerConnect PC8100 + product: DellEMC OpenManage Enterprise Services cves: cve-2021-4104: investigated: false @@ -5362,11 +5354,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -5379,12 +5370,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch expected by 12/20/21 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: PowerEdge BIOS + product: Dream Catcher cves: cve-2021-4104: investigated: false @@ -5414,7 +5405,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: PowerEdge Operating Systems + product: DUP Creation Service cves: cve-2021-4104: investigated: false @@ -5444,7 +5435,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: PowerTools Agent + product: DUP Framework (ISG) cves: cve-2021-4104: investigated: false @@ -5474,7 +5465,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: PPDM Kubernetes cProxy + product: Embedded NAS cves: cve-2021-4104: investigated: false @@ -5504,7 +5495,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: PPDM VMware vProxy + product: Embedded Service Enabler cves: cve-2021-4104: investigated: false @@ -5534,7 +5525,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Redtail + product: Enterprise Hybrid Cloud cves: cve-2021-4104: investigated: false @@ -5542,11 +5533,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -5559,12 +5549,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: '[link](https://www.dell.com/support/kbdoc/en-us/000194490/dsa-2021-270-enterprise-hybrid-cloud-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Remotely Anywhere + product: Equallogic PS cves: cve-2021-4104: investigated: false @@ -5594,7 +5584,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Riptide (firmware) + product: Fluid FS cves: cve-2021-4104: investigated: false @@ -5624,7 +5614,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Rugged Control Center (RCC) + product: iDRAC Service Module (iSM) cves: cve-2021-4104: investigated: false @@ -5654,7 +5644,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: SD ROM Utility + product: Infinity MLK (firmware) cves: cve-2021-4104: investigated: false @@ -5684,7 +5674,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: SDNAS + product: Integrated Dell Remote Access Controller (iDRAC) cves: cve-2021-4104: investigated: false @@ -5714,7 +5704,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Server Storage + product: ISG Accelerators cves: cve-2021-4104: investigated: false @@ -5744,7 +5734,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Smart Fabric Storage Software + product: ISG Board & Electrical cves: cve-2021-4104: investigated: false @@ -5774,7 +5764,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: SmartByte + product: IsilonSD Management Server cves: cve-2021-4104: investigated: false @@ -5804,7 +5794,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: SMI-S + product: IVE-WinDiag cves: cve-2021-4104: investigated: false @@ -5834,7 +5824,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Software RAID + product: Mainframe Enablers cves: cve-2021-4104: investigated: false @@ -5864,7 +5854,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Solutions Enabler + product: My Dell cves: cve-2021-4104: investigated: false @@ -5894,7 +5884,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Solutions Enabler vApp + product: MyDell Mobile cves: cve-2021-4104: investigated: false @@ -5924,7 +5914,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Sonic + product: NetWorker Management Console cves: cve-2021-4104: investigated: false @@ -5954,7 +5944,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: SRS VE + product: Networking BIOS cves: cve-2021-4104: investigated: false @@ -5984,7 +5974,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Storage Center OS and additional SC applications unless otherwise noted + product: Networking DIAG cves: cve-2021-4104: investigated: false @@ -6014,7 +6004,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: SupportAssist Client Commercial + product: Networking N-Series cves: cve-2021-4104: investigated: false @@ -6044,7 +6034,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: SupportAssist Client Consumer + product: Networking OS 10 cves: cve-2021-4104: investigated: false @@ -6074,7 +6064,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: UCC Edge + product: Networking OS9 cves: cve-2021-4104: investigated: false @@ -6104,7 +6094,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Unisphere for PowerMax + product: Networking SD-WAN Edge SD-WAN cves: cve-2021-4104: investigated: false @@ -6134,7 +6124,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Unisphere for PowerMax vApp + product: Networking W-Series cves: cve-2021-4104: investigated: false @@ -6164,7 +6154,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Unisphere for VMAX + product: Networking X-Series cves: cve-2021-4104: investigated: false @@ -6194,7 +6184,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Unisphere for VNX + product: OMIMSSC (OpenManage Integration for Microsoft System Center) cves: cve-2021-4104: investigated: false @@ -6224,7 +6214,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Update Manager Plugin + product: OMNIA cves: cve-2021-4104: investigated: false @@ -6254,7 +6244,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: ViPR Controller + product: OpenManage Connections - Nagios cves: cve-2021-4104: investigated: false @@ -6284,7 +6274,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: VNX1 + product: OpenManage Connections - ServiceNow cves: cve-2021-4104: investigated: false @@ -6314,7 +6304,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: VNX2 + product: OpenManage Enterprise cves: cve-2021-4104: investigated: false @@ -6322,11 +6312,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -6339,12 +6328,13 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch expected by 12/19/21 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: VPLEX VS2/VS6 / VPLEX Witness + product: OpenManage Integration for Microsoft System Center for System Center + Operations Manager cves: cve-2021-4104: investigated: false @@ -6374,7 +6364,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Vsan Ready Nodes + product: OpenManage Integration with Microsoft Windows Admin Center cves: cve-2021-4104: investigated: false @@ -6404,7 +6394,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Warnado MLK (firmware) + product: OpenManage Network Integration cves: cve-2021-4104: investigated: false @@ -6434,7 +6424,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Wyse Proprietary OS (ThinOS) + product: PowerConnect N3200 cves: cve-2021-4104: investigated: false @@ -6464,7 +6454,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Wyse Windows Embedded Suite + product: PowerConnect PC2800 cves: cve-2021-4104: investigated: false @@ -6494,7 +6484,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: APEX Console + product: PowerConnect PC8100 cves: cve-2021-4104: investigated: false @@ -6504,9 +6494,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: + fixed_versions: [] + unaffected_versions: - N/A - unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -6519,12 +6509,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Cloud environment patched + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: APEX Data Storage Services + product: PowerEdge BIOS cves: cve-2021-4104: investigated: false @@ -6532,10 +6522,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -6548,12 +6539,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Cloud environment patch in progress + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Cloud IQ + product: PowerEdge Operating Systems cves: cve-2021-4104: investigated: false @@ -6561,10 +6552,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -6577,12 +6569,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Cloud environment patched + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Connectrix (Cisco MDS DCNM) + product: PowerTools Agent cves: cve-2021-4104: investigated: false @@ -6590,10 +6582,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -6606,12 +6599,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/23/21 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Connectrix B-Series SANnav + product: PPDM Kubernetes cProxy cves: cve-2021-4104: investigated: false @@ -6620,10 +6613,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 2.1.1 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -6636,12 +6629,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 3/31/2022 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Data Domain OS + product: PPDM VMware vProxy cves: cve-2021-4104: investigated: false @@ -6650,10 +6643,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Versions between 7.3.0.5 and 7.7.0.6;Versions before 7.6.0.30 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -6666,12 +6659,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-274 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Avamar + product: Redtail cves: cve-2021-4104: investigated: false @@ -6680,10 +6673,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '"18.2 19.1 19.2 19.3 19.4"' + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -6696,12 +6689,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/20/21 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC BSN Controller Node + product: Remotely Anywhere cves: cve-2021-4104: investigated: false @@ -6709,10 +6702,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -6725,12 +6719,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-305 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Cloud Disaster Recovery + product: Riptide (firmware) cves: cve-2021-4104: investigated: false @@ -6739,39 +6733,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - N/A - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending - references: - - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC Data Protection Central - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -6784,12 +6749,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021- 269 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Data Protection Search + product: Rugged Control Center (RCC) cves: cve-2021-4104: investigated: false @@ -6798,10 +6763,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Versions before 19.5.0.7 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -6814,12 +6779,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-279 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC ECS + product: SD ROM Utility cves: cve-2021-4104: investigated: false @@ -6827,10 +6792,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -6843,12 +6809,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/18/21 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Enterprise Hybrid Cloud + product: SDNAS cves: cve-2021-4104: investigated: false @@ -6856,10 +6822,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -6872,12 +6839,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '[link](https://www.dell.com/support/kbdoc/en-us/000194490/dsa-2021-270-enterprise-hybrid-cloud-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Enterprise Storage Analytics for vRealize Operations + product: Secure Connect Gateway (SCG) Appliance cves: cve-2021-4104: investigated: false @@ -6887,7 +6854,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '"<6.0.0 6.1.0 6.2.x"' + - '"5.00.00 5.00.05 and 4.0.06 and earlier versions (OVF and VHD)"' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -6902,12 +6869,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-278 + notes: See DSA-2021-282 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Integrated System for Azure Stack HCI + product: Secure Connect Gateway (SCG) Policy Manager cves: cve-2021-4104: investigated: false @@ -6917,7 +6884,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - N/A + - '"5.00.00.10 5.00.05.10"' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -6932,16 +6899,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '"Dell EMC Integrated System for Azure Stack HCI is not impacted by this - advisory. If Dell EMC SupportAssist Enterprise (SAE) or Dell EMC Secure Connect - Gateway (SCG) were optionally installed with Dell EMC Integrated System for - Azure Stack HCI monitor the following advisories. Apply workaround guidance - and remediations as they become [available:](https://www.dell.com/support/kbdoc/en-us/000194622/dsa-2021-307-dell-emc-integrated-system-for-azure-stack-hci-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' + notes: See DSA-2021-281 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Integrated System for Microsoft Azure Stack Hub + product: Server Storage cves: cve-2021-4104: investigated: false @@ -6950,10 +6913,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - N/A + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -6966,12 +6929,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC NetWorker Virtual Edition + product: Smart Fabric Storage Software cves: cve-2021-4104: investigated: false @@ -6980,10 +6943,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '"19.5.x 19.4.x 19.3.x"' + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -6996,12 +6959,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/20/21 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC NetWorker Server + product: SmartByte cves: cve-2021-4104: investigated: false @@ -7010,10 +6973,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '"19.5.x 19.4.x 19.3.x"' + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -7026,12 +6989,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/20/21 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Networking Virtual Edge Platform with VersaOS + product: SMI-S cves: cve-2021-4104: investigated: false @@ -7040,10 +7003,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '"with Versa Concerto with Versa Analytics with Versa Concero Director"' + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -7056,12 +7019,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-304 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerFlex Appliance + product: Software RAID cves: cve-2021-4104: investigated: false @@ -7070,11 +7033,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '"All versions up to Intelligent Catalog 38_356_00_r10.zip All versions - up to Intelligent Catalog 38_362_00_r7.zip"' + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -7087,12 +7049,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerFlex Software (SDS) + product: Solutions Enabler cves: cve-2021-4104: investigated: false @@ -7101,10 +7063,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '"3.5 3.5.1 3.5.1.1 3.5.1.2 3.5.1.3 3.5.1.4 3.6 3.6.0.1 3.6.0.2"' + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -7117,12 +7079,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerFlex Rack + product: Solutions Enabler vApp cves: cve-2021-4104: investigated: false @@ -7131,10 +7093,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - N/A + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -7147,12 +7109,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerProtect Data Manager + product: Sonic cves: cve-2021-4104: investigated: false @@ -7161,10 +7123,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - All versions 19.9 and earlier + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -7177,12 +7139,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerProtect DP Series Appliance (iDPA) + product: SRS Policy Manager cves: cve-2021-4104: investigated: false @@ -7192,7 +7154,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 2.7.0 and earlier + - '7' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -7212,7 +7174,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerStore + product: SRS VE cves: cve-2021-4104: investigated: false @@ -7220,10 +7182,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -7236,12 +7199,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/23/21 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC RecoverPoint for Virtual Machine + product: Storage Center - Dell Storage Manager cves: cve-2021-4104: investigated: false @@ -7249,9 +7212,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - All 5.0.x and later versions + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -7271,7 +7233,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC RecoverPoint Classic + product: Storage Center OS and additional SC applications unless otherwise noted cves: cve-2021-4104: investigated: false @@ -7280,10 +7242,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - All 5.1.x and later versions + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -7296,12 +7258,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC SRM vApp + product: SupportAssist Client Commercial cves: cve-2021-4104: investigated: false @@ -7310,10 +7272,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Versions before 4.6.0.2 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -7326,12 +7288,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 1/25/2022 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Streaming Data Platform + product: SupportAssist Client Consumer cves: cve-2021-4104: investigated: false @@ -7339,10 +7301,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -7355,12 +7318,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/18/21 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Unity + product: SupportAssist Enterprise cves: cve-2021-4104: investigated: false @@ -7384,12 +7347,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/29/21 + notes: Patch expected by 12/23/21 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Metro Node + product: UCC Edge cves: cve-2021-4104: investigated: false @@ -7398,10 +7361,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 7.0.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -7414,12 +7377,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-308 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC VxRail + product: Unisphere Central cves: cve-2021-4104: investigated: false @@ -7427,9 +7390,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - '"4.5.x 4.7.x 7.0.x"' + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -7444,12 +7406,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + notes: Patch expected by 1/10/2022 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Open Management Enterprise - Modular + product: Unisphere for PowerMax cves: cve-2021-4104: investigated: false @@ -7458,10 +7420,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - <1.40.10 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -7474,12 +7436,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-268 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: DellEMC OpenManage Enterprise Services + product: Unisphere for PowerMax vApp cves: cve-2021-4104: investigated: false @@ -7487,10 +7449,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -7503,12 +7466,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/20/21 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: OpenManage Enterprise + product: Unisphere for VMAX cves: cve-2021-4104: investigated: false @@ -7516,10 +7479,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -7532,12 +7496,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/19/21 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Ruckus SmartZone 300 Controller + product: Unisphere for VNX cves: cve-2021-4104: investigated: false @@ -7545,10 +7509,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -7561,12 +7526,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-303 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Ruckus SmartZone 100 Controller + product: Update Manager Plugin cves: cve-2021-4104: investigated: false @@ -7574,10 +7539,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -7590,12 +7556,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-303 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Ruckus Virtual Software + product: Vblock cves: cve-2021-4104: investigated: false @@ -7619,12 +7585,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-303 + notes: Patch pending See vce6771 (requires customer login) references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Secure Connect Gateway (SCG) Appliance + product: ViPR Controller cves: cve-2021-4104: investigated: false @@ -7633,10 +7599,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '"5.00.00 5.00.05 and 4.0.06 and earlier versions (OVF and VHD)"' + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -7649,12 +7615,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-282 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Secure Connect Gateway (SCG) Policy Manager + product: VMware vRealize Automation 8.x cves: cve-2021-4104: investigated: false @@ -7664,7 +7630,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '"5.00.00.10 5.00.05.10"' + - '"8.2 8.3 8.4 8.5 and 8.6"' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -7679,12 +7645,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-281 + notes: Patch expected by 12/19/21 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: SRS Policy Manager + product: VMware vRealize Orchestrator 8.x cves: cve-2021-4104: investigated: false @@ -7694,7 +7660,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '7' + - '"8.2 8.3 8.4 8.5 and 8.6"' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -7709,12 +7675,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + notes: Patch expected by 12/19/21 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Storage Center - Dell Storage Manager + product: VNX1 cves: cve-2021-4104: investigated: false @@ -7722,10 +7688,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -7738,12 +7705,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: SupportAssist Enterprise + product: VNX2 cves: cve-2021-4104: investigated: false @@ -7751,10 +7718,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -7767,12 +7735,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/23/21 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Unisphere Central + product: VNXe 1600 cves: cve-2021-4104: investigated: false @@ -7780,8 +7748,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - Versions 3.1.16.10220572 and earlier fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -7796,12 +7765,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 1/10/2022 + notes: Patch expected by 12/19/21 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Vblock + product: VNXe 3200 cves: cve-2021-4104: investigated: false @@ -7809,8 +7778,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - Version 3.1.15.10216415 and earlier fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -7825,12 +7795,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending See vce6771 (requires customer login) + notes: Patch expected by 12/19/21 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: VNXe 1600 + product: VPLEX VS2/VS6 / VPLEX Witness cves: cve-2021-4104: investigated: false @@ -7839,10 +7809,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Versions 3.1.16.10220572 and earlier + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -7855,12 +7825,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/19/21 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: VNXe 3200 + product: vRealize Data Protection Extension Data Management cves: cve-2021-4104: investigated: false @@ -7868,9 +7838,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Version 3.1.15.10216415 and earlier + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -7890,7 +7859,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: VxBlock + product: vRealize Data Protection Extension for vRealize Automation (vRA) 8.x cves: cve-2021-4104: investigated: false @@ -7898,8 +7867,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '"version 19.6 version 19.7 version 19.8 and version 19.9"' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -7914,7 +7884,7 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '"Patch pending See vce6771 (requires customer login) "' + notes: Patch expected by 12/19/21 references: - '' last_updated: '2021-12-15T00:00:00' @@ -8099,7 +8069,37 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: vRealize Data Protection Extension Data Management + product: Vsan Ready Nodes + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - N/A + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: VxBlock cves: cve-2021-4104: investigated: false @@ -8123,12 +8123,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/19/21 + notes: '"Patch pending See vce6771 (requires customer login) "' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: vRealize Data Protection Extension for vRealize Automation (vRA) 8.x + product: Warnado MLK (firmware) cves: cve-2021-4104: investigated: false @@ -8137,10 +8137,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '"version 19.6 version 19.7 version 19.8 and version 19.9"' + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -8153,12 +8153,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/19/21 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: VMware vRealize Automation 8.x + product: Wyse Management Suite cves: cve-2021-4104: investigated: false @@ -8168,7 +8168,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '"8.2 8.3 8.4 8.5 and 8.6"' + - <3.5 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -8183,12 +8183,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/19/21 + notes: See DSA-2021-267 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: VMware vRealize Orchestrator 8.x + product: Wyse Proprietary OS (ThinOS) cves: cve-2021-4104: investigated: false @@ -8197,10 +8197,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '"8.2 8.3 8.4 8.5 and 8.6"' + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -8213,12 +8213,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/19/21 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Wyse Management Suite + product: Wyse Windows Embedded Suite cves: cve-2021-4104: investigated: false @@ -8227,10 +8227,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - <3.5 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -8243,7 +8243,7 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-267 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' @@ -8394,7 +8394,7 @@ software: - '' last_updated: '2022-01-12T07:18:52+00:00' - vendor: Digi International - product: CTEK G6200 family + product: AnywhereUSB Manager cves: cve-2021-4104: investigated: false @@ -8423,7 +8423,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: CTEK SkyCloud + product: ARMT cves: cve-2021-4104: investigated: false @@ -8452,7 +8452,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: CTEK Z45 family + product: Aview cves: cve-2021-4104: investigated: false @@ -8481,7 +8481,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi 54xx family + product: AVWOB cves: cve-2021-4104: investigated: false @@ -8510,7 +8510,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi 63xx family + product: CTEK G6200 family cves: cve-2021-4104: investigated: false @@ -8539,7 +8539,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi AnywhereUSB (G2) family + product: CTEK SkyCloud cves: cve-2021-4104: investigated: false @@ -8568,7 +8568,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi AnywhereUSB Plus family + product: CTEK Z45 family cves: cve-2021-4104: investigated: false @@ -8597,7 +8597,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi Connect family + product: Digi 54xx family cves: cve-2021-4104: investigated: false @@ -8626,7 +8626,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi Connect EZ family + product: Digi 63xx family cves: cve-2021-4104: investigated: false @@ -8655,7 +8655,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi Connect IT family + product: Digi AnywhereUSB (G2) family cves: cve-2021-4104: investigated: false @@ -8684,7 +8684,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi ConnectPort family + product: Digi AnywhereUSB Plus family cves: cve-2021-4104: investigated: false @@ -8713,7 +8713,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi ConnectPort LTS family + product: Digi Connect EZ family cves: cve-2021-4104: investigated: false @@ -8742,7 +8742,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi Connect Sensor family + product: Digi Connect family cves: cve-2021-4104: investigated: false @@ -8771,7 +8771,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi Connect WS family + product: Digi Connect IT family cves: cve-2021-4104: investigated: false @@ -8800,7 +8800,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi Embedded Android + product: Digi Connect Sensor family cves: cve-2021-4104: investigated: false @@ -8829,7 +8829,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi Embedded Yocto + product: Digi Connect WS family cves: cve-2021-4104: investigated: false @@ -8858,7 +8858,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi EX routers + product: Digi ConnectPort family cves: cve-2021-4104: investigated: false @@ -8887,7 +8887,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi IX routers + product: Digi ConnectPort LTS family cves: cve-2021-4104: investigated: false @@ -8916,7 +8916,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi LR54 + product: Digi Embedded Android cves: cve-2021-4104: investigated: false @@ -8945,7 +8945,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi One family + product: Digi Embedded Yocto cves: cve-2021-4104: investigated: false @@ -8974,7 +8974,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi Passport family + product: Digi EX routers cves: cve-2021-4104: investigated: false @@ -9003,7 +9003,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi PortServer TS family + product: Digi IX routers cves: cve-2021-4104: investigated: false @@ -9032,7 +9032,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi TX routers + product: Digi LR54 cves: cve-2021-4104: investigated: false @@ -9061,7 +9061,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi WR11 + product: Digi Navigator cves: cve-2021-4104: investigated: false @@ -9090,7 +9090,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi WR21 + product: Digi One family cves: cve-2021-4104: investigated: false @@ -9119,7 +9119,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi WR31 + product: Digi Passport family cves: cve-2021-4104: investigated: false @@ -9148,7 +9148,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi WR44R/RR + product: Digi PortServer TS family cves: cve-2021-4104: investigated: false @@ -9177,7 +9177,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi WR54 + product: Digi Remote Manager cves: cve-2021-4104: investigated: false @@ -9206,7 +9206,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi WR64 + product: Digi TX routers cves: cve-2021-4104: investigated: false @@ -9235,7 +9235,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: AnywhereUSB Manager + product: Digi WR11 cves: cve-2021-4104: investigated: false @@ -9264,7 +9264,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Aview + product: Digi WR21 cves: cve-2021-4104: investigated: false @@ -9293,7 +9293,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: ARMT + product: Digi WR31 cves: cve-2021-4104: investigated: false @@ -9322,7 +9322,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: AVWOB + product: Digi WR44R/RR cves: cve-2021-4104: investigated: false @@ -9351,7 +9351,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi Navigator + product: Digi WR54 cves: cve-2021-4104: investigated: false @@ -9380,7 +9380,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi Remote Manager + product: Digi WR64 cves: cve-2021-4104: investigated: false @@ -9758,7 +9758,7 @@ software: - '' last_updated: '2022-01-12T07:18:52+00:00' - vendor: Dynatrace - product: Managed cluster nodes + product: ActiveGate cves: cve-2021-4104: investigated: false @@ -9782,12 +9782,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/ - notes: Please see Dynatrace Communication for details + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' - vendor: Dynatrace - product: SAAS + product: Dynatrace Extensions cves: cve-2021-4104: investigated: false @@ -9811,7 +9811,7 @@ software: unaffected_versions: [] vendor_links: - https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/ - notes: '' + notes: Please see Dynatrace Communication for details references: - '' last_updated: '2021-12-21T00:00:00' @@ -9845,7 +9845,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Dynatrace - product: Synthetic public locations + product: Managed cluster nodes cves: cve-2021-4104: investigated: false @@ -9869,12 +9869,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/ - notes: '' + notes: Please see Dynatrace Communication for details references: - '' last_updated: '2021-12-21T00:00:00' - vendor: Dynatrace - product: Synthetic Private ActiveGate + product: OneAgent cves: cve-2021-4104: investigated: false @@ -9898,12 +9898,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/ - notes: Please see Dynatrace Communication for details + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' - vendor: Dynatrace - product: ActiveGate + product: SAAS cves: cve-2021-4104: investigated: false @@ -9932,7 +9932,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Dynatrace - product: OneAgent + product: Synthetic Private ActiveGate cves: cve-2021-4104: investigated: false @@ -9956,12 +9956,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/ - notes: '' + notes: Please see Dynatrace Communication for details references: - '' last_updated: '2021-12-21T00:00:00' - vendor: Dynatrace - product: Dynatrace Extensions + product: Synthetic public locations cves: cve-2021-4104: investigated: false @@ -9985,7 +9985,7 @@ software: unaffected_versions: [] vendor_links: - https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/ - notes: Please see Dynatrace Communication for details + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' diff --git a/data/cisagov_E.yml b/data/cisagov_E.yml index abf2a20..8643da5 100644 --- a/data/cisagov_E.yml +++ b/data/cisagov_E.yml @@ -356,7 +356,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Elastic - product: Elastic Cloud Enterprise + product: Elastic Cloud cves: cve-2021-4104: investigated: false @@ -414,7 +414,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Elastic - product: Elastic Cloud on Kubernetes + product: Elastic Cloud Enterprise cves: cve-2021-4104: investigated: false @@ -443,7 +443,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Elastic - product: Elastic Cloud + product: Elastic Cloud on Kubernetes cves: cve-2021-4104: investigated: false @@ -795,7 +795,7 @@ software: - '' last_updated: '2022-01-12T07:18:52+00:00' - vendor: Ellucian - product: Banner Analytics + product: Admin cves: cve-2021-4104: investigated: false @@ -824,7 +824,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Colleague + product: Banner Analytics cves: cve-2021-4104: investigated: false @@ -848,12 +848,12 @@ software: unaffected_versions: [] vendor_links: - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue - notes: On-prem and cloud deployements expect fixed 12/18/2021 + notes: '' references: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Admin + product: Banner Document Management (includes Banner Document Retention) cves: cve-2021-4104: investigated: false @@ -882,7 +882,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Enterprise Identity Services(BEIS) + product: Banner Event Publisher cves: cve-2021-4104: investigated: false @@ -969,7 +969,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Banner Workflow + product: Banner Self Service cves: cve-2021-4104: investigated: false @@ -998,7 +998,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Banner Document Management (includes Banner Document Retention) + product: Banner Workflow cves: cve-2021-4104: investigated: false @@ -1027,7 +1027,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian Advance Web Connector + product: Colleague cves: cve-2021-4104: investigated: false @@ -1051,12 +1051,12 @@ software: unaffected_versions: [] vendor_links: - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue - notes: '' + notes: On-prem and cloud deployements expect fixed 12/18/2021 references: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian eTranscripts + product: Colleague Analytics cves: cve-2021-4104: investigated: false @@ -1085,7 +1085,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian Mobile + product: CRM Advance cves: cve-2021-4104: investigated: false @@ -1114,7 +1114,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian Solution Manager + product: CRM Advise cves: cve-2021-4104: investigated: false @@ -1143,7 +1143,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Banner Event Publisher + product: CRM Recruit cves: cve-2021-4104: investigated: false @@ -1172,7 +1172,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Banner Self Service + product: Ellucian Advance Web Connector cves: cve-2021-4104: investigated: false @@ -1201,7 +1201,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Colleague Analytics + product: Ellucian Data Access cves: cve-2021-4104: investigated: false @@ -1230,7 +1230,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: CRM Advance + product: Ellucian Design Path cves: cve-2021-4104: investigated: false @@ -1259,7 +1259,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: CRM Advise + product: Ellucian Ellucian Portal cves: cve-2021-4104: investigated: false @@ -1288,7 +1288,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: CRM Recruit + product: Ellucian ePrint cves: cve-2021-4104: investigated: false @@ -1317,7 +1317,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian Data Access + product: Ellucian Ethos API & API Management Center cves: cve-2021-4104: investigated: false @@ -1346,7 +1346,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian Design Path + product: Ellucian Ethos Extend cves: cve-2021-4104: investigated: false @@ -1375,7 +1375,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian ePrint + product: Ellucian Ethos Integration cves: cve-2021-4104: investigated: false @@ -1404,7 +1404,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian Ethos API & API Management Center + product: Ellucian eTranscripts cves: cve-2021-4104: investigated: false @@ -1433,7 +1433,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian Ethos Extend + product: Ellucian Experience cves: cve-2021-4104: investigated: false @@ -1462,7 +1462,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian Ethos Integration + product: Ellucian Intelligent Platform (ILP) cves: cve-2021-4104: investigated: false @@ -1491,7 +1491,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian Experience + product: Ellucian International Student and Scholar Management (ISSM) cves: cve-2021-4104: investigated: false @@ -1520,7 +1520,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian Intelligent Platform (ILP) + product: Ellucian Message Service (EMS) cves: cve-2021-4104: investigated: false @@ -1549,7 +1549,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian International Student and Scholar Management (ISSM) + product: Ellucian Messaging Adapter (EMA) cves: cve-2021-4104: investigated: false @@ -1578,7 +1578,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian Message Service (EMS) + product: Ellucian Mobile cves: cve-2021-4104: investigated: false @@ -1607,7 +1607,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian Messaging Adapter (EMA) + product: Ellucian Payment Gateway cves: cve-2021-4104: investigated: false @@ -1636,7 +1636,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian Payment Gateway + product: Ellucian PowerCampus cves: cve-2021-4104: investigated: false @@ -1665,7 +1665,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian Ellucian Portal + product: Ellucian Solution Manager cves: cve-2021-4104: investigated: false @@ -1723,7 +1723,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian PowerCampus + product: Enterprise Identity Services(BEIS) cves: cve-2021-4104: investigated: false @@ -1752,7 +1752,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: K-Series Coriolis Transmitters + product: 148 Temperature Transmitter cves: cve-2021-4104: investigated: false @@ -1781,7 +1781,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Prolink Configuration Software + product: 2051 Pressure Transmitter Family cves: cve-2021-4104: investigated: false @@ -1810,7 +1810,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Prolink Mobile Application & ProcessViz Software + product: 2088 Pressure Transmitter Family cves: cve-2021-4104: investigated: false @@ -1839,7 +1839,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 4732 Endeavor + product: 2090F/2090P Pressure Transmitters cves: cve-2021-4104: investigated: false @@ -1868,7 +1868,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Vortex and Magmeter Transmitters + product: 215 Pressure Sensor Module cves: cve-2021-4104: investigated: false @@ -1897,7 +1897,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: USM 3410 and 3810 Series Ultrasonic Transmitters + product: 248 Configuration Application cves: cve-2021-4104: investigated: false @@ -1926,7 +1926,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Mark III Gas and Liquid USM + product: 248 Temperature Transmitter cves: cve-2021-4104: investigated: false @@ -1955,7 +1955,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Flarecheck FlowCheck Flowel & PWAM software + product: 3051 & 3051S Pressure transmitter families cves: cve-2021-4104: investigated: false @@ -1984,7 +1984,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: MPFM2600 & MPFM5726 + product: 3144P Temperature Transmitter cves: cve-2021-4104: investigated: false @@ -2013,7 +2013,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: DHNC1 DHNC2 + product: 326P Pressure Transmitter cves: cve-2021-4104: investigated: false @@ -2042,7 +2042,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: WCM SWGM + product: 326T Temperature Transmitter cves: cve-2021-4104: investigated: false @@ -2071,7 +2071,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Fieldwatch and Service consoles + product: 327T Temperature Transmitter cves: cve-2021-4104: investigated: false @@ -2100,7 +2100,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 5726 Transmitter + product: 4088 Pressure Transmitter cves: cve-2021-4104: investigated: false @@ -2129,7 +2129,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Plantweb Advisor for Metrology and Metering Suite SDK + product: 4088 Upgrade Utility cves: cve-2021-4104: investigated: false @@ -2158,7 +2158,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 'Gas Chromatographs: M500/2350A MON2000 700XA/1500XA 370XA MON2020' + product: 4600 Pressure Transmitter cves: cve-2021-4104: investigated: false @@ -2187,7 +2187,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 'Gas Analysis: X-STREAM Enhanced (XEGP XEGK XEGC XEGF XEFD XECLD)' + product: 4732 Endeavor cves: cve-2021-4104: investigated: false @@ -2216,9 +2216,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 'Gas Detection: Millennium II Basic Single & Dual Channel 928 Wireless - Gas Monitor/628 Gas Sensor 935 & 936 Open Path Gas Detector Millennium Air Particle - Monitor' + product: 4732 Endeavor cves: cve-2021-4104: investigated: false @@ -2247,7 +2245,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: K-Series Coriolis Transmitters + product: 550 PT Pressure Transmitter cves: cve-2021-4104: investigated: false @@ -2276,7 +2274,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Prolink Configuration Software + product: 5726 Transmitter cves: cve-2021-4104: investigated: false @@ -2305,7 +2303,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Prolink Mobile Application & ProcessViz Software + product: 5726 Transmitter cves: cve-2021-4104: investigated: false @@ -2334,7 +2332,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 4732 Endeavor + product: 644 Temperature Transmitter cves: cve-2021-4104: investigated: false @@ -2363,7 +2361,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Vortex and Magmeter Transmitters + product: 648 Temperature Transmitter cves: cve-2021-4104: investigated: false @@ -2392,7 +2390,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: USM 3410 and 3810 Series Ultrasonic Transmitters + product: 848T Temperature Transmitter cves: cve-2021-4104: investigated: false @@ -2421,7 +2419,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Mark III Gas and Liquid USM + product: 'Combustion: OCX OXT 6888 CX1100 6888Xi' cves: cve-2021-4104: investigated: false @@ -2450,7 +2448,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Flarecheck FlowCheck Flowel & PWAM software + product: CT2211 QCL Aerosol Microleak Detection System cves: cve-2021-4104: investigated: false @@ -2479,7 +2477,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: MPFM2600 & MPFM5726 + product: CT3000 QCL Automotive OEM Gas Analyzer cves: cve-2021-4104: investigated: false @@ -2508,7 +2506,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: DHNC1 DHNC2 + product: CT4000 QCL Marine OEM Gas Analyzer cves: cve-2021-4104: investigated: false @@ -2537,7 +2535,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: WCM SWGM + product: CT4215 QCL Packaging Leak Detection System cves: cve-2021-4104: investigated: false @@ -2566,7 +2564,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Fieldwatch and Service consoles + product: CT4400 QCL General Purpose Continuous Gas Analyzer cves: cve-2021-4104: investigated: false @@ -2595,7 +2593,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 5726 Transmitter + product: CT4404 QCL pMDI Leak Detection Analyzer cves: cve-2021-4104: investigated: false @@ -2624,7 +2622,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Plantweb Advisor for Metrology and Metering Suite SDK + product: CT5100 QCL Field Housing Continuous Gas Analyzer cves: cve-2021-4104: investigated: false @@ -2653,7 +2651,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 'Gas Chromatographs: M500/2350A MON2000 700XA/1500XA 370XA MON2020' + product: CT5400 QCL General Purpose Continuous Gas Analyzer cves: cve-2021-4104: investigated: false @@ -2682,7 +2680,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 'Gas Analysis: X-STREAM Enhanced (XEGP XEGK XEGC XEGF XEFD XECLD)' + product: CT5800 QCL Flameproof Housing Continuous Gas Analyzer cves: cve-2021-4104: investigated: false @@ -2711,9 +2709,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 'Gas Detection: Millennium II Basic Single & Dual Channel 928 Wireless - Gas Monitor/628 Gas Sensor 935 & 936 Open Path Gas Detector Millennium Air Particle - Monitor' + product: DHNC1 DHNC2 cves: cve-2021-4104: investigated: false @@ -2742,7 +2738,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Incus Ultrasonic gas leak detector + product: DHNC1 DHNC2 cves: cve-2021-4104: investigated: false @@ -2771,8 +2767,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 'Flame Detection: 975UF & 975UR Infrared Flame Detectors 975HR Infrared - Hydrogen Flame Detector 975MR Multi-Spectrum Infrared Flame Detector' + product: Emerson Aperio software cves: cve-2021-4104: investigated: false @@ -2801,7 +2796,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 'Liquid Transmitters: 5081 1066 1056 1057 56' + product: Engineering Assistant 5.x & 6.x cves: cve-2021-4104: investigated: false @@ -2830,7 +2825,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 'Combustion: OCX OXT 6888 CX1100 6888Xi' + product: Fieldwatch and Service consoles cves: cve-2021-4104: investigated: false @@ -2859,7 +2854,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Spectrex family Flame Detectors and Rosemount 975 flame detector + product: Fieldwatch and Service consoles cves: cve-2021-4104: investigated: false @@ -2888,7 +2883,8 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: CT4400 QCL General Purpose Continuous Gas Analyzer + product: 'Flame Detection: 975UF & 975UR Infrared Flame Detectors 975HR Infrared + Hydrogen Flame Detector 975MR Multi-Spectrum Infrared Flame Detector' cves: cve-2021-4104: investigated: false @@ -2917,7 +2913,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: CT5400 QCL General Purpose Continuous Gas Analyzer + product: Flarecheck FlowCheck Flowel & PWAM software cves: cve-2021-4104: investigated: false @@ -2946,7 +2942,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: CT5100 QCL Field Housing Continuous Gas Analyzer + product: Flarecheck FlowCheck Flowel & PWAM software cves: cve-2021-4104: investigated: false @@ -2975,7 +2971,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: CT5800 QCL Flameproof Housing Continuous Gas Analyzer + product: 'Gas Analysis: X-STREAM Enhanced (XEGP XEGK XEGC XEGF XEFD XECLD)' cves: cve-2021-4104: investigated: false @@ -3004,7 +3000,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: CT4215 QCL Packaging Leak Detection System + product: 'Gas Analysis: X-STREAM Enhanced (XEGP XEGK XEGC XEGF XEFD XECLD)' cves: cve-2021-4104: investigated: false @@ -3033,7 +3029,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: CT2211 QCL Aerosol Microleak Detection System + product: 'Gas Chromatographs: M500/2350A MON2000 700XA/1500XA 370XA MON2020' cves: cve-2021-4104: investigated: false @@ -3062,7 +3058,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: CT4404 QCL pMDI Leak Detection Analyzer + product: 'Gas Chromatographs: M500/2350A MON2000 700XA/1500XA 370XA MON2020' cves: cve-2021-4104: investigated: false @@ -3091,7 +3087,9 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: CT4000 QCL Marine OEM Gas Analyzer + product: 'Gas Detection: Millennium II Basic Single & Dual Channel 928 Wireless + Gas Monitor/628 Gas Sensor 935 & 936 Open Path Gas Detector Millennium Air Particle + Monitor' cves: cve-2021-4104: investigated: false @@ -3120,7 +3118,9 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: CT3000 QCL Automotive OEM Gas Analyzer + product: 'Gas Detection: Millennium II Basic Single & Dual Channel 928 Wireless + Gas Monitor/628 Gas Sensor 935 & 936 Open Path Gas Detector Millennium Air Particle + Monitor' cves: cve-2021-4104: investigated: false @@ -3149,7 +3149,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 3051 & 3051S Pressure transmitter families + product: Incus Ultrasonic gas leak detector cves: cve-2021-4104: investigated: false @@ -3178,7 +3178,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 2051 Pressure Transmitter Family + product: K-Series Coriolis Transmitters cves: cve-2021-4104: investigated: false @@ -3207,7 +3207,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 4088 Pressure Transmitter + product: K-Series Coriolis Transmitters cves: cve-2021-4104: investigated: false @@ -3236,7 +3236,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 2088 Pressure Transmitter Family + product: 'Liquid Transmitters: 5081 1066 1056 1057 56' cves: cve-2021-4104: investigated: false @@ -3265,7 +3265,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 2090F/2090P Pressure Transmitters + product: Mark III Gas and Liquid USM cves: cve-2021-4104: investigated: false @@ -3294,7 +3294,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 4600 Pressure Transmitter + product: Mark III Gas and Liquid USM cves: cve-2021-4104: investigated: false @@ -3323,7 +3323,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 215 Pressure Sensor Module + product: MPFM2600 & MPFM5726 cves: cve-2021-4104: investigated: false @@ -3352,7 +3352,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 550 PT Pressure Transmitter + product: MPFM2600 & MPFM5726 cves: cve-2021-4104: investigated: false @@ -3381,7 +3381,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 326P Pressure Transmitter + product: Plantweb Advisor for Metrology and Metering Suite SDK cves: cve-2021-4104: investigated: false @@ -3410,7 +3410,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 3144P Temperature Transmitter + product: Plantweb Advisor for Metrology and Metering Suite SDK cves: cve-2021-4104: investigated: false @@ -3439,7 +3439,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 644 Temperature Transmitter + product: Prolink Configuration Software cves: cve-2021-4104: investigated: false @@ -3468,7 +3468,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 848T Temperature Transmitter + product: Prolink Configuration Software cves: cve-2021-4104: investigated: false @@ -3497,7 +3497,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 148 Temperature Transmitter + product: Prolink Mobile Application & ProcessViz Software cves: cve-2021-4104: investigated: false @@ -3526,7 +3526,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 248 Temperature Transmitter + product: Prolink Mobile Application & ProcessViz Software cves: cve-2021-4104: investigated: false @@ -3555,7 +3555,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 326T Temperature Transmitter + product: Rosemount 2230 Graphical Field Display cves: cve-2021-4104: investigated: false @@ -3584,7 +3584,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 327T Temperature Transmitter + product: Rosemount 2240S Multi-input Temperature Transmitter cves: cve-2021-4104: investigated: false @@ -3613,7 +3613,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 648 Temperature Transmitter + product: Rosemount 2410 Tank Hub cves: cve-2021-4104: investigated: false @@ -3642,7 +3642,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 4088 Upgrade Utility + product: Rosemount 2460 System Hub cves: cve-2021-4104: investigated: false @@ -3671,7 +3671,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Engineering Assistant 5.x & 6.x + product: Rosemount 3490 Controller cves: cve-2021-4104: investigated: false @@ -3700,7 +3700,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 248 Configuration Application + product: Rosemount CMS/IOU 61 cves: cve-2021-4104: investigated: false @@ -3729,7 +3729,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Rosemount IO-Link Assistant + product: Rosemount CMS/SCU 51/SCC cves: cve-2021-4104: investigated: false @@ -3758,7 +3758,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Rosemount TankMaster and TankMaster Mobile + product: Rosemount CMS/WSU 51/SWF 51 cves: cve-2021-4104: investigated: false @@ -3787,7 +3787,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Rosemount RadarMaster and RadarMaster Plus + product: Rosemount IO-Link Assistant cves: cve-2021-4104: investigated: false @@ -3816,7 +3816,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Rosemount Radar Configuration Tool + product: Rosemount Level Detectors (21xx) cves: cve-2021-4104: investigated: false @@ -3845,7 +3845,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Rosemount 2460 System Hub + product: Rosemount Level Transmitters (14xx 33xx 53xx 54xx 56xx) cves: cve-2021-4104: investigated: false @@ -3874,7 +3874,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Rosemount 2410 Tank Hub + product: Rosemount Radar Configuration Tool cves: cve-2021-4104: investigated: false @@ -3903,7 +3903,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Rosemount 3490 Controller + product: Rosemount Radar Level Gauges (Pro 39xx 59xx) cves: cve-2021-4104: investigated: false @@ -3932,7 +3932,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Rosemount 2230 Graphical Field Display + product: Rosemount RadarMaster and RadarMaster Plus cves: cve-2021-4104: investigated: false @@ -3961,7 +3961,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Rosemount 2240S Multi-input Temperature Transmitter + product: Rosemount Tank Radar Gauges (TGUxx) cves: cve-2021-4104: investigated: false @@ -3990,7 +3990,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Rosemount CMS/SCU 51/SCC + product: Rosemount TankMaster and TankMaster Mobile cves: cve-2021-4104: investigated: false @@ -4019,7 +4019,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Rosemount CMS/WSU 51/SWF 51 + product: Spectrex family Flame Detectors and Rosemount 975 flame detector cves: cve-2021-4104: investigated: false @@ -4048,7 +4048,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Rosemount CMS/IOU 61 + product: USM 3410 and 3810 Series Ultrasonic Transmitters cves: cve-2021-4104: investigated: false @@ -4077,7 +4077,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Rosemount Level Transmitters (14xx 33xx 53xx 54xx 56xx) + product: USM 3410 and 3810 Series Ultrasonic Transmitters cves: cve-2021-4104: investigated: false @@ -4106,7 +4106,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Rosemount Radar Level Gauges (Pro 39xx 59xx) + product: Vortex and Magmeter Transmitters cves: cve-2021-4104: investigated: false @@ -4135,7 +4135,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Rosemount Tank Radar Gauges (TGUxx) + product: Vortex and Magmeter Transmitters cves: cve-2021-4104: investigated: false @@ -4164,7 +4164,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Rosemount Level Detectors (21xx) + product: WCM SWGM cves: cve-2021-4104: investigated: false @@ -4193,7 +4193,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Emerson Aperio software + product: WCM SWGM cves: cve-2021-4104: investigated: false diff --git a/data/cisagov_F.yml b/data/cisagov_F.yml index 5abf36e..054ebe8 100644 --- a/data/cisagov_F.yml +++ b/data/cisagov_F.yml @@ -243,7 +243,7 @@ software: - '' last_updated: '2022-01-12T07:18:52+00:00' - vendor: F5 - product: Traffix SDC + product: NGINX App Protect cves: cve-2021-4104: investigated: false @@ -252,11 +252,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 5.x (5.2.0 CF1 - - 5.1.0 CF-30 - 5.1.0 CF-33) + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 3.x cve-2021-45046: investigated: false affected_versions: [] @@ -269,13 +268,12 @@ software: unaffected_versions: [] vendor_links: - https://support.f5.com/csp/article/K19026212 - notes: 'Vulnerable components: EMS-ELK components (Fluentd + Elastic Search + - Kibana), Element Management System' + notes: '' references: - '' last_updated: '2022-01-12T07:18:52+00:00' - vendor: F5 - product: NGINX Plus + product: NGINX Controller cves: cve-2021-4104: investigated: false @@ -287,7 +285,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - R19 - R25 + - 3.x cve-2021-45046: investigated: false affected_versions: [] @@ -305,7 +303,7 @@ software: - '' last_updated: '2022-01-12T07:18:52+00:00' - vendor: F5 - product: NGINX Open Source + product: NGINX Ingress Controller cves: cve-2021-4104: investigated: false @@ -317,7 +315,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 1.x + - 1.x - 2.x cve-2021-45046: investigated: false affected_versions: [] @@ -335,7 +333,7 @@ software: - '' last_updated: '2022-01-12T07:18:52+00:00' - vendor: F5 - product: NGINX Unit + product: NGINX Instance Manager cves: cve-2021-4104: investigated: false @@ -365,7 +363,7 @@ software: - '' last_updated: '2022-01-12T07:18:52+00:00' - vendor: F5 - product: NGINX App Protect + product: NGINX Open Source cves: cve-2021-4104: investigated: false @@ -377,7 +375,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 3.x + - 1.x cve-2021-45046: investigated: false affected_versions: [] @@ -395,7 +393,7 @@ software: - '' last_updated: '2022-01-12T07:18:52+00:00' - vendor: F5 - product: NGINX Controller + product: NGINX Plus cves: cve-2021-4104: investigated: false @@ -407,7 +405,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 3.x + - R19 - R25 cve-2021-45046: investigated: false affected_versions: [] @@ -425,7 +423,7 @@ software: - '' last_updated: '2022-01-12T07:18:52+00:00' - vendor: F5 - product: NGINX Ingress Controller + product: NGINX Service Mesh cves: cve-2021-4104: investigated: false @@ -437,7 +435,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 1.x - 2.x + - 1.x cve-2021-45046: investigated: false affected_versions: [] @@ -455,7 +453,7 @@ software: - '' last_updated: '2022-01-12T07:18:52+00:00' - vendor: F5 - product: NGINX Instance Manager + product: NGINX Unit cves: cve-2021-4104: investigated: false @@ -485,7 +483,7 @@ software: - '' last_updated: '2022-01-12T07:18:52+00:00' - vendor: F5 - product: NGINX Service Mesh + product: Traffix SDC cves: cve-2021-4104: investigated: false @@ -494,10 +492,11 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 5.x (5.2.0 CF1 + - 5.1.0 CF-30 - 5.1.0 CF-33) fixed_versions: [] - unaffected_versions: - - 1.x + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -510,7 +509,8 @@ software: unaffected_versions: [] vendor_links: - https://support.f5.com/csp/article/K19026212 - notes: '' + notes: 'Vulnerable components: EMS-ELK components (Fluentd + Elastic Search + + Kibana), Element Management System' references: - '' last_updated: '2022-01-12T07:18:52+00:00' diff --git a/data/cisagov_G.yml b/data/cisagov_G.yml index a4fcb96..dce5a0e 100644 --- a/data/cisagov_G.yml +++ b/data/cisagov_G.yml @@ -65,7 +65,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: GE Gas Power - product: Baseline Security Center (BSC) + product: Asset Performance Management (APM) cves: cve-2021-4104: investigated: false @@ -89,13 +89,12 @@ software: unaffected_versions: [] vendor_links: - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf - notes: Vulnerability to be fixed by vendor provided workaround. No user actions - necessary. Contact GE for details. + notes: GE verifying workaround. references: - '' last_updated: '2021-12-22T00:00:00' - vendor: GE Gas Power - product: Baseline Security Center (BSC) 2.0 + product: Baseline Security Center (BSC) cves: cve-2021-4104: investigated: false @@ -120,12 +119,12 @@ software: vendor_links: - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf notes: Vulnerability to be fixed by vendor provided workaround. No user actions - necessary. Contact GE for details + necessary. Contact GE for details. references: - '' last_updated: '2021-12-22T00:00:00' - vendor: GE Gas Power - product: Asset Performance Management (APM) + product: Baseline Security Center (BSC) 2.0 cves: cve-2021-4104: investigated: false @@ -149,7 +148,8 @@ software: unaffected_versions: [] vendor_links: - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf - notes: GE verifying workaround. + notes: Vulnerability to be fixed by vendor provided workaround. No user actions + necessary. Contact GE for details references: - '' last_updated: '2021-12-22T00:00:00' @@ -536,7 +536,7 @@ software: - '' last_updated: '2022-01-12T07:18:52+00:00' - vendor: GoAnywhere - product: MFT + product: Gateway cves: cve-2021-4104: investigated: false @@ -546,7 +546,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - < 6.8.6 + - < 2.8.4 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -566,7 +566,7 @@ software: - '' last_updated: '2021-12-18T00:00:00' - vendor: GoAnywhere - product: Gateway + product: MFT cves: cve-2021-4104: investigated: false @@ -576,7 +576,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - < 2.8.4 + - < 6.8.6 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -679,12 +679,13 @@ software: unaffected_versions: [] vendor_links: - https://security.googleblog.com/2021/12/apache-log4j-vulnerability.html - notes: Chrome Browser releases, infrastructure and admin console are not using versions of Log4j affected by the vulnerability. + notes: Chrome Browser releases, infrastructure and admin console are not using + versions of Log4j affected by the vulnerability. references: - '' last_updated: '2022-01-14' - vendor: Google Cloud - product: AI Platform Data Labeling + product: Access Transparency cves: cve-2021-4104: investigated: false @@ -714,7 +715,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: AI Platform Neural Architecture Search (NAS) + product: Actifio cves: cve-2021-4104: investigated: false @@ -738,13 +739,15 @@ software: unaffected_versions: [] vendor_links: - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + notes: Actifio has identified limited exposure to the Log4j 2 vulnerability and + has released a hotfix to address this vulnerability. Visit [https://now.actifio.com](https://now.actifio.com) + for the full statement and to obtain the hotfix (available to Actifio customers + only). references: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: AI Platform Training and Prediction + product: AI Platform Data Labeling cves: cve-2021-4104: investigated: false @@ -774,7 +777,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Access Transparency + product: AI Platform Neural Architecture Search (NAS) cves: cve-2021-4104: investigated: false @@ -804,7 +807,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Actifio + product: AI Platform Training and Prediction cves: cve-2021-4104: investigated: false @@ -828,10 +831,8 @@ software: unaffected_versions: [] vendor_links: - https://cloud.google.com/log4j2-security-advisory - notes: Actifio has identified limited exposure to the Log4j 2 vulnerability and - has released a hotfix to address this vulnerability. Visit [https://now.actifio.com](https://now.actifio.com) - for the full statement and to obtain the hotfix (available to Actifio customers - only). + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' last_updated: '2021-12-21T00:00:00' @@ -989,7 +990,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Anthos Premium Software + product: Anthos on VMWare cves: cve-2021-4104: investigated: false @@ -1014,12 +1015,16 @@ software: vendor_links: - https://cloud.google.com/log4j2-security-advisory notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + in CVE-2021-44228 and CVE-2021-45046. We strongly encourage customers to check + VMware recommendations documented in VMSA-2021-0028 and deploy fixes or workarounds + to their VMware products as they become available. We also recommend customers + review their respective applications and workloads affected by the same vulnerabilities + and apply appropriate patches. references: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Anthos Service Mesh + product: Anthos Premium Software cves: cve-2021-4104: investigated: false @@ -1049,7 +1054,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Anthos on VMWare + product: Anthos Service Mesh cves: cve-2021-4104: investigated: false @@ -1074,11 +1079,7 @@ software: vendor_links: - https://cloud.google.com/log4j2-security-advisory notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. We strongly encourage customers to check - VMware recommendations documented in VMSA-2021-0028 and deploy fixes or workarounds - to their VMware products as they become available. We also recommend customers - review their respective applications and workloads affected by the same vulnerabilities - and apply appropriate patches. + in CVE-2021-44228 and CVE-2021-45046. references: - '' last_updated: '2021-12-21T00:00:00' @@ -1793,7 +1794,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Cloud DNS + product: Cloud Data Loss Prevention cves: cve-2021-4104: investigated: false @@ -1821,9 +1822,9 @@ software: in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-20T00:00:00' + last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Cloud Data Loss Prevention + product: Cloud Debugger cves: cve-2021-4104: investigated: false @@ -1853,7 +1854,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Cloud Debugger + product: Cloud Deployment Manager cves: cve-2021-4104: investigated: false @@ -1883,7 +1884,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Cloud Deployment Manager + product: Cloud DNS cves: cve-2021-4104: investigated: false @@ -1911,7 +1912,7 @@ software: in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-21T00:00:00' + last_updated: '2021-12-20T00:00:00' - vendor: Google Cloud product: Cloud Endpoints cves: @@ -2036,7 +2037,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Cloud Intrusion Detection System (IDS) + product: Cloud Interconnect cves: cve-2021-4104: investigated: false @@ -2066,7 +2067,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Cloud Interconnect + product: Cloud Intrusion Detection System (IDS) cves: cve-2021-4104: investigated: false @@ -2186,7 +2187,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Cloud Network Address Translation (NAT) + product: Cloud Natural Language API cves: cve-2021-4104: investigated: false @@ -2214,9 +2215,9 @@ software: in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-20T00:00:00' + last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Cloud Natural Language API + product: Cloud Network Address Translation (NAT) cves: cve-2021-4104: investigated: false @@ -2244,7 +2245,7 @@ software: in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-21T00:00:00' + last_updated: '2021-12-20T00:00:00' - vendor: Google Cloud product: Cloud Profiler cves: @@ -2372,7 +2373,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Cloud SDK + product: Cloud Scheduler cves: cve-2021-4104: investigated: false @@ -2402,7 +2403,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Cloud SQL + product: Cloud SDK cves: cve-2021-4104: investigated: false @@ -2430,9 +2431,9 @@ software: in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-19T00:00:00' + last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Cloud Scheduler + product: Cloud Shell cves: cve-2021-4104: investigated: false @@ -2457,12 +2458,15 @@ software: vendor_links: - https://cloud.google.com/log4j2-security-advisory notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate + logging solution that uses Log4j 2. We strongly encourage customers who manage + Cloud Shell environments to identify components dependent on Log4j 2 and update + them to the latest version. references: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Cloud Shell + product: Cloud Source Repositories cves: cve-2021-4104: investigated: false @@ -2487,15 +2491,12 @@ software: vendor_links: - https://cloud.google.com/log4j2-security-advisory notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate - logging solution that uses Log4j 2. We strongly encourage customers who manage - Cloud Shell environments to identify components dependent on Log4j 2 and update - them to the latest version. + in CVE-2021-44228 and CVE-2021-45046. references: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Cloud Source Repositories + product: Cloud Spanner cves: cve-2021-4104: investigated: false @@ -2523,9 +2524,9 @@ software: in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-21T00:00:00' + last_updated: '2021-12-19T00:00:00' - vendor: Google Cloud - product: Cloud Spanner + product: Cloud SQL cves: cve-2021-4104: investigated: false @@ -2705,7 +2706,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Cloud VPN + product: Cloud Vision cves: cve-2021-4104: investigated: false @@ -2733,9 +2734,9 @@ software: in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-20T00:00:00' + last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Cloud Vision + product: Cloud Vision OCR On-Prem cves: cve-2021-4104: investigated: false @@ -2765,7 +2766,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Cloud Vision OCR On-Prem + product: Cloud VPN cves: cve-2021-4104: investigated: false @@ -2793,7 +2794,7 @@ software: in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-21T00:00:00' + last_updated: '2021-12-20T00:00:00' - vendor: Google Cloud product: CompilerWorks cves: @@ -4866,7 +4867,7 @@ software: - '' last_updated: '2022-01-12T07:18:53+00:00' - vendor: Gravitee - product: API Management + product: Alert Engine cves: cve-2021-4104: investigated: false @@ -4878,7 +4879,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 3.10.x + - 1.5.x cve-2021-45046: investigated: false affected_versions: [] @@ -4896,7 +4897,7 @@ software: - '' last_updated: '2022-01-12T07:18:53+00:00' - vendor: Gravitee - product: API Management + product: Alert Engine cves: cve-2021-4104: investigated: false @@ -4908,7 +4909,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 3.5.x + - 1.4.x cve-2021-45046: investigated: false affected_versions: [] @@ -4926,7 +4927,7 @@ software: - '' last_updated: '2022-01-12T07:18:53+00:00' - vendor: Gravitee - product: Alert Engine + product: API Management cves: cve-2021-4104: investigated: false @@ -4938,7 +4939,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 1.5.x + - 3.10.x cve-2021-45046: investigated: false affected_versions: [] @@ -4956,7 +4957,7 @@ software: - '' last_updated: '2022-01-12T07:18:53+00:00' - vendor: Gravitee - product: Alert Engine + product: API Management cves: cve-2021-4104: investigated: false @@ -4968,7 +4969,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 1.4.x + - 3.5.x cve-2021-45046: investigated: false affected_versions: [] diff --git a/data/cisagov_H.yml b/data/cisagov_H.yml index 6456aa3..31674d6 100644 --- a/data/cisagov_H.yml +++ b/data/cisagov_H.yml @@ -423,7 +423,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -453,7 +453,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -483,7 +483,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -512,7 +512,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '< 10.0.7' + - < 10.0.7 unaffected_versions: [] cve-2021-45046: investigated: false @@ -543,7 +543,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -573,7 +573,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -603,7 +603,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -661,9 +661,9 @@ software: investigated: true affected_versions: [] fixed_versions: - - '1.21.7-1.22.9' - - '2.0.3-2.1.5' - - '2.2.0-3.0.2' + - 1.21.7-1.22.9 + - 2.0.3-2.1.5 + - 2.2.0-3.0.2 unaffected_versions: [] cve-2021-45046: investigated: false @@ -751,7 +751,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'Elasticsearch 5.0.0+' + - Elasticsearch 5.0.0+ unaffected_versions: [] cve-2021-45046: investigated: false @@ -770,6 +770,40 @@ software: references: - '' last_updated: '2022-01-05T00:00:00' + - vendor: Hitachi Energy + product: 3rd party - Oracle Database Components + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '12.1' + - '12.2' + - 19c + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch + notes: As this is a third-party component, a separate patch management report + will be provided to customers with the steps to apply the Oracle provided patches + for these components. + references: + - '' + last_updated: '2022-01-05T00:00:00' - vendor: Hitachi Energy product: Axis cves: @@ -813,7 +847,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'v6' + - v6 unaffected_versions: [] cve-2021-45046: investigated: false @@ -904,10 +938,10 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'R15A' - - 'R14B' - - 'R14A' - - 'R11B SP1' + - R15A + - R14B + - R14A + - R11B SP1 unaffected_versions: [] cve-2021-45046: investigated: false @@ -940,7 +974,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'R11A and R10 series' + - R11A and R10 series unaffected_versions: [] cve-2021-45046: investigated: false @@ -960,7 +994,7 @@ software: - '' last_updated: '2022-01-05T00:00:00' - vendor: Hitachi Energy - product: Lumada APM SaaS offering + product: Lumada APM On-premises cves: cve-2021-4104: investigated: false @@ -984,13 +1018,12 @@ software: unaffected_versions: [] vendor_links: - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch - notes: No action is required by customers. The SaaS offering has been patched - per the recommendations. + notes: See vendor advisory for instructions for various versions. references: - '' last_updated: '2022-01-05T00:00:00' - vendor: Hitachi Energy - product: Lumada APM On-premises + product: Lumada APM SaaS offering cves: cve-2021-4104: investigated: false @@ -1014,7 +1047,8 @@ software: unaffected_versions: [] vendor_links: - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch - notes: See vendor advisory for instructions for various versions. + notes: No action is required by customers. The SaaS offering has been patched + per the recommendations. references: - '' last_updated: '2022-01-05T00:00:00' @@ -1030,9 +1064,9 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'v1.7.x' - - 'v1.8.x' - - 'v1.9.x' + - v1.7.x + - v1.8.x + - v1.9.x unaffected_versions: [] cve-2021-45046: investigated: false @@ -1079,38 +1113,6 @@ software: references: - '' last_updated: '2022-01-05T00:00:00' - - vendor: Hitachi Energy - product: Network Manager Outage Management Interface (CMI) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - '9.0-9.10.44' - - '9.1.1' - - '10.3.4' - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch - notes: See vendor advisory for instructions on mitigation steps. - references: - - '' - last_updated: '2022-01-05T00:00:00' - vendor: Hitachi Energy product: Network Manager ADMS Network Model Server cves: @@ -1123,7 +1125,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '9.1.0.32-9.1.0.44' + - 9.1.0.32-9.1.0.44 unaffected_versions: [] cve-2021-45046: investigated: false @@ -1142,7 +1144,7 @@ software: - '' last_updated: '2022-01-05T00:00:00' - vendor: Hitachi Energy - product: 3rd party - Oracle Database Components + product: Network Manager Outage Management Interface (CMI) cves: cve-2021-4104: investigated: false @@ -1153,9 +1155,9 @@ software: investigated: true affected_versions: [] fixed_versions: - - '12.1' - - '12.2' - - '19c' + - 9.0-9.10.44 + - 9.1.1 + - 10.3.4 unaffected_versions: [] cve-2021-45046: investigated: false @@ -1169,9 +1171,7 @@ software: unaffected_versions: [] vendor_links: - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch - notes: As this is a third-party component, a separate patch management report - will be provided to customers with the steps to apply the Oracle provided patches - for these components. + notes: See vendor advisory for instructions on mitigation steps. references: - '' last_updated: '2022-01-05T00:00:00' @@ -1187,8 +1187,8 @@ software: investigated: true affected_versions: [] fixed_versions: - - '3.7.15' - - '3.7.16' + - 3.7.15 + - 3.7.16 unaffected_versions: [] cve-2021-45046: investigated: false @@ -1218,7 +1218,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '2.0.0' + - 2.0.0 unaffected_versions: [] cve-2021-45046: investigated: false @@ -1249,10 +1249,10 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'R15A' - - 'R14B' - - 'R14A' - - 'R11B SP1' + - R15A + - R14B + - R14A + - R11B SP1 unaffected_versions: [] cve-2021-45046: investigated: false @@ -1285,7 +1285,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'R11A and R10 series' + - R11A and R10 series unaffected_versions: [] cve-2021-45046: investigated: false @@ -1334,7 +1334,7 @@ software: - '' last_updated: '2022-01-12T07:18:53+00:00' - vendor: HMS Industrial Networks AB - product: Talk2M including M2Web + product: Cosy, Flexy and Ewon CD cves: cve-2021-4104: investigated: false @@ -1363,7 +1363,7 @@ software: - '' last_updated: '2022-01-05T00:00:00' - vendor: HMS Industrial Networks AB - product: Cosy, Flexy and Ewon CD + product: eCatcher Mobile applications cves: cve-2021-4104: investigated: false @@ -1421,7 +1421,7 @@ software: - '' last_updated: '2022-01-05T00:00:00' - vendor: HMS Industrial Networks AB - product: eCatcher Mobile applications + product: Netbiter Hardware including EC, WS, and LC cves: cve-2021-4104: investigated: false @@ -1450,7 +1450,7 @@ software: - '' last_updated: '2022-01-05T00:00:00' - vendor: HMS Industrial Networks AB - product: Netbiter Hardware including EC, WS, and LC + product: Talk2M including M2Web cves: cve-2021-4104: investigated: false @@ -1478,8 +1478,8 @@ software: references: - '' last_updated: '2022-01-05T00:00:00' - - vendor: Honeywell - product: '' + - vendor: HOLOGIC + product: Advanced Workflow Manager (AWM) cves: cve-2021-4104: investigated: false @@ -1502,13 +1502,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.honeywell.com/us/en/press/2021/12/honeywells-statement-on-java-apache-log4j-logging-framework-vulnerability - notes: '' + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: While the Hologic software itself does not utilize Java/Log4J, the installed + APC PowerChute UPS with Business Edition v9.5 software installed may. APC is + still assessing its PowerChute software to determine if it is vulnerable. references: - '' - last_updated: '2022-01-12T07:18:53+00:00' - - vendor: HP - product: Teradici Cloud Access Controller + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: Affirm Prone Biopsy System cves: cve-2021-4104: investigated: false @@ -1516,10 +1518,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - '< v113' + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -1532,13 +1533,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hp.com/us-en/document/ish_5268006-5268030-16 + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: HP - product: Teradici EMSDK + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: Brevera Breast Biopsy System cves: cve-2021-4104: investigated: false @@ -1546,10 +1547,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - '< 1.0.6' + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -1562,13 +1562,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hp.com/us-en/document/ish_5268006-5268030-16 + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: HP - product: Teradici Management Console + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: Cenova Image Analytics Server cves: cve-2021-4104: investigated: false @@ -1576,10 +1576,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - '< 21.10.3' + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -1592,13 +1591,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hp.com/us-en/document/ish_5268006-5268030-16 + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: HP - product: Teradici PCoIP Connection Manager + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: Dimensions / 3Dimensions Mammography System cves: cve-2021-4104: investigated: false @@ -1606,11 +1605,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - '< 21.03.6' - - '< 20.07.4' + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -1623,13 +1620,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hp.com/us-en/document/ish_5268006-5268030-16 + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: HP - product: Teradici PCoIP License Server + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: Discovery Bone Densitometer cves: cve-2021-4104: investigated: false @@ -1652,13 +1649,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hp.com/us-en/document/ish_5268006-5268030-16 + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: HPE - product: 3PAR StoreServ Arrays + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: Faxitron CT Specimen Radiography System cves: cve-2021-4104: investigated: false @@ -1681,13 +1678,16 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: While the Hologic software itself does not utilize Java/Log4J, there is + a utility program installed that may utilize Java and Log4J. This utility program + does not run on startup and is not required for system operation. Please contact + Hologic Service for assistance in removing this program. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: AirWave Management Platform + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: Faxitron Specimen Radiography Systems cves: cve-2021-4104: investigated: false @@ -1710,13 +1710,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Alletra 6000 + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: Fluoroscan Insight Mini C-Arm cves: cve-2021-4104: investigated: false @@ -1739,13 +1739,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Alletra 9k + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: Horizon DXA Bone Densitometer cves: cve-2021-4104: investigated: false @@ -1768,13 +1768,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Aruba Central + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: Rosetta DC Tomosynthesis Data Converter cves: cve-2021-4104: investigated: false @@ -1797,13 +1797,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Aruba ClearPass Policy Manager + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: SecurView DX Workstation cves: cve-2021-4104: investigated: false @@ -1826,13 +1826,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Aruba ClearPass Policy Manager + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: SecurXChange Router cves: cve-2021-4104: investigated: false @@ -1855,13 +1855,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Aruba Instant (IAP) + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: SuperSonic Imagine Ultrasound Products (Aixplorer & Aixplorer Mach) cves: cve-2021-4104: investigated: false @@ -1884,13 +1884,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Aruba Location Services + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: Trident HD Specimen Radiography System cves: cve-2021-4104: investigated: false @@ -1913,13 +1913,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Aruba NetEdit + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: Unifi Workspace cves: cve-2021-4104: investigated: false @@ -1942,13 +1942,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: While the Hologic software itself does not utilize Java/Log4J, the installed + APC PowerChute UPS with Business Edition v9.5 software installed may. APC is + still assessing its PowerChute software to determine if it is vulnerable. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Aruba PVOS Switches + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: Windows Selenia Mammography System cves: cve-2021-4104: investigated: false @@ -1971,13 +1973,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Aruba SDN VAN Controller + last_updated: '2021-12-20T00:00:00' + - vendor: Honeywell + product: '' cves: cve-2021-4104: investigated: false @@ -2000,13 +2002,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.honeywell.com/us/en/press/2021/12/honeywells-statement-on-java-apache-log4j-logging-framework-vulnerability + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Aruba User Experience Insight (UXI) + last_updated: '2022-01-12T07:18:53+00:00' + - vendor: HP + product: Teradici Cloud Access Controller cves: cve-2021-4104: investigated: false @@ -2014,9 +2016,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - < v113 unaffected_versions: [] cve-2021-45046: investigated: false @@ -2029,13 +2032,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://support.hp.com/us-en/document/ish_5268006-5268030-16 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Aruba VIA Client + last_updated: '2021-12-17T00:00:00' + - vendor: HP + product: Teradici EMSDK cves: cve-2021-4104: investigated: false @@ -2043,9 +2046,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - < 1.0.6 unaffected_versions: [] cve-2021-45046: investigated: false @@ -2058,13 +2062,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://support.hp.com/us-en/document/ish_5268006-5268030-16 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: ArubaOS-CX switches + last_updated: '2021-12-17T00:00:00' + - vendor: HP + product: Teradici Management Console cves: cve-2021-4104: investigated: false @@ -2072,9 +2076,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - < 21.10.3 unaffected_versions: [] cve-2021-45046: investigated: false @@ -2087,13 +2092,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://support.hp.com/us-en/document/ish_5268006-5268030-16 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: ArubaOS-S switches + last_updated: '2021-12-17T00:00:00' + - vendor: HP + product: Teradici PCoIP Connection Manager cves: cve-2021-4104: investigated: false @@ -2101,9 +2106,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - < 21.03.6 + - < 20.07.4 unaffected_versions: [] cve-2021-45046: investigated: false @@ -2116,13 +2123,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://support.hp.com/us-en/document/ish_5268006-5268030-16 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: ArubaOS SD-WAN Controllers and Gateways + last_updated: '2021-12-17T00:00:00' + - vendor: HP + product: Teradici PCoIP License Server cves: cve-2021-4104: investigated: false @@ -2145,13 +2152,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://support.hp.com/us-en/document/ish_5268006-5268030-16 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' + last_updated: '2021-12-17T00:00:00' - vendor: HPE - product: ArubaOS Wi-Fi Controllers and Gateways + product: 3PAR StoreServ Arrays cves: cve-2021-4104: investigated: false @@ -2180,7 +2187,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: BladeSystem Onboard Administrator + product: AirWave Management Platform cves: cve-2021-4104: investigated: false @@ -2209,7 +2216,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Brocade 16Gb Fibre Channel SAN Switch for HPE Synergy + product: Alletra 6000 cves: cve-2021-4104: investigated: false @@ -2238,7 +2245,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Brocade 16Gb SAN Switch for HPE BladeSystem c-Class + product: Alletra 9k cves: cve-2021-4104: investigated: false @@ -2267,7 +2274,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Brocade 32Gb Fibre Channel SAN Switch for HPE Synergy + product: Aruba Central cves: cve-2021-4104: investigated: false @@ -2296,7 +2303,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Brocade Network Advisor + product: Aruba ClearPass Policy Manager cves: cve-2021-4104: investigated: false @@ -2325,7 +2332,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: CloudAuth + product: Aruba ClearPass Policy Manager cves: cve-2021-4104: investigated: false @@ -2354,7 +2361,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: CloudPhysics + product: Aruba Instant (IAP) cves: cve-2021-4104: investigated: false @@ -2383,7 +2390,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Compute Cloud Console + product: Aruba Location Services cves: cve-2021-4104: investigated: false @@ -2412,7 +2419,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Compute operations manager- FW UPDATE SERVICE + product: Aruba NetEdit cves: cve-2021-4104: investigated: false @@ -2441,7 +2448,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: COS (Cray Operating System) + product: Aruba PVOS Switches cves: cve-2021-4104: investigated: false @@ -2470,7 +2477,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Cray Systems Management (CSM) + product: Aruba SDN VAN Controller cves: cve-2021-4104: investigated: false @@ -2499,7 +2506,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Custom SPP Portal [Link](https://spp.hpe.com/custom) + product: Aruba User Experience Insight (UXI) cves: cve-2021-4104: investigated: false @@ -2528,7 +2535,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Data Services Cloud Console + product: Aruba VIA Client cves: cve-2021-4104: investigated: false @@ -2557,7 +2564,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Harmony Data Platform + product: ArubaOS SD-WAN Controllers and Gateways cves: cve-2021-4104: investigated: false @@ -2586,7 +2593,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HOP public services (grafana, vault, rancher, Jenkins) + product: ArubaOS Wi-Fi Controllers and Gateways cves: cve-2021-4104: investigated: false @@ -2615,7 +2622,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE B-series SN2600B SAN Extension Switch + product: ArubaOS-CX switches cves: cve-2021-4104: investigated: false @@ -2644,7 +2651,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE B-series SN4000B SAN Extension Switch + product: ArubaOS-S switches cves: cve-2021-4104: investigated: false @@ -2673,7 +2680,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE B-series SN6000B Fibre Channel Switch + product: BladeSystem Onboard Administrator cves: cve-2021-4104: investigated: false @@ -2702,7 +2709,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE B-series SN6500B Fibre Channel Switch + product: Brocade 16Gb Fibre Channel SAN Switch for HPE Synergy cves: cve-2021-4104: investigated: false @@ -2731,7 +2738,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE B-series SN6600B Fibre Channel Switch + product: Brocade 16Gb SAN Switch for HPE BladeSystem c-Class cves: cve-2021-4104: investigated: false @@ -2760,7 +2767,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE B-series SN6650B Fibre Channel Switch + product: Brocade 32Gb Fibre Channel SAN Switch for HPE Synergy cves: cve-2021-4104: investigated: false @@ -2789,7 +2796,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE B-series SN6700B Fibre Channel Switch + product: Brocade Network Advisor cves: cve-2021-4104: investigated: false @@ -2818,7 +2825,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE Customer Experience Assurance (CEA) + product: CloudAuth cves: cve-2021-4104: investigated: false @@ -2845,9 +2852,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-14T00:00:00' + last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE Hardware Support Manager plug-in for VMware vSphere Lifecycle Manager + product: CloudPhysics cves: cve-2021-4104: investigated: false @@ -2876,7 +2883,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE Home Location Register (HLR/I-HLR) + product: Compute Cloud Console cves: cve-2021-4104: investigated: false @@ -2903,9 +2910,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-14T00:00:00' + last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE Infosight for Servers + product: Compute operations manager- FW UPDATE SERVICE cves: cve-2021-4104: investigated: false @@ -2934,7 +2941,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE Integrated Home Subscriber Server (I-HSS) + product: COS (Cray Operating System) cves: cve-2021-4104: investigated: false @@ -2961,9 +2968,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-14T00:00:00' + last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE Intelligent Messaging (IM) + product: Cray Systems Management (CSM) cves: cve-2021-4104: investigated: false @@ -2990,9 +2997,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-14T00:00:00' + last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE Intelligent Network Server (INS) + product: Custom SPP Portal [Link](https://spp.hpe.com/custom) cves: cve-2021-4104: investigated: false @@ -3019,9 +3026,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-14T00:00:00' + last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE Multimedia Services Environment (MSE) + product: Data Services Cloud Console cves: cve-2021-4104: investigated: false @@ -3048,9 +3055,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-14T00:00:00' + last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE OC Convergent Communications Platform (OCCP) + product: Harmony Data Platform cves: cve-2021-4104: investigated: false @@ -3077,9 +3084,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-14T00:00:00' + last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE OC Media Platform Media Resource Function (OCMP-MRF) + product: HOP public services (grafana, vault, rancher, Jenkins) cves: cve-2021-4104: investigated: false @@ -3106,9 +3113,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-14T00:00:00' + last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE OC Service Access Controller (OC SAC) + product: HPE B-series SN2600B SAN Extension Switch cves: cve-2021-4104: investigated: false @@ -3135,9 +3142,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-14T00:00:00' + last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE OC Service Controller (OCSC) + product: HPE B-series SN4000B SAN Extension Switch cves: cve-2021-4104: investigated: false @@ -3164,9 +3171,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-14T00:00:00' + last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE OC Universal Signaling Platform (OC-USP-M) + product: HPE B-series SN6000B Fibre Channel Switch cves: cve-2021-4104: investigated: false @@ -3193,9 +3200,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-14T00:00:00' + last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE OneView + product: HPE B-series SN6500B Fibre Channel Switch cves: cve-2021-4104: investigated: false @@ -3224,7 +3231,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE OneView for VMware vRealize Operations (vROps) + product: HPE B-series SN6600B Fibre Channel Switch cves: cve-2021-4104: investigated: false @@ -3253,7 +3260,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE OneView Global Dashboard + product: HPE B-series SN6650B Fibre Channel Switch cves: cve-2021-4104: investigated: false @@ -3282,7 +3289,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE Performance Cluster Manager (HPCM) + product: HPE B-series SN6700B Fibre Channel Switch cves: cve-2021-4104: investigated: false @@ -3309,9 +3316,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-14T00:00:00' + last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE Performance Manager (PM) + product: HPE Customer Experience Assurance (CEA) cves: cve-2021-4104: investigated: false @@ -3340,7 +3347,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: HPE Position Determination Entity (PDE) + product: HPE Hardware Support Manager plug-in for VMware vSphere Lifecycle Manager cves: cve-2021-4104: investigated: false @@ -3367,9 +3374,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-14T00:00:00' + last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE Secure Identity Broker (SIB) + product: HPE Home Location Register (HLR/I-HLR) cves: cve-2021-4104: investigated: false @@ -3398,7 +3405,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: HPE Service Activator (SA) + product: HPE Infosight for Servers cves: cve-2021-4104: investigated: false @@ -3425,9 +3432,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-14T00:00:00' + last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE Service Governance Framework (SGF) + product: HPE Integrated Home Subscriber Server (I-HSS) cves: cve-2021-4104: investigated: false @@ -3456,7 +3463,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: HPE Service Orchestration Manager (SOM) + product: HPE Intelligent Messaging (IM) cves: cve-2021-4104: investigated: false @@ -3485,7 +3492,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: HPE Service Provisioner (SP) + product: HPE Intelligent Network Server (INS) cves: cve-2021-4104: investigated: false @@ -3514,7 +3521,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: HPE Short Message Point-to-Point Gateway (SMPP) + product: HPE Multimedia Services Environment (MSE) cves: cve-2021-4104: investigated: false @@ -3543,7 +3550,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: HPE Slingshot + product: HPE OC Convergent Communications Platform (OCCP) cves: cve-2021-4104: investigated: false @@ -3570,9 +3577,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-12T00:00:00' + last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: HPE Smart Interaction Server (SIS) + product: HPE OC Media Platform Media Resource Function (OCMP-MRF) cves: cve-2021-4104: investigated: false @@ -3601,7 +3608,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: HPE SN3000B Fibre Channel Switch + product: HPE OC Service Access Controller (OC SAC) cves: cve-2021-4104: investigated: false @@ -3628,9 +3635,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-12T00:00:00' + last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: HPE SN8000B 4-Slot SAN Director Switch + product: HPE OC Service Controller (OCSC) cves: cve-2021-4104: investigated: false @@ -3657,9 +3664,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-12T00:00:00' + last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: HPE SN8000B 8-Slot SAN Backbone Director Switch + product: HPE OC Universal Signaling Platform (OC-USP-M) cves: cve-2021-4104: investigated: false @@ -3686,9 +3693,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-12T00:00:00' + last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: HPE SN8600B 4-Slot SAN Director Switch + product: HPE OneView cves: cve-2021-4104: investigated: false @@ -3717,7 +3724,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE SN8600B 8-Slot SAN Director Switch + product: HPE OneView for VMware vRealize Operations (vROps) cves: cve-2021-4104: investigated: false @@ -3746,7 +3753,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE SN8700B 4-Slot Director Switch + product: HPE OneView Global Dashboard cves: cve-2021-4104: investigated: false @@ -3775,7 +3782,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE SN8700B 8-Slot Director Switch + product: HPE Performance Cluster Manager (HPCM) cves: cve-2021-4104: investigated: false @@ -3802,9 +3809,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-12T00:00:00' + last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: HPE Subscriber, Network, and Application Policy (SNAP) + product: HPE Performance Manager (PM) cves: cve-2021-4104: investigated: false @@ -3833,7 +3840,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: HPE Subscription Manager (SM) + product: HPE Position Determination Entity (PDE) cves: cve-2021-4104: investigated: false @@ -3862,7 +3869,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: HPE Synergy Image Streamer + product: HPE Secure Identity Broker (SIB) cves: cve-2021-4104: investigated: false @@ -3889,9 +3896,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-12T00:00:00' + last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: HPE Systems Insight Manager (SIM) + product: HPE Service Activator (SA) cves: cve-2021-4104: investigated: false @@ -3918,9 +3925,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-12T00:00:00' + last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: HPE Telecom Application Server (TAS) + product: HPE Service Governance Framework (SGF) cves: cve-2021-4104: investigated: false @@ -3949,7 +3956,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: HPE Unified Correlation and Automation (UCA) + product: HPE Service Orchestration Manager (SOM) cves: cve-2021-4104: investigated: false @@ -3978,7 +3985,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: HPE Unified Mediation Bus (UMB) + product: HPE Service Provisioner (SP) cves: cve-2021-4104: investigated: false @@ -4007,7 +4014,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: HPE Unified OSS Console (UOC) + product: HPE Short Message Point-to-Point Gateway (SMPP) cves: cve-2021-4104: investigated: false @@ -4036,7 +4043,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: HPE Unified Topology Manager (UTM) + product: HPE Slingshot cves: cve-2021-4104: investigated: false @@ -4063,9 +4070,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-14T00:00:00' + last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE Universal Identity Repository (VIR) + product: HPE Smart Interaction Server (SIS) cves: cve-2021-4104: investigated: false @@ -4094,7 +4101,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: HPE Universal SLA Manager (uSLAM) + product: HPE SN3000B Fibre Channel Switch cves: cve-2021-4104: investigated: false @@ -4121,9 +4128,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-14T00:00:00' + last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE Virtual Connect + product: HPE SN8000B 4-Slot SAN Director Switch cves: cve-2021-4104: investigated: false @@ -4152,7 +4159,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE Virtual Connect Enterprise Manager (VCEM) + product: HPE SN8000B 8-Slot SAN Backbone Director Switch cves: cve-2021-4104: investigated: false @@ -4181,7 +4188,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE Virtual Provisioning Gateway (vPGW) + product: HPE SN8600B 4-Slot SAN Director Switch cves: cve-2021-4104: investigated: false @@ -4208,9 +4215,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-14T00:00:00' + last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE Virtual Server Environment (VSE) + product: HPE SN8600B 8-Slot SAN Director Switch cves: cve-2021-4104: investigated: false @@ -4239,7 +4246,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE Virtual Subscriber Data Management (vSDM) + product: HPE SN8700B 4-Slot Director Switch cves: cve-2021-4104: investigated: false @@ -4266,9 +4273,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-14T00:00:00' + last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE WebRTC Gateway Controller (WGW) + product: HPE SN8700B 8-Slot Director Switch cves: cve-2021-4104: investigated: false @@ -4295,9 +4302,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-14T00:00:00' + last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE Wi-Fi Authentication Gateway (WauG) + product: HPE Subscriber, Network, and Application Policy (SNAP) cves: cve-2021-4104: investigated: false @@ -4324,9 +4331,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-12T00:00:00' + last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: Insight Cluster Management Utility (CMU) + product: HPE Subscription Manager (SM) cves: cve-2021-4104: investigated: false @@ -4353,9 +4360,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-12T00:00:00' + last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: Integrated Lights-Out (iLO) Amplifier Pack + product: HPE Synergy Image Streamer cves: cve-2021-4104: investigated: false @@ -4384,7 +4391,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Integrated Lights-Out 4 (iLO 4) + product: HPE Systems Insight Manager (SIM) cves: cve-2021-4104: investigated: false @@ -4392,11 +4399,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '4' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -4414,7 +4420,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Integrated Lights-Out 5 (iLO 5) + product: HPE Telecom Application Server (TAS) cves: cve-2021-4104: investigated: false @@ -4422,11 +4428,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '5' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -4442,9 +4447,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-12T00:00:00' + last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: Integrity BL860c, BL870c, BL890c + product: HPE Unified Correlation and Automation (UCA) cves: cve-2021-4104: investigated: false @@ -4471,9 +4476,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-12T00:00:00' + last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: Integrity Rx2800/Rx2900 + product: HPE Unified Mediation Bus (UMB) cves: cve-2021-4104: investigated: false @@ -4500,9 +4505,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-12T00:00:00' + last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: Integrity Superdome 2 + product: HPE Unified OSS Console (UOC) cves: cve-2021-4104: investigated: false @@ -4529,9 +4534,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-12T00:00:00' + last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: Integrity Superdome X + product: HPE Unified Topology Manager (UTM) cves: cve-2021-4104: investigated: false @@ -4558,9 +4563,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-12T00:00:00' + last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: Intelligent Provisioning + product: HPE Universal Identity Repository (VIR) cves: cve-2021-4104: investigated: false @@ -4587,9 +4592,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-12T00:00:00' + last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: iSUT integrated smart update tool + product: HPE Universal SLA Manager (uSLAM) cves: cve-2021-4104: investigated: false @@ -4616,9 +4621,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-12T00:00:00' + last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: Maven Artifacts (Atlas) + product: HPE Virtual Connect cves: cve-2021-4104: investigated: false @@ -4647,7 +4652,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: MSA + product: HPE Virtual Connect Enterprise Manager (VCEM) cves: cve-2021-4104: investigated: false @@ -4676,7 +4681,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: NetEdit + product: HPE Virtual Provisioning Gateway (vPGW) cves: cve-2021-4104: investigated: false @@ -4703,9 +4708,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-12T00:00:00' + last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: Nimble Storage + product: HPE Virtual Server Environment (VSE) cves: cve-2021-4104: investigated: false @@ -4734,7 +4739,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: NS-T0634-OSM CONSOLE TOOLS + product: HPE Virtual Subscriber Data Management (vSDM) cves: cve-2021-4104: investigated: false @@ -4761,9 +4766,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-12T00:00:00' + last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: NS-T0977-SCHEMA VALIDATOR + product: HPE WebRTC Gateway Controller (WGW) cves: cve-2021-4104: investigated: false @@ -4790,9 +4795,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-12T00:00:00' + last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: OfficeConnect + product: HPE Wi-Fi Authentication Gateway (WauG) cves: cve-2021-4104: investigated: false @@ -4821,7 +4826,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Primera Storage + product: Insight Cluster Management Utility (CMU) cves: cve-2021-4104: investigated: false @@ -4850,7 +4855,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: RepoServer part of OPA (on Premises aggregator) + product: Integrated Lights-Out (iLO) Amplifier Pack cves: cve-2021-4104: investigated: false @@ -4879,7 +4884,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Resource Aggregator for Open Distributed Infrastructure Management + product: Integrated Lights-Out 4 (iLO 4) cves: cve-2021-4104: investigated: false @@ -4887,10 +4892,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '4' cve-2021-45046: investigated: false affected_versions: [] @@ -4908,7 +4914,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: RESTful Interface Tool (iLOREST) + product: Integrated Lights-Out 5 (iLO 5) cves: cve-2021-4104: investigated: false @@ -4916,10 +4922,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '5' cve-2021-45046: investigated: false affected_versions: [] @@ -4937,7 +4944,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: SAT (System Admin Toolkit) + product: Integrity BL860c, BL870c, BL890c cves: cve-2021-4104: investigated: false @@ -4966,7 +4973,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Scripting Tools for Windows PowerShell (HPEiLOCmdlets) + product: Integrity Rx2800/Rx2900 cves: cve-2021-4104: investigated: false @@ -4995,7 +5002,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: SGI MC990 X Server + product: Integrity Superdome 2 cves: cve-2021-4104: investigated: false @@ -5024,7 +5031,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: SGI UV 2000 Server + product: Integrity Superdome X cves: cve-2021-4104: investigated: false @@ -5053,7 +5060,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: SGI UV 300, 300H, 300RL, 30EX + product: Intelligent Provisioning cves: cve-2021-4104: investigated: false @@ -5082,7 +5089,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: SGI UV 3000 Server + product: iSUT integrated smart update tool cves: cve-2021-4104: investigated: false @@ -5111,7 +5118,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: SN8700B 8-Slot Director Switch + product: Maven Artifacts (Atlas) cves: cve-2021-4104: investigated: false @@ -5140,7 +5147,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: StoreEasy + product: MSA cves: cve-2021-4104: investigated: false @@ -5169,7 +5176,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: StoreEver CVTL + product: NetEdit cves: cve-2021-4104: investigated: false @@ -5198,7 +5205,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: StoreEver LTO Tape Drives + product: Nimble Storage cves: cve-2021-4104: investigated: false @@ -5227,7 +5234,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: StoreEver MSL Tape Libraries + product: NS-T0634-OSM CONSOLE TOOLS cves: cve-2021-4104: investigated: false @@ -5256,7 +5263,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: StoreOnce + product: NS-T0977-SCHEMA VALIDATOR cves: cve-2021-4104: investigated: false @@ -5285,7 +5292,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: SUM (Smart Update Manager) + product: OfficeConnect cves: cve-2021-4104: investigated: false @@ -5314,7 +5321,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Superdome Flex 280 + product: Primera Storage cves: cve-2021-4104: investigated: false @@ -5343,7 +5350,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Superdome Flex Server + product: RepoServer part of OPA (on Premises aggregator) cves: cve-2021-4104: investigated: false @@ -5372,7 +5379,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: UAN (User Access Node) + product: Resource Aggregator for Open Distributed Infrastructure Management cves: cve-2021-4104: investigated: false @@ -5400,8 +5407,8 @@ software: references: - '' last_updated: '2021-12-12T00:00:00' - - vendor: HPE/Micro Focus - product: Data Protector + - vendor: HPE + product: RESTful Interface Tool (iLOREST) cves: cve-2021-4104: investigated: false @@ -5409,10 +5416,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - '9.09' + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -5425,13 +5431,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://portal.microfocus.com/s/article/KM000003243 - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - - '[https://portal.microfocus.com/s/article/KM000003050](https://portal.microfocus.com/s/article/KM000003050)' - last_updated: '2021-12-17T00:00:00' - - vendor: HOLOGIC - product: Advanced Workflow Manager (AWM) + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: SAT (System Admin Toolkit) cves: cve-2021-4104: investigated: false @@ -5454,15 +5460,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity - notes: While the Hologic software itself does not utilize Java/Log4J, the installed - APC PowerChute UPS with Business Edition v9.5 software installed may. APC is - still assessing its PowerChute software to determine if it is vulnerable. + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: Unifi Workspace + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Scripting Tools for Windows PowerShell (HPEiLOCmdlets) cves: cve-2021-4104: investigated: false @@ -5485,15 +5489,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity - notes: While the Hologic software itself does not utilize Java/Log4J, the installed - APC PowerChute UPS with Business Edition v9.5 software installed may. APC is - still assessing its PowerChute software to determine if it is vulnerable. + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: Faxitron CT Specimen Radiography System + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: SGI MC990 X Server cves: cve-2021-4104: investigated: false @@ -5516,16 +5518,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity - notes: While the Hologic software itself does not utilize Java/Log4J, there is - a utility program installed that may utilize Java and Log4J. This utility program - does not run on startup and is not required for system operation. Please contact - Hologic Service for assistance in removing this program. + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: Dimensions / 3Dimensions Mammography System + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: SGI UV 2000 Server cves: cve-2021-4104: investigated: false @@ -5548,13 +5547,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: Affirm Prone Biopsy System + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: SGI UV 300, 300H, 300RL, 30EX cves: cve-2021-4104: investigated: false @@ -5577,13 +5576,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: Brevera Breast Biopsy System + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: SGI UV 3000 Server cves: cve-2021-4104: investigated: false @@ -5606,13 +5605,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: Trident HD Specimen Radiography System + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: SN8700B 8-Slot Director Switch cves: cve-2021-4104: investigated: false @@ -5635,13 +5634,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: SecurView DX Workstation + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: StoreEasy cves: cve-2021-4104: investigated: false @@ -5664,13 +5663,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: Cenova Image Analytics Server + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: StoreEver CVTL cves: cve-2021-4104: investigated: false @@ -5693,13 +5692,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: SecurXChange Router + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: StoreEver LTO Tape Drives cves: cve-2021-4104: investigated: false @@ -5722,13 +5721,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: Rosetta DC Tomosynthesis Data Converter + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: StoreEver MSL Tape Libraries cves: cve-2021-4104: investigated: false @@ -5751,13 +5750,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: Faxitron Specimen Radiography Systems + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: StoreOnce cves: cve-2021-4104: investigated: false @@ -5780,13 +5779,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: Horizon DXA Bone Densitometer + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: SUM (Smart Update Manager) cves: cve-2021-4104: investigated: false @@ -5809,13 +5808,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: Discovery Bone Densitometer + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Superdome Flex 280 cves: cve-2021-4104: investigated: false @@ -5838,13 +5837,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: Fluoroscan Insight Mini C-Arm + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Superdome Flex Server cves: cve-2021-4104: investigated: false @@ -5867,13 +5866,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: SuperSonic Imagine Ultrasound Products (Aixplorer & Aixplorer Mach) + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: UAN (User Access Node) cves: cve-2021-4104: investigated: false @@ -5896,13 +5895,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: Windows Selenia Mammography System + last_updated: '2021-12-12T00:00:00' + - vendor: HPE/Micro Focus + product: Data Protector cves: cve-2021-4104: investigated: false @@ -5910,9 +5909,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '9.09' unaffected_versions: [] cve-2021-45046: investigated: false @@ -5925,11 +5925,11 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + - https://portal.microfocus.com/s/article/KM000003243 notes: '' references: - - '' - last_updated: '2021-12-20T00:00:00' + - '[https://portal.microfocus.com/s/article/KM000003050](https://portal.microfocus.com/s/article/KM000003050)' + last_updated: '2021-12-17T00:00:00' - vendor: Huawei product: '' cves: diff --git a/data/cisagov_I.yml b/data/cisagov_I.yml index 8c9c197..f07aca1 100644 --- a/data/cisagov_I.yml +++ b/data/cisagov_I.yml @@ -121,7 +121,7 @@ software: - '' last_updated: '2022-01-12T07:18:53+00:00' - vendor: IBM - product: BigFix Compliance + product: Analytics Engine cves: cve-2021-4104: investigated: false @@ -143,13 +143,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: BigFix Inventory + product: App Configuration cves: cve-2021-4104: investigated: false @@ -157,9 +158,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - VM Manager Tool & SAP Tool + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -172,15 +172,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] - notes: To verify if your instance is affected, go to the lib subdirectory of the - tool (BESClient/LMT/SAPTOOL and BESClient/LMT/VMMAN) and check what version - of log4j is included. Version is included in the name of the library. + vendor_links: + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Analytics Engine + product: App Connect cves: cve-2021-4104: investigated: false @@ -209,7 +208,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: App Configuration + product: App ID cves: cve-2021-4104: investigated: false @@ -238,7 +237,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: App Connect + product: Application Gateway cves: cve-2021-4104: investigated: false @@ -267,7 +266,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: App ID + product: Aspera cves: cve-2021-4104: investigated: false @@ -296,7 +295,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Application Gateway + product: Aspera Endpoint cves: cve-2021-4104: investigated: false @@ -325,7 +324,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Aspera Endpoint + product: Aspera Enterprise cves: cve-2021-4104: investigated: false @@ -354,7 +353,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Aspera Enterprise + product: Aspera fasp.io cves: cve-2021-4104: investigated: false @@ -383,7 +382,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Aspera fasp.io + product: Bare Metal Servers cves: cve-2021-4104: investigated: false @@ -412,7 +411,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Aspera + product: BigFix Compliance cves: cve-2021-4104: investigated: false @@ -434,14 +433,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + vendor_links: [] notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-12T07:18:53+00:00' - vendor: IBM - product: Bare Metal Servers + product: BigFix Inventory cves: cve-2021-4104: investigated: false @@ -449,8 +447,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - VM Manager Tool & SAP Tool fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -463,12 +462,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + vendor_links: [] + notes: To verify if your instance is affected, go to the lib subdirectory of the + tool (BESClient/LMT/SAPTOOL and BESClient/LMT/VMMAN) and check what version + of log4j is included. Version is included in the name of the library. references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-12T07:18:53+00:00' - vendor: IBM product: Block Storage cves: @@ -6228,7 +6228,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -6241,7 +6241,8 @@ software: unaffected_versions: [] vendor_links: - https://support.inductiveautomation.com/hc/en-us/articles/4416204541709-Regarding-CVE-2021-44228-Log4j-RCE-0-day - notes: Older versions of Ignition (7.8 and older) did use the Log4j library, but they used an older version (1.2) that was not affected by this vulnerability. + notes: Older versions of Ignition (7.8 and older) did use the Log4j library, but + they used an older version (1.2) that was not affected by this vulnerability. references: - '' last_updated: '2022-01-19T00:00:00' @@ -6478,7 +6479,7 @@ software: - '' last_updated: '2021-12-16T00:00:00' - vendor: Intel - product: Datacenter Manager + product: Computer Vision Annotation Tool maintained by Intel cves: cve-2021-4104: investigated: false @@ -6507,7 +6508,7 @@ software: - '' last_updated: '2021-12-16T00:00:00' - vendor: Intel - product: oneAPI sample browser plugin for Eclipse + product: Datacenter Manager cves: cve-2021-4104: investigated: false @@ -6536,7 +6537,7 @@ software: - '' last_updated: '2021-12-16T00:00:00' - vendor: Intel - product: System Debugger + product: Genomics Kernel Library cves: cve-2021-4104: investigated: false @@ -6565,7 +6566,7 @@ software: - '' last_updated: '2021-12-16T00:00:00' - vendor: Intel - product: Secure Device Onboard + product: oneAPI sample browser plugin for Eclipse cves: cve-2021-4104: investigated: false @@ -6594,7 +6595,7 @@ software: - '' last_updated: '2021-12-16T00:00:00' - vendor: Intel - product: Genomics Kernel Library + product: Secure Device Onboard cves: cve-2021-4104: investigated: false @@ -6623,7 +6624,7 @@ software: - '' last_updated: '2021-12-16T00:00:00' - vendor: Intel - product: System Studio + product: Sensor Solution Firmware Development Kit cves: cve-2021-4104: investigated: false @@ -6652,7 +6653,7 @@ software: - '' last_updated: '2021-12-16T00:00:00' - vendor: Intel - product: Computer Vision Annotation Tool maintained by Intel + product: System Debugger cves: cve-2021-4104: investigated: false @@ -6681,7 +6682,7 @@ software: - '' last_updated: '2021-12-16T00:00:00' - vendor: Intel - product: Sensor Solution Firmware Development Kit + product: System Studio cves: cve-2021-4104: investigated: false @@ -6710,7 +6711,7 @@ software: - '' last_updated: '2021-12-16T00:00:00' - vendor: Internet Systems Consortium(ISC) - product: ISC DHCP, aka dhcpd + product: BIND 9 cves: cve-2021-4104: investigated: false @@ -6740,7 +6741,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Internet Systems Consortium(ISC) - product: Kea DHCP + product: ISC DHCP, aka dhcpd cves: cve-2021-4104: investigated: false @@ -6770,7 +6771,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Internet Systems Consortium(ISC) - product: BIND 9 + product: Kea DHCP cves: cve-2021-4104: investigated: false @@ -6988,7 +6989,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -7018,7 +7019,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -7048,7 +7049,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -7076,8 +7077,8 @@ software: cve-2021-44228: investigated: true affected_versions: - - '6.2.2' - - '6.3.0 to 6.3.3' + - 6.2.2 + - 6.3.0 to 6.3.3 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -7109,7 +7110,37 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: CETerm (Naurtech) + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -7139,7 +7170,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -7169,7 +7200,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -7199,7 +7230,37 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: ConnectPro (Termproxy) + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -7229,7 +7290,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -7259,7 +7320,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -7289,7 +7350,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -7319,7 +7380,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -7349,7 +7410,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -7379,7 +7440,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -7409,7 +7470,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -7427,7 +7488,7 @@ software: - '' last_updated: '2022-01-18T00:00:00' - vendor: Ivanti - product: ITSM 6/7 + product: Incapptic Connect cves: cve-2021-4104: investigated: '' @@ -7439,7 +7500,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -7457,7 +7518,7 @@ software: - '' last_updated: '2022-01-18T00:00:00' - vendor: Ivanti - product: Incapptic Connect + product: Insight cves: cve-2021-4104: investigated: '' @@ -7469,7 +7530,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -7487,7 +7548,7 @@ software: - '' last_updated: '2022-01-18T00:00:00' - vendor: Ivanti - product: Insight + product: ITSM 6/7 cves: cve-2021-4104: investigated: '' @@ -7499,7 +7560,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -7529,7 +7590,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -7559,7 +7620,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -7589,7 +7650,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -7607,7 +7668,7 @@ software: - '' last_updated: '2022-01-18T00:00:00' - vendor: Ivanti - product: Ivanti EPM - Cloud Service Appliance + product: Ivanti Endpoint Security cves: cve-2021-4104: investigated: '' @@ -7619,7 +7680,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -7637,7 +7698,7 @@ software: - '' last_updated: '2022-01-18T00:00:00' - vendor: Ivanti - product: Ivanti Endpoint Security + product: Ivanti Environment Manager cves: cve-2021-4104: investigated: '' @@ -7649,7 +7710,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -7667,7 +7728,7 @@ software: - '' last_updated: '2022-01-18T00:00:00' - vendor: Ivanti - product: Ivanti Environment Manager + product: Ivanti EPM - Cloud Service Appliance cves: cve-2021-4104: investigated: '' @@ -7679,7 +7740,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -7707,15 +7768,15 @@ software: cve-2021-44228: investigated: true affected_versions: - - '2019.1.*' - - '2020.1.*' - - '2020.3.*' - - '2021.1.*' - - '4.4.*' + - 2019.1.* + - 2020.1.* + - 2020.3.* + - 2021.1.* + - 4.4.* fixed_versions: - - '2021.3 HF2' - - '2021.1 HF1' - - '2020.3 HF2' + - 2021.3 HF2 + - 2021.1 HF1 + - 2020.3 HF2 unaffected_versions: [] cve-2021-45046: investigated: '' @@ -7746,7 +7807,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -7776,7 +7837,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -7806,7 +7867,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -7836,7 +7897,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -7866,7 +7927,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -7884,7 +7945,7 @@ software: - '' last_updated: '2022-01-18T00:00:00' - vendor: Ivanti - product: Ivanti Service Desk + product: Ivanti Security Controls (Patch ISec) cves: cve-2021-4104: investigated: '' @@ -7896,7 +7957,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -7909,12 +7970,13 @@ software: unaffected_versions: [] vendor_links: - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US - notes: Not Affected. Java is no longer required since version 2018.3U3 Customers on older versions can uninstall JRE on their ISD Servers for mitigation. This will disable indexing of Attachments and Documents for full-text search. + notes: See More INFO for Ivanti Security Controls (Patch ISec) in the Advisory + Page references: - '' last_updated: '2022-01-18T00:00:00' - vendor: Ivanti - product: Ivanti Service Manager + product: Ivanti Service Desk cves: cve-2021-4104: investigated: '' @@ -7926,7 +7988,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -7939,12 +8001,14 @@ software: unaffected_versions: [] vendor_links: - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US - notes: '' + notes: Not Affected. Java is no longer required since version 2018.3U3 Customers + on older versions can uninstall JRE on their ISD Servers for mitigation. This + will disable indexing of Attachments and Documents for full-text search. references: - '' last_updated: '2022-01-18T00:00:00' - vendor: Ivanti - product: Ivanti Service Manager for Neurons (Cloud) + product: Ivanti Service Manager cves: cve-2021-4104: investigated: '' @@ -7956,7 +8020,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -7974,7 +8038,7 @@ software: - '' last_updated: '2022-01-18T00:00:00' - vendor: Ivanti - product: Ivanti Security Controls (Patch ISec) + product: Ivanti Service Manager for Neurons (Cloud) cves: cve-2021-4104: investigated: '' @@ -7986,7 +8050,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -7999,7 +8063,7 @@ software: unaffected_versions: [] vendor_links: - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US - notes: See More INFO for Ivanti Security Controls (Patch ISec) in the Advisory Page + notes: '' references: - '' last_updated: '2022-01-18T00:00:00' @@ -8016,7 +8080,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -8046,7 +8110,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -8076,7 +8140,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -8106,7 +8170,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -8136,7 +8200,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -8166,7 +8230,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -8196,7 +8260,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -8226,7 +8290,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -8254,7 +8318,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 'All' + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -8286,7 +8350,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -8316,7 +8380,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -8346,7 +8410,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -8374,7 +8438,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 'All' + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -8394,7 +8458,7 @@ software: - '' last_updated: '2022-01-18T00:00:00' - vendor: Ivanti - product: MobileIron Sentry (Core/Cloud) + product: MobileIron Core Connector cves: cve-2021-4104: investigated: '' @@ -8404,8 +8468,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '9.13' - - '9.14' + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -8420,12 +8483,12 @@ software: unaffected_versions: [] vendor_links: - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US - notes: See Advisory details for mitigation instructions for MobileIron Sentry. + notes: See Advisory details for mitigation instructions for MobileIron Core Connector. references: - '' last_updated: '2022-01-18T00:00:00' - vendor: Ivanti - product: MobileIron Core Connector + product: MobileIron Sentry (Core/Cloud) cves: cve-2021-4104: investigated: '' @@ -8435,7 +8498,8 @@ software: cve-2021-44228: investigated: true affected_versions: - - 'All' + - '9.13' + - '9.14' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -8450,7 +8514,7 @@ software: unaffected_versions: [] vendor_links: - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US - notes: See Advisory details for mitigation instructions for MobileIron Core Connector. + notes: See Advisory details for mitigation instructions for MobileIron Sentry. references: - '' last_updated: '2022-01-18T00:00:00' @@ -8467,7 +8531,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -8497,7 +8561,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -8527,7 +8591,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -8545,7 +8609,7 @@ software: - '' last_updated: '2022-01-18T00:00:00' - vendor: Ivanti - product: Pulse Desktop Client + product: Pulse Connect Secure cves: cve-2021-4104: investigated: '' @@ -8557,7 +8621,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -8575,7 +8639,7 @@ software: - '' last_updated: '2022-01-18T00:00:00' - vendor: Ivanti - product: Pulse Mobile Client + product: Pulse Desktop Client cves: cve-2021-4104: investigated: '' @@ -8587,7 +8651,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -8605,7 +8669,7 @@ software: - '' last_updated: '2022-01-18T00:00:00' - vendor: Ivanti - product: Pulse Services Director + product: Pulse Mobile Client cves: cve-2021-4104: investigated: '' @@ -8617,7 +8681,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -8635,7 +8699,7 @@ software: - '' last_updated: '2022-01-18T00:00:00' - vendor: Ivanti - product: Pulse Virtual Traffic Manager + product: Pulse One cves: cve-2021-4104: investigated: '' @@ -8647,7 +8711,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -8665,7 +8729,7 @@ software: - '' last_updated: '2022-01-18T00:00:00' - vendor: Ivanti - product: Pulse Web Application Firewall + product: Pulse Policy Secure cves: cve-2021-4104: investigated: '' @@ -8677,7 +8741,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -8695,7 +8759,7 @@ software: - '' last_updated: '2022-01-18T00:00:00' - vendor: Ivanti - product: Pulse Connect Secure + product: Pulse Services Director cves: cve-2021-4104: investigated: '' @@ -8707,7 +8771,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -8725,7 +8789,7 @@ software: - '' last_updated: '2022-01-18T00:00:00' - vendor: Ivanti - product: Pulse One + product: Pulse Virtual Traffic Manager cves: cve-2021-4104: investigated: '' @@ -8737,7 +8801,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -8755,7 +8819,7 @@ software: - '' last_updated: '2022-01-18T00:00:00' - vendor: Ivanti - product: Pulse Policy Secure + product: Pulse Web Application Firewall cves: cve-2021-4104: investigated: '' @@ -8767,7 +8831,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -8797,7 +8861,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -8827,7 +8891,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -8857,7 +8921,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -8887,7 +8951,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -8917,7 +8981,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -8947,7 +9011,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -8977,7 +9041,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -8995,7 +9059,7 @@ software: - '' last_updated: '2022-01-18T00:00:00' - vendor: Ivanti - product: ConnectPro (Termproxy) + product: Virtual Desktop Extender cves: cve-2021-4104: investigated: '' @@ -9007,7 +9071,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -9037,67 +9101,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' - cve-2021-45046: - investigated: '' - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: '' - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US - notes: '' - references: - - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: CETerm (Naurtech) - cves: - cve-2021-4104: - investigated: '' - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - 'All' - cve-2021-45046: - investigated: '' - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: '' - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US - notes: '' - references: - - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Virtual Desktop Extender - cves: - cve-2021-4104: - investigated: '' - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -9127,7 +9131,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] diff --git a/data/cisagov_J.yml b/data/cisagov_J.yml index 3ab71be..c5139ee 100644 --- a/data/cisagov_J.yml +++ b/data/cisagov_J.yml @@ -209,9 +209,8 @@ software: - '' last_updated: '2021-12-16T00:00:00' - vendor: JetBrains - product: IntelliJ platform based IDEs (AppCode, CLion, DataGrip, DataSpell, GoLand, - IntelliJ IDEA Ultimate/Community/Edu, PhpStorm, PyCharm Professional/Community/Edu, - Rider, RubyMine, WebStorm) + product: All .NET tools (ReSharper, Rider, ReSharper C++, dotTrace, dotMemory, + dotCover, dotPeek) cves: cve-2021-4104: investigated: false @@ -240,9 +239,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:54+00:00' - - vendor: JetBrains - product: All .NET tools (ReSharper, Rider, ReSharper C++, dotTrace, dotMemory, - dotCover, dotPeek) + - vendor: Jetbrains + product: Code With Me cves: cve-2021-4104: investigated: false @@ -252,9 +250,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: + fixed_versions: - Unknown + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -272,7 +270,7 @@ software: - '' last_updated: '2022-01-12T07:18:54+00:00' - vendor: JetBrains - product: ToolBox + product: Datalore cves: cve-2021-4104: investigated: false @@ -302,7 +300,7 @@ software: - '' last_updated: '2022-01-12T07:18:54+00:00' - vendor: JetBrains - product: TeamCity + product: Floating license server cves: cve-2021-4104: investigated: false @@ -312,9 +310,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - Unknown + fixed_versions: + - '30211' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -326,13 +324,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://youtrack.jetbrains.com/issue/TW-74298 + - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ notes: '' references: - '' last_updated: '2022-01-12T07:18:54+00:00' - vendor: JetBrains - product: Hub + product: Gateway cves: cve-2021-4104: investigated: false @@ -342,9 +340,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - 2021.1.14080 - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - Unknown cve-2021-45046: investigated: false affected_versions: [] @@ -356,13 +354,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.jetbrains.com/hub/2021/12/14/hub-update-regarding-log4j2-vulnerability/ + - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ notes: '' references: - '' last_updated: '2022-01-12T07:18:54+00:00' - vendor: JetBrains - product: YouTrack Standalone + product: Hub cves: cve-2021-4104: investigated: false @@ -373,7 +371,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - 2021.4.35970 + - 2021.1.14080 unaffected_versions: [] cve-2021-45046: investigated: false @@ -386,13 +384,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.jetbrains.com/youtrack/2021/12/youtrack-update-regarding-log4j2-vulnerability/ + - https://blog.jetbrains.com/hub/2021/12/14/hub-update-regarding-log4j2-vulnerability/ notes: '' references: - '' last_updated: '2022-01-12T07:18:54+00:00' - vendor: JetBrains - product: YouTrack InCloud + product: IntelliJ platform based IDEs (AppCode, CLion, DataGrip, DataSpell, GoLand, + IntelliJ IDEA Ultimate/Community/Edu, PhpStorm, PyCharm Professional/Community/Edu, + Rider, RubyMine, WebStorm) cves: cve-2021-4104: investigated: false @@ -402,9 +402,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: + fixed_versions: [] + unaffected_versions: - Unknown - unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -422,7 +422,7 @@ software: - '' last_updated: '2022-01-12T07:18:54+00:00' - vendor: JetBrains - product: Datalore + product: Kotlin cves: cve-2021-4104: investigated: false @@ -452,7 +452,7 @@ software: - '' last_updated: '2022-01-12T07:18:54+00:00' - vendor: JetBrains - product: Space + product: Ktor cves: cve-2021-4104: investigated: false @@ -481,8 +481,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Jetbrains - product: Code With Me + - vendor: JetBrains + product: MPS cves: cve-2021-4104: investigated: false @@ -492,9 +492,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: + fixed_versions: [] + unaffected_versions: - Unknown - unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -512,7 +512,7 @@ software: - '' last_updated: '2022-01-12T07:18:54+00:00' - vendor: JetBrains - product: Gateway + product: Space cves: cve-2021-4104: investigated: false @@ -542,7 +542,7 @@ software: - '' last_updated: '2022-01-12T07:18:54+00:00' - vendor: JetBrains - product: Kotlin + product: TeamCity cves: cve-2021-4104: investigated: false @@ -566,13 +566,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + - https://youtrack.jetbrains.com/issue/TW-74298 notes: '' references: - '' last_updated: '2022-01-12T07:18:54+00:00' - vendor: JetBrains - product: Ktor + product: ToolBox cves: cve-2021-4104: investigated: false @@ -602,7 +602,7 @@ software: - '' last_updated: '2022-01-12T07:18:54+00:00' - vendor: JetBrains - product: MPS + product: UpSource cves: cve-2021-4104: investigated: false @@ -612,9 +612,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - Unknown + fixed_versions: + - 2020.1.1952 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -632,7 +632,7 @@ software: - '' last_updated: '2022-01-12T07:18:54+00:00' - vendor: JetBrains - product: Floating license server + product: YouTrack InCloud cves: cve-2021-4104: investigated: false @@ -643,7 +643,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '30211' + - Unknown unaffected_versions: [] cve-2021-45046: investigated: false @@ -662,7 +662,7 @@ software: - '' last_updated: '2022-01-12T07:18:54+00:00' - vendor: JetBrains - product: UpSource + product: YouTrack Standalone cves: cve-2021-4104: investigated: false @@ -673,7 +673,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - 2020.1.1952 + - 2021.4.35970 unaffected_versions: [] cve-2021-45046: investigated: false @@ -686,7 +686,7 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + - https://blog.jetbrains.com/youtrack/2021/12/youtrack-update-regarding-log4j2-vulnerability/ notes: '' references: - '' @@ -778,8 +778,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:54+00:00' - - vendor: jPOS - product: (ISO-8583) bridge + - vendor: Johnson Controls + product: BCPro cves: cve-2021-4104: investigated: false @@ -791,7 +791,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - Unknown + - All versions cve-2021-45046: investigated: false affected_versions: [] @@ -803,13 +803,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://github.com/jpos/jPOS/commit/d615199a1bdd35c35d63c07c10fd0bdbbc96f625 + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: C•CURE‐9000 + product: CEM AC2000 cves: cve-2021-4104: investigated: false @@ -821,7 +821,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 2.90.x (all 2.90 versions) + - All versions cve-2021-45046: investigated: false affected_versions: [] @@ -839,7 +839,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: C•CURE‐9000 + product: CEM Hardware Products cves: cve-2021-4104: investigated: false @@ -851,7 +851,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 2.80.x (all 2.80 versions) + - All versions cve-2021-45046: investigated: false affected_versions: [] @@ -869,7 +869,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: C•CURE‐9000 + product: CloudVue Gateway cves: cve-2021-4104: investigated: false @@ -881,7 +881,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 2.70 (All versions) + - All versions cve-2021-45046: investigated: false affected_versions: [] @@ -899,7 +899,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: C•CURE‐9000 + product: CloudVue Web cves: cve-2021-4104: investigated: false @@ -911,7 +911,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 2.60 (All versions) + - All versions cve-2021-45046: investigated: false affected_versions: [] @@ -929,7 +929,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: victor + product: C•CURE‐9000 cves: cve-2021-4104: investigated: false @@ -941,7 +941,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 5.x + - 2.90.x (all 2.90 versions) cve-2021-45046: investigated: false affected_versions: [] @@ -959,7 +959,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: victor/ C•CURE‐9000 Unified + product: C•CURE‐9000 cves: cve-2021-4104: investigated: false @@ -971,7 +971,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 3.81.x / victor 5.4.1 / C•CURE‐9000 2.80 + - 2.80.x (all 2.80 versions) cve-2021-45046: investigated: false affected_versions: [] @@ -989,7 +989,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: victor/ C•CURE‐9000 Unified + product: C•CURE‐9000 cves: cve-2021-4104: investigated: false @@ -1001,7 +1001,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 3.91.x / victor 5.6.1 / C•CURE‐9000 2.90 + - 2.70 (All versions) cve-2021-45046: investigated: false affected_versions: [] @@ -1019,7 +1019,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: Metasys Products and Tools + product: C•CURE‐9000 cves: cve-2021-4104: investigated: false @@ -1031,7 +1031,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - 2.60 (All versions) cve-2021-45046: investigated: false affected_versions: [] @@ -1049,7 +1049,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: Facility Explorer + product: DLS cves: cve-2021-4104: investigated: false @@ -1061,7 +1061,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 14.x + - All versions cve-2021-45046: investigated: false affected_versions: [] @@ -1079,7 +1079,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: CEM AC2000 + product: Entrapass cves: cve-2021-4104: investigated: false @@ -1109,7 +1109,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: CEM Hardware Products + product: exacqVision Client cves: cve-2021-4104: investigated: false @@ -1139,7 +1139,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: Illustra Cameras + product: exacqVision Server cves: cve-2021-4104: investigated: false @@ -1169,7 +1169,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: Illustra Insight + product: exacqVision WebService cves: cve-2021-4104: investigated: false @@ -1199,7 +1199,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: Tyco AI + product: Facility Explorer cves: cve-2021-4104: investigated: false @@ -1211,7 +1211,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - 14.x cve-2021-45046: investigated: false affected_versions: [] @@ -1229,7 +1229,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: DLS + product: Illustra Cameras cves: cve-2021-4104: investigated: false @@ -1259,7 +1259,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: Entrapass + product: Illustra Insight cves: cve-2021-4104: investigated: false @@ -1289,7 +1289,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: CloudVue Web + product: iSTAR cves: cve-2021-4104: investigated: false @@ -1319,7 +1319,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: CloudVue Gateway + product: Metasys Products and Tools cves: cve-2021-4104: investigated: false @@ -1349,7 +1349,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: Qolsys IQ Panels + product: PowerSeries NEO cves: cve-2021-4104: investigated: false @@ -1379,7 +1379,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: PowerSeries NEO + product: PowerSeries Pro cves: cve-2021-4104: investigated: false @@ -1409,7 +1409,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: PowerSeries Pro + product: Qolsys IQ Panels cves: cve-2021-4104: investigated: false @@ -1469,7 +1469,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: VideoEdge + product: Tyco AI cves: cve-2021-4104: investigated: false @@ -1481,7 +1481,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 5.x + - All versions cve-2021-45046: investigated: false affected_versions: [] @@ -1499,7 +1499,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: exacqVision Server + product: victor cves: cve-2021-4104: investigated: false @@ -1511,7 +1511,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - 5.x cve-2021-45046: investigated: false affected_versions: [] @@ -1529,7 +1529,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: exacqVision Client + product: victor/ C•CURE‐9000 Unified cves: cve-2021-4104: investigated: false @@ -1541,7 +1541,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - 3.81.x / victor 5.4.1 / C•CURE‐9000 2.80 cve-2021-45046: investigated: false affected_versions: [] @@ -1559,7 +1559,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: exacqVision WebService + product: victor/ C•CURE‐9000 Unified cves: cve-2021-4104: investigated: false @@ -1571,7 +1571,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - 3.91.x / victor 5.6.1 / C•CURE‐9000 2.90 cve-2021-45046: investigated: false affected_versions: [] @@ -1589,7 +1589,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: BCPro + product: VideoEdge cves: cve-2021-4104: investigated: false @@ -1601,7 +1601,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - 5.x cve-2021-45046: investigated: false affected_versions: [] @@ -1618,8 +1618,8 @@ software: references: - '' last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: iSTAR + - vendor: Journyx + product: '' cves: cve-2021-4104: investigated: false @@ -1627,11 +1627,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All versions + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1643,13 +1642,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://community.journyx.com/support/solutions/articles/9000209044-apache-log4j-2-vulnerability-cve-2021-44228- notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Journyx - product: '' + last_updated: '2022-01-12T07:18:54+00:00' + - vendor: jPOS + product: (ISO-8583) bridge cves: cve-2021-4104: investigated: false @@ -1657,10 +1656,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - Unknown cve-2021-45046: investigated: false affected_versions: [] @@ -1672,7 +1672,7 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.journyx.com/support/solutions/articles/9000209044-apache-log4j-2-vulnerability-cve-2021-44228- + - https://github.com/jpos/jPOS/commit/d615199a1bdd35c35d63c07c10fd0bdbbc96f625 notes: '' references: - '' diff --git a/data/cisagov_L.yml b/data/cisagov_L.yml index 11c83aa..ee4821e 100644 --- a/data/cisagov_L.yml +++ b/data/cisagov_L.yml @@ -614,7 +614,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Leica BIOSYSTEMS - product: BOND-ADVANCE + product: BOND Controller cves: cve-2021-4104: investigated: false @@ -643,7 +643,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Leica BIOSYSTEMS - product: BOND Controller + product: BOND RX cves: cve-2021-4104: investigated: false @@ -672,7 +672,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Leica BIOSYSTEMS - product: BOND-III + product: BOND RXm cves: cve-2021-4104: investigated: false @@ -701,7 +701,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Leica BIOSYSTEMS - product: BOND-MAX + product: BOND-ADVANCE cves: cve-2021-4104: investigated: false @@ -730,7 +730,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Leica BIOSYSTEMS - product: BOND RX + product: BOND-III cves: cve-2021-4104: investigated: false @@ -759,7 +759,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Leica BIOSYSTEMS - product: BOND RXm + product: BOND-MAX cves: cve-2021-4104: investigated: false diff --git a/data/cisagov_M.yml b/data/cisagov_M.yml index 987e2bb..42ad7ab 100644 --- a/data/cisagov_M.yml +++ b/data/cisagov_M.yml @@ -63,7 +63,7 @@ software: - '' last_updated: '2022-01-12T07:18:54+00:00' - vendor: ManageEngine - product: Servicedesk Plus + product: AD SelfService Plus cves: cve-2021-4104: investigated: false @@ -72,10 +72,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '11305 and below' + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - Build 6.1 build 6114 cve-2021-45046: investigated: false affected_versions: [] @@ -86,14 +86,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.manageengine.com/products/service-desk/security-response-plan.html + vendor_links: [] notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2021-12-27T00:00:00' - vendor: ManageEngine - product: AD SelfService Plus + product: Servicedesk Plus cves: cve-2021-4104: investigated: false @@ -102,10 +101,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 11305 and below fixed_versions: [] - unaffected_versions: - - 'Build 6.1 build 6114' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -116,11 +115,12 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://www.manageengine.com/products/service-desk/security-response-plan.html notes: '' references: - '' - last_updated: '2021-12-27T00:00:00' + last_updated: '2021-12-15T00:00:00' - vendor: ManageEngine Zoho product: '' cves: @@ -151,7 +151,7 @@ software: - '' last_updated: '2022-01-12T07:18:54+00:00' - vendor: ManageEngine Zoho - product: ADManager Plus + product: ADAudit Plus cves: cve-2021-4104: investigated: false @@ -180,7 +180,7 @@ software: - '' last_updated: '2021-12-16T00:00:00' - vendor: ManageEngine Zoho - product: ADAudit Plus + product: ADManager Plus cves: cve-2021-4104: investigated: false @@ -209,7 +209,7 @@ software: - '' last_updated: '2021-12-16T00:00:00' - vendor: ManageEngine Zoho - product: DataSecurity Plus + product: Analytics Plus cves: cve-2021-4104: investigated: false @@ -238,7 +238,7 @@ software: - '' last_updated: '2021-12-16T00:00:00' - vendor: ManageEngine Zoho - product: EventLog Analyzer + product: Cloud Security Plus cves: cve-2021-4104: investigated: false @@ -267,7 +267,7 @@ software: - '' last_updated: '2021-12-16T00:00:00' - vendor: ManageEngine Zoho - product: M365 Manager Plus + product: DataSecurity Plus cves: cve-2021-4104: investigated: false @@ -296,7 +296,7 @@ software: - '' last_updated: '2021-12-16T00:00:00' - vendor: ManageEngine Zoho - product: RecoveryManager Plus + product: EventLog Analyzer cves: cve-2021-4104: investigated: false @@ -412,7 +412,7 @@ software: - '' last_updated: '2021-12-16T00:00:00' - vendor: ManageEngine Zoho - product: Cloud Security Plus + product: M365 Manager Plus cves: cve-2021-4104: investigated: false @@ -470,7 +470,7 @@ software: - '' last_updated: '2021-12-16T00:00:00' - vendor: ManageEngine Zoho - product: Analytics Plus + product: RecoveryManager Plus cves: cve-2021-4104: investigated: false @@ -569,7 +569,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -598,7 +598,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '1.59.10+' + - 1.59.10+ unaffected_versions: [] cve-2021-45046: investigated: false @@ -927,7 +927,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: McAfee - product: ePolicy Orchestrator Application Server (ePO) + product: Enterprise Security Manager (ESM) cves: cve-2021-4104: investigated: false @@ -938,7 +938,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '5.10 CU11' + - 11.5.3 unaffected_versions: [] cve-2021-45046: investigated: false @@ -985,7 +985,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: McAfee - product: Host Intrusion Prevention (Host IPS) + product: ePolicy Orchestrator Application Server (ePO) cves: cve-2021-4104: investigated: false @@ -993,9 +993,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 5.10 CU11 unaffected_versions: [] cve-2021-45046: investigated: false @@ -1007,13 +1008,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://kc.mcafee.com/agent/index?page=content&id=SB10377 notes: '' references: - '' last_updated: '2021-12-20T00:00:00' - vendor: McAfee - product: Management of Native Encryption (MNE) + product: Host Intrusion Prevention (Host IPS) cves: cve-2021-4104: investigated: false @@ -1041,7 +1043,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: McAfee - product: McAfee Active Response (MAR) + product: Management of Native Encryption (MNE) cves: cve-2021-4104: investigated: false @@ -1069,7 +1071,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: McAfee - product: McAfee Agent (MA) + product: McAfee Active Response (MAR) cves: cve-2021-4104: investigated: false @@ -1097,7 +1099,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: McAfee - product: McAfee Application and Change Control (MACC) for Linux + product: McAfee Agent (MA) cves: cve-2021-4104: investigated: false @@ -1125,7 +1127,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: McAfee - product: McAfee Application and Change Control (MACC) for Windows + product: McAfee Application and Change Control (MACC) for Linux cves: cve-2021-4104: investigated: false @@ -1153,7 +1155,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: McAfee - product: McAfee Client Proxy (MCP) for Mac + product: McAfee Application and Change Control (MACC) for Windows cves: cve-2021-4104: investigated: false @@ -1181,7 +1183,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: McAfee - product: McAfee Client Proxy (MCP) for Windows + product: McAfee Client Proxy (MCP) for Mac cves: cve-2021-4104: investigated: false @@ -1209,7 +1211,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: McAfee - product: McAfee Drive Encryption (MDE) + product: McAfee Client Proxy (MCP) for Windows cves: cve-2021-4104: investigated: false @@ -1237,7 +1239,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: McAfee - product: McAfee Security for Microsoft Exchange (MSME) + product: McAfee Drive Encryption (MDE) cves: cve-2021-4104: investigated: false @@ -1265,7 +1267,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: McAfee - product: McAfee Security for Microsoft SharePoint (MSMS) + product: McAfee Security for Microsoft Exchange (MSME) cves: cve-2021-4104: investigated: false @@ -1321,7 +1323,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: McAfee - product: Enterprise Security Manager (ESM) + product: McAfee Security for Microsoft SharePoint (MSMS) cves: cve-2021-4104: investigated: false @@ -1329,10 +1331,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - '11.5.3' + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -1344,8 +1345,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://kc.mcafee.com/agent/index?page=content&id=SB10377 + vendor_links: [] notes: '' references: - '' @@ -1637,8 +1637,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Microsoft - product: Azure Application Gateway + - vendor: Micro Focus + product: Data Protector cves: cve-2021-4104: investigated: false @@ -1646,9 +1646,19 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '10.20' + - '10.30' + - '10.40' + - '10.50' + - '10.60' + - '10.70' + - '10.80' + - '10.90' + - '10.91' + - '11.00' unaffected_versions: [] cve-2021-45046: investigated: false @@ -1661,11 +1671,11 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/ + - https://portal.microfocus.com/s/article/KM000003052 notes: '' references: - - '' - last_updated: '2022-01-12T07:18:54+00:00' + - '[https://portal.microfocus.com/s/article/KM000003050](https://portal.microfocus.com/s/article/KM000003050)' + last_updated: '2021-12-13T00:00:00' - vendor: Microsoft product: Azure API Gateway cves: @@ -1696,7 +1706,7 @@ software: - '' last_updated: '2022-01-12T07:18:54+00:00' - vendor: Microsoft - product: Azure Data lake store java + product: Azure Application Gateway cves: cve-2021-4104: investigated: false @@ -1704,9 +1714,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - '< 2.3.10' + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -1720,7 +1729,7 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://github.com/Azure/azure-data-lake-store-java/blob/ed5d6304783286c3cfff0a1dee457a922e23ad48/CHANGES.md#version-2310 + - https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/ notes: '' references: - '' @@ -1736,7 +1745,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '< 2.3.10' + - < 2.3.10 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -1756,7 +1765,7 @@ software: - '' last_updated: '2022-01-12T07:18:54+00:00' - vendor: Microsoft - product: Azure DevOps Server + product: Azure Data lake store java cves: cve-2021-4104: investigated: false @@ -1766,7 +1775,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '2019.0 - 2020.1' + - < 2.3.10 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -1780,7 +1789,7 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://devblogs.microsoft.com/devops/azure-devops-and-azure-devops-server-and-the-log4j-vulnerability/?WT.mc_id=DOP-MVP-5001511 + - https://github.com/Azure/azure-data-lake-store-java/blob/ed5d6304783286c3cfff0a1dee457a922e23ad48/CHANGES.md#version-2310 notes: '' references: - '' @@ -1815,7 +1824,7 @@ software: - '' last_updated: '2022-01-12T07:18:54+00:00' - vendor: Microsoft - product: Azure Traffic Manager + product: Azure DevOps Server cves: cve-2021-4104: investigated: false @@ -1823,8 +1832,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 2019.0 - 2020.1 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -1838,13 +1848,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/ + - https://devblogs.microsoft.com/devops/azure-devops-and-azure-devops-server-and-the-log4j-vulnerability/?WT.mc_id=DOP-MVP-5001511 notes: '' references: - '' last_updated: '2022-01-12T07:18:54+00:00' - vendor: Microsoft - product: Team Foundation Server + product: Azure Traffic Manager cves: cve-2021-4104: investigated: false @@ -1852,9 +1862,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - '2018.2+' + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -1868,13 +1877,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://devblogs.microsoft.com/devops/azure-devops-and-azure-devops-server-and-the-log4j-vulnerability/?WT.mc_id=DOP-MVP-5001511 + - https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/ notes: '' references: - '' last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Microstrategy - product: '' + - vendor: Microsoft + product: Team Foundation Server cves: cve-2021-4104: investigated: false @@ -1882,8 +1891,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 2018.2+ fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -1897,13 +1907,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.microstrategy.com/s/article/MicroStrategy-s-response-to-CVE-2021-44228-The-Log4j-0-Day-Vulnerability?language=en_US + - https://devblogs.microsoft.com/devops/azure-devops-and-azure-devops-server-and-the-log4j-vulnerability/?WT.mc_id=DOP-MVP-5001511 notes: '' references: - '' last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Micro Focus - product: Data Protector + - vendor: Microstrategy + product: '' cves: cve-2021-4104: investigated: false @@ -1911,19 +1921,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - '10.20' - - '10.30' - - '10.40' - - '10.50' - - '10.60' - - '10.70' - - '10.80' - - '10.90' - - '10.91' - - '11.00' + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -1936,11 +1936,11 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://portal.microfocus.com/s/article/KM000003052 + - https://community.microstrategy.com/s/article/MicroStrategy-s-response-to-CVE-2021-44228-The-Log4j-0-Day-Vulnerability?language=en_US notes: '' references: - - '[https://portal.microfocus.com/s/article/KM000003050](https://portal.microfocus.com/s/article/KM000003050)' - last_updated: '2021-12-13T00:00:00' + - '' + last_updated: '2022-01-12T07:18:54+00:00' - vendor: Midori Global product: '' cves: @@ -2538,7 +2538,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -2551,7 +2551,9 @@ software: unaffected_versions: [] vendor_links: - https://www.moxa.com/en/support/product-support/security-advisory/moxa-s-response-regarding-the-apache-log4j-vulnerability - notes: Moxa is investigating to determine if any of our products are affected by this vulnerability. At the time of publication, none of Moxa's products are affected. + notes: Moxa is investigating to determine if any of our products are affected + by this vulnerability. At the time of publication, none of Moxa's products are + affected. references: - '' last_updated: '2022-01-19T00:00:00' @@ -2586,7 +2588,7 @@ software: - '' last_updated: '2022-01-12T07:18:54+00:00' - vendor: Mulesoft - product: Mule Runtime + product: Anypoint Studio cves: cve-2021-4104: investigated: false @@ -2596,8 +2598,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '3.x' - - '4.x' + - 7.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -2618,7 +2619,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Mulesoft - product: Mule Agent + product: Cloudhub cves: cve-2021-4104: investigated: false @@ -2626,9 +2627,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - '6.x' + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -2649,7 +2649,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Mulesoft - product: Cloudhub + product: Mule Agent cves: cve-2021-4104: investigated: false @@ -2657,8 +2657,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 6.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -2679,7 +2680,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Mulesoft - product: Anypoint Studio + product: Mule Runtime cves: cve-2021-4104: investigated: false @@ -2689,7 +2690,8 @@ software: cve-2021-44228: investigated: true affected_versions: - - '7.x' + - 3.x + - 4.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: diff --git a/data/cisagov_N.yml b/data/cisagov_N.yml index 3ce3b55..bcb7474 100644 --- a/data/cisagov_N.yml +++ b/data/cisagov_N.yml @@ -102,9 +102,9 @@ software: cve-2021-44228: investigated: true affected_versions: - - 'Vertica' - - 'Cloudera' - - 'Logstash' + - Vertica + - Cloudera + - Logstash fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -136,7 +136,7 @@ software: investigated: true affected_versions: - '>4.2' - - '<4..2.12' + - <4..2.12 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -282,7 +282,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '3.0.57' + - 3.0.57 unaffected_versions: [] cve-2021-45046: investigated: false @@ -312,7 +312,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '<7.4.3' + - <7.4.3 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -374,7 +374,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '21.04.0.5552' + - 21.04.0.5552 cve-2021-45046: investigated: false affected_versions: [] @@ -1343,7 +1343,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: Nutanix - product: Leap + product: LCM cves: cve-2021-4104: investigated: false @@ -1351,10 +1351,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1367,12 +1368,12 @@ software: unaffected_versions: [] vendor_links: - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf - notes: Saas-Based Procuct. See Advisory. + notes: '' references: - '' last_updated: '2021-12-20T00:00:00' - vendor: Nutanix - product: LCM + product: Leap cves: cve-2021-4104: investigated: false @@ -1380,11 +1381,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1397,7 +1397,7 @@ software: unaffected_versions: [] vendor_links: - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf - notes: '' + notes: Saas-Based Procuct. See Advisory. references: - '' last_updated: '2021-12-20T00:00:00' diff --git a/data/cisagov_O.yml b/data/cisagov_O.yml index 4751f7c..89b0d7b 100644 --- a/data/cisagov_O.yml +++ b/data/cisagov_O.yml @@ -295,7 +295,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: Okta - product: Okta RADIUS Server Agent + product: Okta On-Prem MFA Agent cves: cve-2021-4104: investigated: false @@ -305,7 +305,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - < 2.17.0 + - < 1.4.6 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -319,13 +319,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://trust.okta.com/security-advisories/okta-radius-server-agent-cve-2021-44228 + - https://trust.okta.com/security-advisories/okta-on-prem-mfa-agent-cve-2021-44228 notes: '' references: - '' last_updated: '2021-12-12T00:00:00' - vendor: Okta - product: Okta Verify + product: Okta RADIUS Server Agent cves: cve-2021-4104: investigated: false @@ -333,8 +333,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - < 2.17.0 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -348,13 +349,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://sec.okta.com/articles/2021/12/log4shell + - https://trust.okta.com/security-advisories/okta-radius-server-agent-cve-2021-44228 notes: '' references: - '' last_updated: '2021-12-12T00:00:00' - vendor: Okta - product: Okta Workflows + product: Okta Verify cves: cve-2021-4104: investigated: false @@ -383,7 +384,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: Okta - product: Okta On-Prem MFA Agent + product: Okta Workflows cves: cve-2021-4104: investigated: false @@ -391,9 +392,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - < 1.4.6 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -407,7 +407,7 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://trust.okta.com/security-advisories/okta-on-prem-mfa-agent-cve-2021-44228 + - https://sec.okta.com/articles/2021/12/log4shell notes: '' references: - '' @@ -587,7 +587,7 @@ software: - '' last_updated: '2021-12-23T00:00:00' - vendor: Opto 22 - product: GRV-EPIC-PR1, GRV-EPIC-PR2 + product: GROOV-AR1, GROOV-AR1-BASE, GROOV-AR1-SNAP cves: cve-2021-4104: investigated: false @@ -597,9 +597,9 @@ software: cve-2021-44228: investigated: true affected_versions: - - < 3.3.2 + - < 4.3g fixed_versions: - - 3.3.2 + - 4.3g unaffected_versions: [] cve-2021-45046: investigated: false @@ -618,7 +618,7 @@ software: - '' last_updated: '2022-01-13T00:00:00' - vendor: Opto 22 - product: GROOV-AR1, GROOV-AR1-BASE, GROOV-AR1-SNAP + product: GROOV-AT1, GROOV-AT1-SNAP cves: cve-2021-4104: investigated: false @@ -649,7 +649,7 @@ software: - '' last_updated: '2022-01-13T00:00:00' - vendor: Opto 22 - product: GROOV-AT1, GROOV-AT1-SNAP + product: GROOV-SVR-WIN, GROOV-SVR-WIN-BASE, GROOV-SVR-WIN-SNAP cves: cve-2021-4104: investigated: false @@ -680,7 +680,7 @@ software: - '' last_updated: '2022-01-13T00:00:00' - vendor: Opto 22 - product: GROOV-SVR-WIN, GROOV-SVR-WIN-BASE, GROOV-SVR-WIN-SNAP + product: GRV-EPIC-PR1, GRV-EPIC-PR2 cves: cve-2021-4104: investigated: false @@ -690,9 +690,9 @@ software: cve-2021-44228: investigated: true affected_versions: - - < 4.3g + - < 3.3.2 fixed_versions: - - 4.3g + - 3.3.2 unaffected_versions: [] cve-2021-45046: investigated: false @@ -741,7 +741,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Oracle - product: Exadata + product: Enterprise Manager cves: cve-2021-4104: investigated: false @@ -751,7 +751,8 @@ software: cve-2021-44228: investigated: true affected_versions: - - <21.3.4 + - '13.5' + - 13.4 & 13.3.2 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -773,7 +774,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Oracle - product: Enterprise Manager + product: Exadata cves: cve-2021-4104: investigated: false @@ -783,8 +784,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '13.5' - - 13.4 & 13.3.2 + - <21.3.4 fixed_versions: [] unaffected_versions: [] cve-2021-45046: diff --git a/data/cisagov_Q.yml b/data/cisagov_Q.yml index d877f90..a51cbb4 100644 --- a/data/cisagov_Q.yml +++ b/data/cisagov_Q.yml @@ -63,7 +63,7 @@ software: - '' last_updated: '2022-01-12T07:18:55+00:00' - vendor: QMATIC - product: Orchestra Central + product: Appointment Booking cves: cve-2021-4104: investigated: false @@ -72,10 +72,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 2.4+ fixed_versions: [] - unaffected_versions: - - 6.0+ + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -88,7 +88,7 @@ software: unaffected_versions: [] vendor_links: - https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability - notes: '' + notes: Update to v. 2.8.2 which contains log4j 2.16 references: - '' last_updated: '2021-12-21T00:00:00' @@ -103,7 +103,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 2.4+ + - Cloud/Managed Service fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -118,7 +118,7 @@ software: unaffected_versions: [] vendor_links: - https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability - notes: Update to v. 2.8.2 which contains log4j 2.16 + notes: log4j 2.16 applied 2021-12-15 references: - '' last_updated: '2021-12-21T00:00:00' @@ -153,7 +153,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: QMATIC - product: Appointment Booking + product: Orchestra Central cves: cve-2021-4104: investigated: false @@ -162,10 +162,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Cloud/Managed Service + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 6.0+ cve-2021-45046: investigated: false affected_versions: [] @@ -178,7 +178,7 @@ software: unaffected_versions: [] vendor_links: - https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability - notes: log4j 2.16 applied 2021-12-15 + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' diff --git a/data/cisagov_S.yml b/data/cisagov_S.yml index 3ef818e..fa14507 100644 --- a/data/cisagov_S.yml +++ b/data/cisagov_S.yml @@ -756,7 +756,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Samsung Electronics America - product: Knox Reseller Portal + product: Knox Admin Portal cves: cve-2021-4104: investigated: false @@ -766,15 +766,15 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - 'Cloud' - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: true affected_versions: [] - fixed_versions: - - 'Cloud' - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45105: investigated: false affected_versions: [] @@ -787,7 +787,7 @@ software: - '' last_updated: '2022-01-17T00:00:00' - vendor: Samsung Electronics America - product: Knox Manage + product: Knox Asset Intelligence cves: cve-2021-4104: investigated: false @@ -797,15 +797,15 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - 'Cloud' - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: true affected_versions: [] - fixed_versions: - - 'Cloud' - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45105: investigated: false affected_versions: [] @@ -818,7 +818,7 @@ software: - '' last_updated: '2022-01-17T00:00:00' - vendor: Samsung Electronics America - product: Knox Admin Portal + product: Knox Configure cves: cve-2021-4104: investigated: false @@ -830,13 +830,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45105: investigated: false affected_versions: [] @@ -849,7 +849,7 @@ software: - '' last_updated: '2022-01-17T00:00:00' - vendor: Samsung Electronics America - product: Knox Mobile Enrollment + product: Knox E-FOTA One cves: cve-2021-4104: investigated: false @@ -861,13 +861,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45105: investigated: false affected_versions: [] @@ -880,7 +880,7 @@ software: - '' last_updated: '2022-01-17T00:00:00' - vendor: Samsung Electronics America - product: Knox Configure + product: Knox Guard cves: cve-2021-4104: investigated: false @@ -892,13 +892,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45105: investigated: false affected_versions: [] @@ -911,7 +911,7 @@ software: - '' last_updated: '2022-01-17T00:00:00' - vendor: Samsung Electronics America - product: Knox Asset Intelligence + product: Knox License Management cves: cve-2021-4104: investigated: false @@ -923,13 +923,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45105: investigated: false affected_versions: [] @@ -942,7 +942,7 @@ software: - '' last_updated: '2022-01-17T00:00:00' - vendor: Samsung Electronics America - product: Knox E-FOTA One + product: Knox Manage cves: cve-2021-4104: investigated: false @@ -952,15 +952,15 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - 'All' + fixed_versions: + - Cloud + unaffected_versions: [] cve-2021-45046: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - 'All' + fixed_versions: + - Cloud + unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] @@ -985,13 +985,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45105: investigated: false affected_versions: [] @@ -1004,7 +1004,7 @@ software: - '' last_updated: '2022-01-17T00:00:00' - vendor: Samsung Electronics America - product: Knox Guard + product: Knox Mobile Enrollment cves: cve-2021-4104: investigated: false @@ -1016,13 +1016,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45105: investigated: false affected_versions: [] @@ -1035,7 +1035,7 @@ software: - '' last_updated: '2022-01-17T00:00:00' - vendor: Samsung Electronics America - product: Knox License Management + product: Knox Reseller Portal cves: cve-2021-4104: investigated: false @@ -1045,15 +1045,15 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - 'All' + fixed_versions: + - Cloud + unaffected_versions: [] cve-2021-45046: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - 'All' + fixed_versions: + - Cloud + unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] @@ -1361,7 +1361,7 @@ software: - '' last_updated: '2022-01-12T07:18:55+00:00' - vendor: Schneider Electric - product: EcoStruxure IT Gateway + product: EASYFIT cves: cve-2021-4104: investigated: false @@ -1370,9 +1370,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: - - V1.5.0 to V1.13.0 + affected_versions: + - Current software and earlier + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -1385,13 +1385,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://ecostruxureit.com/download-and-set-upecostruxureit-gateway/ + - https://www.se.com/us/en/download/document/7EN52-0390/ notes: '' references: - '' last_updated: '2021-12-20T00:00:00' - vendor: Schneider Electric - product: EcoStruxure IT Expert + product: Ecoreal XL cves: cve-2021-4104: investigated: false @@ -1400,9 +1400,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: - - Cloud + affected_versions: + - Current software and earlier + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -1414,13 +1414,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://www.se.com/us/en/download/document/7EN52-0390/ notes: '' references: - '' last_updated: '2021-12-20T00:00:00' - vendor: Schneider Electric - product: Facility Expert Small Business + product: EcoStruxure IT Expert cves: cve-2021-4104: investigated: false @@ -1443,14 +1444,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.se.com/us/en/download/document/7EN52-0390/ + vendor_links: [] notes: '' references: - '' last_updated: '2021-12-20T00:00:00' - vendor: Schneider Electric - product: Wiser by SE platform + product: EcoStruxure IT Gateway cves: cve-2021-4104: investigated: false @@ -1461,7 +1461,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - Cloud + - V1.5.0 to V1.13.0 unaffected_versions: [] cve-2021-45046: investigated: false @@ -1473,13 +1473,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://ecostruxureit.com/download-and-set-upecostruxureit-gateway/ notes: '' references: - '' last_updated: '2021-12-20T00:00:00' - vendor: Schneider Electric - product: EASYFIT + product: Eurotherm Data Reviewer cves: cve-2021-4104: investigated: false @@ -1489,7 +1490,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - Current software and earlier + - V3.0.2 and prior fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -1509,7 +1510,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: Schneider Electric - product: Ecoreal XL + product: Facility Expert Small Business cves: cve-2021-4104: investigated: false @@ -1518,9 +1519,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Current software and earlier - fixed_versions: [] + affected_versions: [] + fixed_versions: + - Cloud unaffected_versions: [] cve-2021-45046: investigated: false @@ -1539,7 +1540,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: Schneider Electric - product: Eurotherm Data Reviewer + product: MSE cves: cve-2021-4104: investigated: false @@ -1549,7 +1550,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - V3.0.2 and prior + - Current software and earlier fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -1569,7 +1570,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: Schneider Electric - product: MSE + product: NetBotz750/755 cves: cve-2021-4104: investigated: false @@ -1579,7 +1580,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - Current software and earlier + - Software versions 5.0 through 5.3.0 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -1599,7 +1600,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: Schneider Electric - product: NetBotz750/755 + product: NEW630 cves: cve-2021-4104: investigated: false @@ -1609,7 +1610,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - Software versions 5.0 through 5.3.0 + - Current software and earlier fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -1629,7 +1630,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: Schneider Electric - product: NEW630 + product: SDK BOM cves: cve-2021-4104: investigated: false @@ -1659,7 +1660,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: Schneider Electric - product: SDK BOM + product: SDK-Docgen cves: cve-2021-4104: investigated: false @@ -1689,7 +1690,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: Schneider Electric - product: SDK-Docgen + product: SDK-TNC cves: cve-2021-4104: investigated: false @@ -1719,7 +1720,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: Schneider Electric - product: SDK-TNC + product: SDK-UMS cves: cve-2021-4104: investigated: false @@ -1749,7 +1750,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: Schneider Electric - product: SDK-UMS + product: SDK3D2DRenderer cves: cve-2021-4104: investigated: false @@ -1779,7 +1780,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: Schneider Electric - product: SDK3D2DRenderer + product: SDK3D360Widget cves: cve-2021-4104: investigated: false @@ -1809,7 +1810,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: Schneider Electric - product: SDK3D360Widget + product: Select and Config DATA cves: cve-2021-4104: investigated: false @@ -1839,7 +1840,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: Schneider Electric - product: Select and Config DATA + product: SNC-API cves: cve-2021-4104: investigated: false @@ -1869,7 +1870,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: Schneider Electric - product: SNC-API + product: SNC-CMM cves: cve-2021-4104: investigated: false @@ -1899,7 +1900,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: Schneider Electric - product: SNC-CMM + product: SNCSEMTECH cves: cve-2021-4104: investigated: false @@ -1929,7 +1930,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: Schneider Electric - product: SNCSEMTECH + product: SPIMV3 cves: cve-2021-4104: investigated: false @@ -1959,7 +1960,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: Schneider Electric - product: SPIMV3 + product: SWBEditor cves: cve-2021-4104: investigated: false @@ -1989,7 +1990,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: Schneider Electric - product: SWBEditor + product: SWBEngine cves: cve-2021-4104: investigated: false @@ -2019,7 +2020,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: Schneider Electric - product: SWBEngine + product: Wiser by SE platform cves: cve-2021-4104: investigated: false @@ -2028,9 +2029,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Current software and earlier - fixed_versions: [] + affected_versions: [] + fixed_versions: + - Cloud unaffected_versions: [] cve-2021-45046: investigated: false @@ -2042,8 +2043,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.se.com/us/en/download/document/7EN52-0390/ + vendor_links: [] notes: '' references: - '' @@ -2252,7 +2252,7 @@ software: - '' last_updated: '2022-01-12T07:18:55+00:00' - vendor: Securonix - product: SNYPR Application + product: Extended Detection and Response (XDR) cves: cve-2021-4104: investigated: false @@ -2260,8 +2260,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -2275,8 +2276,8 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.securonix.com/wp-content/uploads/2021/12/CVE-2021-44228-Securonix-OnPrem-Customer-Update.pdf - notes: '' + - https://www.securonix.com/wp-content/uploads/2021/12/CVE-2021-44228-Securonix-Cloud-Customer-Update.pdf + notes: Patching ongoing as of 12/10/2021 references: - '' last_updated: '2021-12-10T00:00:00' @@ -2311,7 +2312,7 @@ software: - '' last_updated: '2021-12-10T00:00:00' - vendor: Securonix - product: User and Entity Behavior Analytics(UEBA) + product: Security Analytics and Operations Platform (SOAR) cves: cve-2021-4104: investigated: false @@ -2341,7 +2342,7 @@ software: - '' last_updated: '2021-12-10T00:00:00' - vendor: Securonix - product: Security Analytics and Operations Platform (SOAR) + product: SNYPR Application cves: cve-2021-4104: investigated: false @@ -2349,9 +2350,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - All + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -2365,13 +2365,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.securonix.com/wp-content/uploads/2021/12/CVE-2021-44228-Securonix-Cloud-Customer-Update.pdf - notes: Patching ongoing as of 12/10/2021 + - https://www.securonix.com/wp-content/uploads/2021/12/CVE-2021-44228-Securonix-OnPrem-Customer-Update.pdf + notes: '' references: - '' last_updated: '2021-12-10T00:00:00' - vendor: Securonix - product: Extended Detection and Response (XDR) + product: User and Entity Behavior Analytics(UEBA) cves: cve-2021-4104: investigated: false @@ -2906,7 +2906,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Siemens Healthineers - product: DICOM Proxy VB10A + product: Cios Flow S1 / Alpha / Spin VA30 cves: cve-2021-4104: investigated: false @@ -2930,12 +2930,12 @@ software: unaffected_versions: [] vendor_links: - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'Workaround: remove the vulnerable class from the .jar file' + notes: evaluation ongoing references: - '' last_updated: '2021-12-22T00:00:00' - vendor: Siemens Healthineers - product: Somatom Scope Som5 VC50 + product: Cios Select FD/I.I. VA21 / VA21-S3P cves: cve-2021-4104: investigated: false @@ -2964,7 +2964,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Siemens Healthineers - product: Somatom Emotion Som5 VC50 + product: DICOM Proxy VB10A cves: cve-2021-4104: investigated: false @@ -2988,7 +2988,7 @@ software: unaffected_versions: [] vendor_links: - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: evaluation ongoing + notes: 'Workaround: remove the vulnerable class from the .jar file' references: - '' last_updated: '2021-12-22T00:00:00' @@ -3546,7 +3546,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Siemens Healthineers - product: Syngo Carbon Space VA10A / VA10A-CUT2 / VA20A + product: SENSIS DMCC / DMCM / TS / VM / PPWS / DS VD12A cves: cve-2021-4104: investigated: false @@ -3570,12 +3570,12 @@ software: unaffected_versions: [] vendor_links: - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'Workaround: remove the vulnerable class from the .jar file' + notes: evaluation ongoing references: - '' last_updated: '2021-12-22T00:00:00' - vendor: Siemens Healthineers - product: Syngo MobileViewer VA10A + product: Somatom Emotion Som5 VC50 cves: cve-2021-4104: investigated: false @@ -3599,13 +3599,12 @@ software: unaffected_versions: [] vendor_links: - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: The vulnerability will be patch/mitigated in upcoming releases\patches. + notes: evaluation ongoing references: - '' last_updated: '2021-12-22T00:00:00' - vendor: Siemens Healthineers - product: syngo Plaza VB20A / VB20A_HF01 - HF07 / VB30A / VB30A_HF01 / VB30A_HF02 - / VB30B / VB30C / VB30C_HF01 - HF06 / VB30C_HF91 + product: Somatom Scope Som5 VC50 cves: cve-2021-4104: investigated: false @@ -3629,13 +3628,12 @@ software: unaffected_versions: [] vendor_links: - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'Workaround: remove the vulnerable class from the .jar file' + notes: evaluation ongoing references: - '' last_updated: '2021-12-22T00:00:00' - vendor: Siemens Healthineers - product: syngo Workflow MLR VB37A / VB37A_HF01 / VB37A_HF02 / VB37B / VB37B_HF01 - - HF07 / VB37B_HF93 / VB37B_HF94 / VB37B_HF96 + product: Syngo Carbon Space VA10A / VA10A-CUT2 / VA20A cves: cve-2021-4104: investigated: false @@ -3659,15 +3657,12 @@ software: unaffected_versions: [] vendor_links: - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: Please contact your Customer Service to get support on mitigating the vulnerability. + notes: 'Workaround: remove the vulnerable class from the .jar file' references: - '' last_updated: '2021-12-22T00:00:00' - vendor: Siemens Healthineers - product: syngo.via VB20A / VB20A_HF01 - HF08 / VB20A_HF91 / VB20B / VB30A / VB30A_HF01 - - VB30A_HF08 / VB30A_HF91VB30B / VB30B_HF01 / VB40A / VB40A_HF01 - HF02 /VB40B - / VB40B_HF01 - HF05 / VB50A / VB50A_CUT / VB50A_D4VB50B / VB50B_HF01 - HF03 - / VB60A / VB60A_CUT / VB60A_D4 / VB60A_HF01 + product: Syngo MobileViewer VA10A cves: cve-2021-4104: investigated: false @@ -3691,12 +3686,13 @@ software: unaffected_versions: [] vendor_links: - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'Workaround: remove the vulnerable class from the .jar file' + notes: The vulnerability will be patch/mitigated in upcoming releases\patches. references: - '' last_updated: '2021-12-22T00:00:00' - vendor: Siemens Healthineers - product: SENSIS DMCC / DMCM / TS / VM / PPWS / DS VD12A + product: syngo Plaza VB20A / VB20A_HF01 - HF07 / VB30A / VB30A_HF01 / VB30A_HF02 + / VB30B / VB30C / VB30C_HF01 - HF06 / VB30C_HF91 cves: cve-2021-4104: investigated: false @@ -3720,12 +3716,13 @@ software: unaffected_versions: [] vendor_links: - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: evaluation ongoing + notes: 'Workaround: remove the vulnerable class from the .jar file' references: - '' last_updated: '2021-12-22T00:00:00' - vendor: Siemens Healthineers - product: Cios Select FD/I.I. VA21 / VA21-S3P + product: syngo Workflow MLR VB37A / VB37A_HF01 / VB37A_HF02 / VB37B / VB37B_HF01 + - HF07 / VB37B_HF93 / VB37B_HF94 / VB37B_HF96 cves: cve-2021-4104: investigated: false @@ -3749,12 +3746,15 @@ software: unaffected_versions: [] vendor_links: - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: evaluation ongoing + notes: Please contact your Customer Service to get support on mitigating the vulnerability. references: - '' last_updated: '2021-12-22T00:00:00' - vendor: Siemens Healthineers - product: Cios Flow S1 / Alpha / Spin VA30 + product: syngo.via VB20A / VB20A_HF01 - HF08 / VB20A_HF91 / VB20B / VB30A / VB30A_HF01 + - VB30A_HF08 / VB30A_HF91VB30B / VB30B_HF01 / VB40A / VB40A_HF01 - HF02 /VB40B + / VB40B_HF01 - HF05 / VB50A / VB50A_CUT / VB50A_D4VB50B / VB50B_HF01 - HF03 + / VB60A / VB60A_CUT / VB60A_D4 / VB60A_HF01 cves: cve-2021-4104: investigated: false @@ -3778,7 +3778,7 @@ software: unaffected_versions: [] vendor_links: - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: evaluation ongoing + notes: 'Workaround: remove the vulnerable class from the .jar file' references: - '' last_updated: '2021-12-22T00:00:00' @@ -3901,7 +3901,7 @@ software: - '' last_updated: '2022-01-12T07:18:55+00:00' - vendor: Sierra Wireless - product: AM/AMM servers + product: AirVantage and Octave cloud platforms cves: cve-2021-4104: investigated: false @@ -3925,12 +3925,13 @@ software: unaffected_versions: [] vendor_links: - https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2021-007/#sthash.iT98k4HP.dpbs - notes: '' + notes: These systems do not operate with the specific non-standard configuration + required for CVE-2021-25046 and hence were not vulnerable to it. references: - '' last_updated: '2022-01-05T00:00:00' - vendor: Sierra Wireless - product: AirVantage and Octave cloud platforms + product: AM/AMM servers cves: cve-2021-4104: investigated: false @@ -3954,8 +3955,7 @@ software: unaffected_versions: [] vendor_links: - https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2021-007/#sthash.iT98k4HP.dpbs - notes: These systems do not operate with the specific non-standard configuration - required for CVE-2021-25046 and hence were not vulnerable to it. + notes: '' references: - '' last_updated: '2022-01-05T00:00:00' @@ -4283,8 +4283,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:55+00:00' - - vendor: Snakemake - product: Snakemake + - vendor: Sn0m + product: '' cves: cve-2021-4104: investigated: false @@ -4292,11 +4292,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - 6.12.1 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -4308,13 +4307,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://snakemake.readthedocs.io/en/stable/ + - https://www.snom.com/en/press/log4j-poses-no-threat-snom-phones/ notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Sn0m - product: '' + last_updated: '2022-01-12T07:18:55+00:00' + - vendor: Snakemake + product: Snakemake cves: cve-2021-4104: investigated: false @@ -4322,10 +4321,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 6.12.1 cve-2021-45046: investigated: false affected_versions: [] @@ -4337,11 +4337,11 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.snom.com/en/press/log4j-poses-no-threat-snom-phones/ + - https://snakemake.readthedocs.io/en/stable/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2021-12-21T00:00:00' - vendor: Snow Software product: Snow Commander cves: @@ -4645,7 +4645,7 @@ software: - '' last_updated: '2021-12-29T00:00:00' - vendor: SonicWall - product: Capture Client & Capture Client Portal + product: Access Points cves: cve-2021-4104: investigated: false @@ -4669,12 +4669,12 @@ software: unaffected_versions: [] vendor_links: - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - notes: Log4j2 not used in the Capture Client. + notes: Log4j2 not used in the SonicWall Access Points references: - '' last_updated: '2021-12-12T00:00:00' - vendor: SonicWall - product: Access Points + product: Analytics cves: cve-2021-4104: investigated: false @@ -4698,12 +4698,12 @@ software: unaffected_versions: [] vendor_links: - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - notes: Log4j2 not used in the SonicWall Access Points + notes: Under Review references: - '' last_updated: '2021-12-12T00:00:00' - vendor: SonicWall - product: Analytics + product: Analyzer cves: cve-2021-4104: investigated: false @@ -4732,7 +4732,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: SonicWall - product: Analyzer + product: Capture Client & Capture Client Portal cves: cve-2021-4104: investigated: false @@ -4756,7 +4756,7 @@ software: unaffected_versions: [] vendor_links: - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - notes: Under Review + notes: Log4j2 not used in the Capture Client. references: - '' last_updated: '2021-12-12T00:00:00' @@ -5553,7 +5553,7 @@ software: - '' last_updated: '2022-01-12T07:18:55+00:00' - vendor: Spacelabs Healthcare - product: XprezzNet + product: ABP cves: cve-2021-4104: investigated: false @@ -5565,7 +5565,9 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '96190' + - OnTrak + - 90217A + - and 90207 cve-2021-45046: investigated: false affected_versions: [] @@ -5583,7 +5585,7 @@ software: - '' last_updated: '2022-01-05T00:00:00' - vendor: Spacelabs Healthcare - product: Intesys Clinical Suite (ICS) + product: CardioExpress cves: cve-2021-4104: investigated: false @@ -5591,10 +5593,13 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - SL6A + - SL12A + - and SL18A cve-2021-45046: investigated: false affected_versions: [] @@ -5612,7 +5617,7 @@ software: - '' last_updated: '2022-01-05T00:00:00' - vendor: Spacelabs Healthcare - product: Intesys Clinical Suite (ICS) Clinical Access Workstations + product: DM3 and DM4 Monitors cves: cve-2021-4104: investigated: false @@ -5641,7 +5646,7 @@ software: - '' last_updated: '2022-01-05T00:00:00' - vendor: Spacelabs Healthcare - product: Xhibit Telemetry Receiver (XTR) + product: Eclipse Pro cves: cve-2021-4104: investigated: false @@ -5649,11 +5654,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '96280' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -5671,7 +5675,7 @@ software: - '' last_updated: '2022-01-05T00:00:00' - vendor: Spacelabs Healthcare - product: Xhibit, XC4 + product: EVO cves: cve-2021-4104: investigated: false @@ -5679,12 +5683,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - Xhibit 96102 - - XC4 96501 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -5702,7 +5704,7 @@ software: - '' last_updated: '2022-01-05T00:00:00' - vendor: Spacelabs Healthcare - product: Xprezzon + product: Intesys Clinical Suite (ICS) cves: cve-2021-4104: investigated: false @@ -5710,11 +5712,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '91393' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -5732,7 +5733,7 @@ software: - '' last_updated: '2022-01-05T00:00:00' - vendor: Spacelabs Healthcare - product: Qube + product: Intesys Clinical Suite (ICS) Clinical Access Workstations cves: cve-2021-4104: investigated: false @@ -5740,11 +5741,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '91390' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -5762,7 +5762,7 @@ software: - '' last_updated: '2022-01-05T00:00:00' - vendor: Spacelabs Healthcare - product: Qube Mini + product: Lifescreen Pro cves: cve-2021-4104: investigated: false @@ -5770,11 +5770,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '91389' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -5792,7 +5791,7 @@ software: - '' last_updated: '2022-01-05T00:00:00' - vendor: Spacelabs Healthcare - product: Ultraview SL + product: Pathfinder SL cves: cve-2021-4104: investigated: false @@ -5800,14 +5799,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '91367' - - '91369' - - '91370' - - and 91387 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -5825,7 +5820,7 @@ software: - '' last_updated: '2022-01-05T00:00:00' - vendor: Spacelabs Healthcare - product: DM3 and DM4 Monitors + product: Qube cves: cve-2021-4104: investigated: false @@ -5833,10 +5828,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '91390' cve-2021-45046: investigated: false affected_versions: [] @@ -5854,7 +5850,7 @@ software: - '' last_updated: '2022-01-05T00:00:00' - vendor: Spacelabs Healthcare - product: Sentinel + product: Qube Mini cves: cve-2021-4104: investigated: false @@ -5862,10 +5858,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '91389' cve-2021-45046: investigated: false affected_versions: [] @@ -5883,7 +5880,7 @@ software: - '' last_updated: '2022-01-05T00:00:00' - vendor: Spacelabs Healthcare - product: Pathfinder SL + product: SafeNSound cves: cve-2021-4104: investigated: false @@ -5891,9 +5888,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 4.3.1 unaffected_versions: [] cve-2021-45046: investigated: false @@ -5907,12 +5905,12 @@ software: unaffected_versions: [] vendor_links: - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ - notes: '' + notes: Version >4.3.1 - Not Affected references: - '' last_updated: '2022-01-05T00:00:00' - vendor: Spacelabs Healthcare - product: Lifescreen Pro + product: Sentinel cves: cve-2021-4104: investigated: false @@ -5941,7 +5939,7 @@ software: - '' last_updated: '2022-01-05T00:00:00' - vendor: Spacelabs Healthcare - product: EVO + product: Spacelabs Cloud cves: cve-2021-4104: investigated: false @@ -5970,7 +5968,7 @@ software: - '' last_updated: '2022-01-05T00:00:00' - vendor: Spacelabs Healthcare - product: Eclipse Pro + product: Ultraview SL cves: cve-2021-4104: investigated: false @@ -5978,10 +5976,14 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '91367' + - '91369' + - '91370' + - and 91387 cve-2021-45046: investigated: false affected_versions: [] @@ -5999,7 +6001,7 @@ software: - '' last_updated: '2022-01-05T00:00:00' - vendor: Spacelabs Healthcare - product: CardioExpress + product: Xhibit Telemetry Receiver (XTR) cves: cve-2021-4104: investigated: false @@ -6011,9 +6013,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - SL6A - - SL12A - - and SL18A + - '96280' cve-2021-45046: investigated: false affected_versions: [] @@ -6031,7 +6031,7 @@ software: - '' last_updated: '2022-01-05T00:00:00' - vendor: Spacelabs Healthcare - product: ABP + product: Xhibit, XC4 cves: cve-2021-4104: investigated: false @@ -6043,9 +6043,8 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - OnTrak - - 90217A - - and 90207 + - Xhibit 96102 + - XC4 96501 cve-2021-45046: investigated: false affected_versions: [] @@ -6063,7 +6062,7 @@ software: - '' last_updated: '2022-01-05T00:00:00' - vendor: Spacelabs Healthcare - product: Spacelabs Cloud + product: XprezzNet cves: cve-2021-4104: investigated: false @@ -6071,10 +6070,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '96190' cve-2021-45046: investigated: false affected_versions: [] @@ -6092,7 +6092,7 @@ software: - '' last_updated: '2022-01-05T00:00:00' - vendor: Spacelabs Healthcare - product: SafeNSound + product: Xprezzon cves: cve-2021-4104: investigated: false @@ -6102,9 +6102,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - 4.3.1 - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '91393' cve-2021-45046: investigated: false affected_versions: [] @@ -6117,7 +6117,7 @@ software: unaffected_versions: [] vendor_links: - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ - notes: Version >4.3.1 - Not Affected + notes: '' references: - '' last_updated: '2022-01-05T00:00:00' @@ -6180,7 +6180,7 @@ software: - '' last_updated: '2022-01-12T07:18:55+00:00' - vendor: Splunk - product: Splunk Add-On for Java Management Extensions [App ID 2647](https://splunkbase.splunk.com/app/2647) + product: Data Stream Processor cves: cve-2021-4104: investigated: false @@ -6190,7 +6190,9 @@ software: cve-2021-44228: investigated: true affected_versions: - - 5.2.0 and older + - DSP 1.0.x + - DSP 1.1.x + - DSP 1.2.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -6210,7 +6212,7 @@ software: - '' last_updated: '2021-12-30T08:20:00-08:00' - vendor: Splunk - product: Splunk Splunk Add-On for JBoss [App ID 2954](https://splunkbase.splunk.com/app/2954/) + product: IT Essentials Work [App ID 5403](https://splunkbase.splunk.com/app/5403/) cves: cve-2021-4104: investigated: false @@ -6220,7 +6222,9 @@ software: cve-2021-44228: investigated: true affected_versions: - - 3.0.0 and older + - '4.11' + - 4.10.x (Cloud only) + - 4.9.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -6240,7 +6244,7 @@ software: - '' last_updated: '2021-12-30T08:20:00-08:00' - vendor: Splunk - product: Splunk Add-On for Tomcat [App ID 2911](https://splunkbase.splunk.com/app/2911/) + product: IT Service Intelligence (ITSI) [App ID 1841](https://splunkbase.splunk.com/app/1841/) cves: cve-2021-4104: investigated: false @@ -6250,7 +6254,13 @@ software: cve-2021-44228: investigated: true affected_versions: - - 3.0.0 and older + - 4.11.0 + - 4.10.x (Cloud only) + - 4.9.x + - 4.8.x (Cloud only) + - 4.7.x + - 4.6.x + - 4.5.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -6270,7 +6280,7 @@ software: - '' last_updated: '2021-12-30T08:20:00-08:00' - vendor: Splunk - product: Data Stream Processor + product: Splunk Add-On for Java Management Extensions [App ID 2647](https://splunkbase.splunk.com/app/2647) cves: cve-2021-4104: investigated: false @@ -6280,9 +6290,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - DSP 1.0.x - - DSP 1.1.x - - DSP 1.2.x + - 5.2.0 and older fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -6302,7 +6310,7 @@ software: - '' last_updated: '2021-12-30T08:20:00-08:00' - vendor: Splunk - product: IT Essentials Work [App ID 5403](https://splunkbase.splunk.com/app/5403/) + product: Splunk Add-On for Tomcat [App ID 2911](https://splunkbase.splunk.com/app/2911/) cves: cve-2021-4104: investigated: false @@ -6312,9 +6320,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '4.11' - - 4.10.x (Cloud only) - - 4.9.x + - 3.0.0 and older fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -6334,7 +6340,7 @@ software: - '' last_updated: '2021-12-30T08:20:00-08:00' - vendor: Splunk - product: IT Service Intelligence (ITSI) [App ID 1841](https://splunkbase.splunk.com/app/1841/) + product: Splunk Application Performance Monitoring cves: cve-2021-4104: investigated: false @@ -6344,13 +6350,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 4.11.0 - - 4.10.x (Cloud only) - - 4.9.x - - 4.8.x (Cloud only) - - 4.7.x - - 4.6.x - - 4.5.x + - Current fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -6492,7 +6492,7 @@ software: - '' last_updated: '2021-12-30T08:20:00-08:00' - vendor: Splunk - product: Splunk Logging Library for Java + product: Splunk Infrastructure Monitoring cves: cve-2021-4104: investigated: false @@ -6502,7 +6502,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 1.11.0 and older + - Current fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -6522,7 +6522,7 @@ software: - '' last_updated: '2021-12-30T08:20:00-08:00' - vendor: Splunk - product: Splunk OVA for VMWare [App ID 3216](https://splunkbase.splunk.com/app/3216/) + product: Splunk Log Observer cves: cve-2021-4104: investigated: false @@ -6532,7 +6532,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 4.0.3 and older + - Current fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -6552,7 +6552,7 @@ software: - '' last_updated: '2021-12-30T08:20:00-08:00' - vendor: Splunk - product: Splunk OVA for VMWare Metrics [App ID 5096](https://splunkbase.splunk.com/app/5096/) + product: Splunk Logging Library for Java cves: cve-2021-4104: investigated: false @@ -6562,7 +6562,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 4.2.1 and older + - 1.11.0 and older fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -6582,7 +6582,7 @@ software: - '' last_updated: '2021-12-30T08:20:00-08:00' - vendor: Splunk - product: Splunk VMWare OVA for ITSI [App ID 4760](https://splunkbase.splunk.com/app/4760/) + product: Splunk On-call / VictorOps cves: cve-2021-4104: investigated: false @@ -6592,7 +6592,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 1.1.1 and older + - Current fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -6612,7 +6612,7 @@ software: - '' last_updated: '2021-12-30T08:20:00-08:00' - vendor: Splunk - product: Splunk On-call / VictorOps + product: Splunk OVA for VMWare [App ID 3216](https://splunkbase.splunk.com/app/3216/) cves: cve-2021-4104: investigated: false @@ -6622,7 +6622,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - Current + - 4.0.3 and older fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -6642,7 +6642,7 @@ software: - '' last_updated: '2021-12-30T08:20:00-08:00' - vendor: Splunk - product: Splunk Real User Monitoring + product: Splunk OVA for VMWare Metrics [App ID 5096](https://splunkbase.splunk.com/app/5096/) cves: cve-2021-4104: investigated: false @@ -6652,7 +6652,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - Current + - 4.2.1 and older fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -6672,7 +6672,7 @@ software: - '' last_updated: '2021-12-30T08:20:00-08:00' - vendor: Splunk - product: Splunk Application Performance Monitoring + product: Splunk Real User Monitoring cves: cve-2021-4104: investigated: false @@ -6702,7 +6702,7 @@ software: - '' last_updated: '2021-12-30T08:20:00-08:00' - vendor: Splunk - product: Splunk Infrastructure Monitoring + product: Splunk Splunk Add-On for JBoss [App ID 2954](https://splunkbase.splunk.com/app/2954/) cves: cve-2021-4104: investigated: false @@ -6712,7 +6712,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - Current + - 3.0.0 and older fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -6732,7 +6732,7 @@ software: - '' last_updated: '2021-12-30T08:20:00-08:00' - vendor: Splunk - product: Splunk Log Observer + product: Splunk Synthetics cves: cve-2021-4104: investigated: false @@ -6762,7 +6762,7 @@ software: - '' last_updated: '2021-12-30T08:20:00-08:00' - vendor: Splunk - product: Splunk Synthetics + product: Splunk UBA OVA Software cves: cve-2021-4104: investigated: false @@ -6772,7 +6772,8 @@ software: cve-2021-44228: investigated: true affected_versions: - - Current + - 5.0.3a + - 5.0.0 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -6792,7 +6793,7 @@ software: - '' last_updated: '2021-12-30T08:20:00-08:00' - vendor: Splunk - product: Splunk UBA OVA Software + product: Splunk VMWare OVA for ITSI [App ID 4760](https://splunkbase.splunk.com/app/4760/) cves: cve-2021-4104: investigated: false @@ -6802,8 +6803,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 5.0.3a - - 5.0.0 + - 1.1.1 and older fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -6998,7 +6998,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: DSD Edge + product: AMSCO 2000 SERIES WASHER DISINFECTORS cves: cve-2021-4104: investigated: false @@ -7027,7 +7027,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: EndoDry + product: AMSCO 3000 SERIES WASHER DISINFECTORS cves: cve-2021-4104: investigated: false @@ -7056,7 +7056,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: RapidAER + product: AMSCO 400 MEDIUM STEAM STERILIZER cves: cve-2021-4104: investigated: false @@ -7085,7 +7085,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: Endora + product: AMSCO 400 SMALL STEAM STERILIZERS cves: cve-2021-4104: investigated: false @@ -7114,7 +7114,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: Canexis 1.0 + product: AMSCO 5000 SERIES WASHER DISINFECTORS cves: cve-2021-4104: investigated: false @@ -7143,7 +7143,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: ConnectoHIS + product: AMSCO 600 MEDIUM STEAM STERILIZER cves: cve-2021-4104: investigated: false @@ -7172,7 +7172,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: ScopeBuddy+ + product: AMSCO 7000 SERIES WASHER DISINFECTORS cves: cve-2021-4104: investigated: false @@ -7201,7 +7201,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: DSD-201, + product: AMSCO CENTURY MEDIUM STEAM STERILIZER cves: cve-2021-4104: investigated: false @@ -7230,7 +7230,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: CER Optima + product: AMSCO CENTURY SMALL STEAM STERILIZER cves: cve-2021-4104: investigated: false @@ -7259,7 +7259,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: Renatron + product: AMSCO EAGLE 3000 SERIES STAGE 3 STEAM STERILIZERS cves: cve-2021-4104: investigated: false @@ -7288,7 +7288,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: ConnectAssure Technology + product: AMSCO EVOLUTION FLOOR LOADER STEAM STERILIZER cves: cve-2021-4104: investigated: false @@ -7317,7 +7317,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: SPM Surgical Asset Tracking Software + product: AMSCO EVOLUTION MEDIUM STEAM STERILIZER cves: cve-2021-4104: investigated: false @@ -7346,7 +7346,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: CS-iQ Sterile Processing Workflow + product: Canexis 1.0 cves: cve-2021-4104: investigated: false @@ -7375,7 +7375,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: AMSCO 2000 SERIES WASHER DISINFECTORS + product: CELERITY HP INCUBATOR cves: cve-2021-4104: investigated: false @@ -7404,7 +7404,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: AMSCO 3000 SERIES WASHER DISINFECTORS + product: CELERITY STEAM INCUBATOR cves: cve-2021-4104: investigated: false @@ -7433,7 +7433,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: AMSCO 5000 SERIES WASHER DISINFECTORS + product: CER Optima cves: cve-2021-4104: investigated: false @@ -7462,7 +7462,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: AMSCO 7000 SERIES WASHER DISINFECTORS + product: Clarity Software cves: cve-2021-4104: investigated: false @@ -7491,7 +7491,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: RELIANCE 444 WASHER DISINFECTOR + product: Connect Software cves: cve-2021-4104: investigated: false @@ -7520,7 +7520,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: RELIANCE SYNERGY WASHER DISINFECTOR + product: ConnectAssure Technology cves: cve-2021-4104: investigated: false @@ -7549,7 +7549,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: RELIANCE VISION 1300 SERIES CART AND UTENSIL WASHER DISINFECTORS + product: ConnectoHIS cves: cve-2021-4104: investigated: false @@ -7578,7 +7578,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: RELIANCE VISION MULTI- CHAMBER WASHER DISINFECTOR + product: CS-iQ Sterile Processing Workflow cves: cve-2021-4104: investigated: false @@ -7607,7 +7607,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: RELIANCE VISION SINGLE CHAMBER WASHER DISINFECTOR + product: DSD Edge cves: cve-2021-4104: investigated: false @@ -7636,7 +7636,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: AMSCO 400 MEDIUM STEAM STERILIZER + product: DSD-201, cves: cve-2021-4104: investigated: false @@ -7665,7 +7665,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: AMSCO 400 SMALL STEAM STERILIZERS + product: EndoDry cves: cve-2021-4104: investigated: false @@ -7694,7 +7694,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: AMSCO 600 MEDIUM STEAM STERILIZER + product: Endora cves: cve-2021-4104: investigated: false @@ -7723,7 +7723,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: AMSCO CENTURY MEDIUM STEAM STERILIZER + product: Harmony iQ Integration Systems cves: cve-2021-4104: investigated: false @@ -7752,7 +7752,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: AMSCO CENTURY SMALL STEAM STERILIZER + product: Harmony iQ Perspectives Image Management System cves: cve-2021-4104: investigated: false @@ -7781,7 +7781,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: AMSCO EAGLE 3000 SERIES STAGE 3 STEAM STERILIZERS + product: HexaVue cves: cve-2021-4104: investigated: false @@ -7810,7 +7810,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: AMSCO EVOLUTION FLOOR LOADER STEAM STERILIZER + product: HexaVue Integration System cves: cve-2021-4104: investigated: false @@ -7839,7 +7839,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: AMSCO EVOLUTION MEDIUM STEAM STERILIZER + product: IDSS Integration System cves: cve-2021-4104: investigated: false @@ -7868,7 +7868,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: CELERITY HP INCUBATOR + product: RapidAER cves: cve-2021-4104: investigated: false @@ -7897,7 +7897,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: CELERITY STEAM INCUBATOR + product: ReadyTracker cves: cve-2021-4104: investigated: false @@ -7926,7 +7926,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: VERIFY INCUBATOR FOR ASSERT SELF-CONTAINED BIOLOGICAL INDICATORS + product: RealView Visual Workflow Management System cves: cve-2021-4104: investigated: false @@ -7955,7 +7955,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: SYSTEM 1 endo LIQUID CHEMICAL STERILANT PROCESSING SYSTEM + product: RELIANCE 444 WASHER DISINFECTOR cves: cve-2021-4104: investigated: false @@ -7984,7 +7984,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: V-PRO 1 LOW TEMPERATURE STERILIZATION SYSTEM + product: RELIANCE SYNERGY WASHER DISINFECTOR cves: cve-2021-4104: investigated: false @@ -8013,7 +8013,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: V-PRO 1 PLUS LOW TEMPERATURE STERILIZATION SYSTEM + product: RELIANCE VISION 1300 SERIES CART AND UTENSIL WASHER DISINFECTORS cves: cve-2021-4104: investigated: false @@ -8042,7 +8042,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: V-PRO MAX 2 LOW TEMPERATURE STERILIZATION SYSTEM + product: RELIANCE VISION MULTI- CHAMBER WASHER DISINFECTOR cves: cve-2021-4104: investigated: false @@ -8071,7 +8071,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: V-PRO MAX LOW TEMPERATURE STERILIZATION SYSTEM + product: RELIANCE VISION SINGLE CHAMBER WASHER DISINFECTOR cves: cve-2021-4104: investigated: false @@ -8100,7 +8100,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: V-PRO S2 LOW TEMPERATURE STERILIZATION SYSTEM + product: Renatron cves: cve-2021-4104: investigated: false @@ -8129,7 +8129,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: SecureCare ProConnect Technical Support Services + product: ScopeBuddy+ cves: cve-2021-4104: investigated: false @@ -8158,7 +8158,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: HexaVue Integration System + product: SecureCare ProConnect Technical Support Services cves: cve-2021-4104: investigated: false @@ -8187,7 +8187,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: IDSS Integration System + product: Situational Awareness for Everyone Display (S.A.F.E.) cves: cve-2021-4104: investigated: false @@ -8216,7 +8216,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: Harmony iQ Integration Systems + product: SPM Surgical Asset Tracking Software cves: cve-2021-4104: investigated: false @@ -8245,7 +8245,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: HexaVue + product: SYSTEM 1 endo LIQUID CHEMICAL STERILANT PROCESSING SYSTEM cves: cve-2021-4104: investigated: false @@ -8274,7 +8274,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: Connect Software + product: V-PRO 1 LOW TEMPERATURE STERILIZATION SYSTEM cves: cve-2021-4104: investigated: false @@ -8303,7 +8303,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: Harmony iQ Perspectives Image Management System + product: V-PRO 1 PLUS LOW TEMPERATURE STERILIZATION SYSTEM cves: cve-2021-4104: investigated: false @@ -8332,7 +8332,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: Clarity Software + product: V-PRO MAX 2 LOW TEMPERATURE STERILIZATION SYSTEM cves: cve-2021-4104: investigated: false @@ -8361,7 +8361,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: Situational Awareness for Everyone Display (S.A.F.E.) + product: V-PRO MAX LOW TEMPERATURE STERILIZATION SYSTEM cves: cve-2021-4104: investigated: false @@ -8390,7 +8390,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: RealView Visual Workflow Management System + product: V-PRO S2 LOW TEMPERATURE STERILIZATION SYSTEM cves: cve-2021-4104: investigated: false @@ -8419,7 +8419,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: ReadyTracker + product: VERIFY INCUBATOR FOR ASSERT SELF-CONTAINED BIOLOGICAL INDICATORS cves: cve-2021-4104: investigated: false diff --git a/data/cisagov_T.yml b/data/cisagov_T.yml index ff7a99e..de948b6 100644 --- a/data/cisagov_T.yml +++ b/data/cisagov_T.yml @@ -5,7 +5,7 @@ owners: url: https://github.com/cisagov/log4j-affected-db software: - vendor: Tableau - product: Tableau Server + product: Tableau Bridge cves: cve-2021-4104: investigated: false @@ -15,19 +15,19 @@ software: cve-2021-44228: investigated: true affected_versions: - - 'The following versions and lower: 2021.4' - - 2021.3.4 - - 2021.2.5 - - 2021.1.8 - - 2020.4.11 - - 2020.3.14 - - 2020.2.19 - - 2020.1.22 - - 2019.4.25 - - 2019.3.26 - - 2019.2.29 - - 2019.1.29 - - 2018.3.29 + - 'The following versions and lower: 20214.21.1109.1748' + - 20213.21.1112.1434 + - 20212.21.0818.1843 + - 20211.21.0617.1133 + - 20204.21.0217.1203 + - 20203.20.0913.2112 + - 20202.20.0721.1350 + - 20201.20.0614.2321 + - 20194.20.0614.2307 + - 20193.20.0614.2306 + - 20192.19.0917.1648 + - 20191.19.0402.1911 + - 20183.19.0115.1143 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -191,7 +191,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Tableau - product: Tableau Bridge + product: Tableau Server cves: cve-2021-4104: investigated: false @@ -201,19 +201,19 @@ software: cve-2021-44228: investigated: true affected_versions: - - 'The following versions and lower: 20214.21.1109.1748' - - 20213.21.1112.1434 - - 20212.21.0818.1843 - - 20211.21.0617.1133 - - 20204.21.0217.1203 - - 20203.20.0913.2112 - - 20202.20.0721.1350 - - 20201.20.0614.2321 - - 20194.20.0614.2307 - - 20193.20.0614.2306 - - 20192.19.0917.1648 - - 20191.19.0402.1911 - - 20183.19.0115.1143 + - 'The following versions and lower: 2021.4' + - 2021.3.4 + - 2021.2.5 + - 2021.1.8 + - 2020.4.11 + - 2020.3.14 + - 2020.2.19 + - 2020.1.22 + - 2019.4.25 + - 2019.3.26 + - 2019.2.29 + - 2019.1.29 + - 2018.3.29 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -557,7 +557,7 @@ software: - '' last_updated: '2022-01-12T07:18:56+00:00' - vendor: Thales - product: CipherTrust Application Data Protection (CADP) – CAPI.net & Net Core + product: CADP/SafeNet Protect App (PA) - JCE cves: cve-2021-4104: investigated: false @@ -586,7 +586,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: CipherTrust Cloud Key Manager (CCKM) Embedded + product: CipherTrust Application Data Protection (CADP) – CAPI.net & Net Core cves: cve-2021-4104: investigated: false @@ -615,7 +615,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: CipherTrust Database Protection + product: CipherTrust Batch Data Transformation (BDT) 2.3 cves: cve-2021-4104: investigated: false @@ -644,7 +644,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: CipherTrust Manager + product: CipherTrust Cloud Key Manager (CCKM) Appliance cves: cve-2021-4104: investigated: false @@ -673,7 +673,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: CipherTrust Transparent Encryption (CTE/VTE/CTE-U) + product: CipherTrust Cloud Key Manager (CCKM) Embedded cves: cve-2021-4104: investigated: false @@ -702,7 +702,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: CipherTrust Vaultless Tokenization (CTS, CT-VL) + product: CipherTrust Database Protection cves: cve-2021-4104: investigated: false @@ -731,7 +731,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: Data Protection on Demand + product: CipherTrust Manager cves: cve-2021-4104: investigated: false @@ -760,7 +760,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: Data Security Manager (DSM) + product: CipherTrust Transparent Encryption (CTE/VTE/CTE-U) cves: cve-2021-4104: investigated: false @@ -789,7 +789,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: KeySecure + product: CipherTrust Vaulted Tokenization (CT-V) / SafeNet Tokenization Manager cves: cve-2021-4104: investigated: false @@ -818,7 +818,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: Luna EFT + product: CipherTrust Vaultless Tokenization (CTS, CT-VL) cves: cve-2021-4104: investigated: false @@ -847,7 +847,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: Luna Network, PCIe, Luna USB HSM and backup devices + product: CipherTrust/SafeNet PDBCTL cves: cve-2021-4104: investigated: false @@ -876,7 +876,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: Luna SP + product: Crypto Command Center (CCC) cves: cve-2021-4104: investigated: false @@ -905,7 +905,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: ProtectServer HSMs + product: Data Protection on Demand cves: cve-2021-4104: investigated: false @@ -934,7 +934,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: SafeNet Authentication Client + product: Data Security Manager (DSM) cves: cve-2021-4104: investigated: false @@ -963,7 +963,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: SafeNet IDPrime Virtual + product: KeySecure cves: cve-2021-4104: investigated: false @@ -992,7 +992,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: SafeNet eToken (all products) + product: Luna EFT cves: cve-2021-4104: investigated: false @@ -1021,7 +1021,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: SafeNet IDPrime(all products) + product: Luna Network, PCIe, Luna USB HSM and backup devices cves: cve-2021-4104: investigated: false @@ -1050,7 +1050,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: SafeNet LUKS + product: Luna SP cves: cve-2021-4104: investigated: false @@ -1079,7 +1079,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: SafeNet ProtectApp (PA) CAPI, .Net & Net Core + product: payShield Monitor cves: cve-2021-4104: investigated: false @@ -1108,7 +1108,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: SafeNet ProtectDB (PDB) + product: ProtectServer HSMs cves: cve-2021-4104: investigated: false @@ -1137,7 +1137,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: SafeNet ProtectV + product: SafeNet Authentication Client cves: cve-2021-4104: investigated: false @@ -1166,7 +1166,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: Safenet ProtectFile and ProtectFile- Fuse + product: SafeNet eToken (all products) cves: cve-2021-4104: investigated: false @@ -1195,7 +1195,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: SafeNet Transform Utility (TU) + product: SafeNet IDPrime Virtual cves: cve-2021-4104: investigated: false @@ -1224,7 +1224,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: SafeNet Trusted Access (STA) + product: SafeNet IDPrime(all products) cves: cve-2021-4104: investigated: false @@ -1253,7 +1253,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: SafeNet PKCS#11 and TDE + product: SafeNet LUKS cves: cve-2021-4104: investigated: false @@ -1282,7 +1282,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: SafeNet SQL EKM + product: SafeNet PKCS#11 and TDE cves: cve-2021-4104: investigated: false @@ -1311,7 +1311,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: SAS on Prem (SPE/PCE) + product: SafeNet ProtectApp (PA) CAPI, .Net & Net Core cves: cve-2021-4104: investigated: false @@ -1340,7 +1340,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: Sentinel EMS Enterprise OnPremise + product: SafeNet ProtectDB (PDB) cves: cve-2021-4104: investigated: false @@ -1369,7 +1369,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: Sentinel ESDaaS + product: Safenet ProtectFile and ProtectFile- Fuse cves: cve-2021-4104: investigated: false @@ -1398,7 +1398,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: Sentinel Up + product: SafeNet ProtectV cves: cve-2021-4104: investigated: false @@ -1427,7 +1427,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: Sentinel RMS + product: SafeNet SQL EKM cves: cve-2021-4104: investigated: false @@ -1456,7 +1456,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: Sentinel Connect + product: SafeNet Transform Utility (TU) cves: cve-2021-4104: investigated: false @@ -1485,7 +1485,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: Sentinel Superdog, SuperPro, UltraPro, SHK + product: SafeNet Trusted Access (STA) cves: cve-2021-4104: investigated: false @@ -1514,7 +1514,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: Sentinel HASP, Legacy dog, Maze, Hardlock + product: SafeNet Vaultless Tokenization cves: cve-2021-4104: investigated: false @@ -1543,7 +1543,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: Sentinel Envelope + product: SAS on Prem (SPE/PCE) cves: cve-2021-4104: investigated: false @@ -1572,7 +1572,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: Thales payShield 9000 + product: Sentinel Connect cves: cve-2021-4104: investigated: false @@ -1601,7 +1601,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: Thales payShield 10k + product: Sentinel EMS Enterprise aaS cves: cve-2021-4104: investigated: false @@ -1630,7 +1630,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: Thales payShield Manager + product: Sentinel EMS Enterprise OnPremise cves: cve-2021-4104: investigated: false @@ -1659,7 +1659,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: Vormetirc Key Manager (VKM) + product: Sentinel Envelope cves: cve-2021-4104: investigated: false @@ -1688,7 +1688,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: Vormetric Application Encryption (VAE) + product: Sentinel ESDaaS cves: cve-2021-4104: investigated: false @@ -1717,7 +1717,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: Vormetric Protection for Terradata Database (VPTD) + product: Sentinel HASP, Legacy dog, Maze, Hardlock cves: cve-2021-4104: investigated: false @@ -1746,7 +1746,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: Vormetric Tokenization Server (VTS) + product: Sentinel LDK EMS (LDK-EMS) cves: cve-2021-4104: investigated: false @@ -1775,7 +1775,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: payShield Monitor + product: Sentinel LDKaas (LDK-EMS) cves: cve-2021-4104: investigated: false @@ -1804,7 +1804,8 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: CADP/SafeNet Protect App (PA) - JCE + product: Sentinel Professional Services components (both Thales hosted & hosted + on-premises by customers) cves: cve-2021-4104: investigated: false @@ -1833,7 +1834,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: CipherTrust Batch Data Transformation (BDT) 2.3 + product: Sentinel RMS cves: cve-2021-4104: investigated: false @@ -1862,7 +1863,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: CipherTrust Cloud Key Manager (CCKM) Appliance + product: Sentinel SCL cves: cve-2021-4104: investigated: false @@ -1891,7 +1892,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: CipherTrust Vaulted Tokenization (CT-V) / SafeNet Tokenization Manager + product: Sentinel Superdog, SuperPro, UltraPro, SHK cves: cve-2021-4104: investigated: false @@ -1920,7 +1921,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: CipherTrust/SafeNet PDBCTL + product: Sentinel Up cves: cve-2021-4104: investigated: false @@ -1949,7 +1950,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: Crypto Command Center (CCC) + product: Thales Data Platform (TDP)(DDC) cves: cve-2021-4104: investigated: false @@ -1978,7 +1979,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: SafeNet Vaultless Tokenization + product: Thales payShield 10k cves: cve-2021-4104: investigated: false @@ -2007,7 +2008,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: Sentinel LDK EMS (LDK-EMS) + product: Thales payShield 9000 cves: cve-2021-4104: investigated: false @@ -2036,7 +2037,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: Sentinel LDKaas (LDK-EMS) + product: Thales payShield Manager cves: cve-2021-4104: investigated: false @@ -2065,7 +2066,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: Sentinel EMS Enterprise aaS + product: Vormetirc Key Manager (VKM) cves: cve-2021-4104: investigated: false @@ -2094,8 +2095,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: Sentinel Professional Services components (both Thales hosted & hosted - on-premises by customers) + product: Vormetric Application Encryption (VAE) cves: cve-2021-4104: investigated: false @@ -2124,7 +2124,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: Sentinel SCL + product: Vormetric Protection for Terradata Database (VPTD) cves: cve-2021-4104: investigated: false @@ -2153,7 +2153,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: Thales Data Platform (TDP)(DDC) + product: Vormetric Tokenization Server (VTS) cves: cve-2021-4104: investigated: false @@ -2181,8 +2181,8 @@ software: references: - '' last_updated: '2021-12-17T00:00:00' - - vendor: Thermo-Calc - product: Thermo-Calc + - vendor: Thermo Fisher Scientific + product: '' cves: cve-2021-4104: investigated: false @@ -2190,11 +2190,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - 2022a + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2206,8 +2205,8 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://thermocalc.com/blog/thermo-calc-response-to-apache-log4j-2-vulnerability/ - notes: Use the program as normal, Install the 2022a patch when available + - https://corporate.thermofisher.com/us/en/index/about/information-security/Protecting-Our-Products.html + notes: '' references: - '' last_updated: '2021-12-22T00:00:00' @@ -2224,7 +2223,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 2021b + - 2022a cve-2021-45046: investigated: false affected_versions: [] @@ -2237,7 +2236,7 @@ software: unaffected_versions: [] vendor_links: - https://thermocalc.com/blog/thermo-calc-response-to-apache-log4j-2-vulnerability/ - notes: Use the program as normal + notes: Use the program as normal, Install the 2022a patch when available references: - '' last_updated: '2021-12-22T00:00:00' @@ -2254,7 +2253,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 2018b to 2021a + - 2021b cve-2021-45046: investigated: false affected_versions: [] @@ -2267,8 +2266,7 @@ software: unaffected_versions: [] vendor_links: - https://thermocalc.com/blog/thermo-calc-response-to-apache-log4j-2-vulnerability/ - notes: Use the program as normal, delete the Log4j 2 files in the program installation - if required, see advisory for instructions. + notes: Use the program as normal references: - '' last_updated: '2021-12-22T00:00:00' @@ -2285,7 +2283,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 2018a and earlier + - 2018b to 2021a cve-2021-45046: investigated: false affected_versions: [] @@ -2298,12 +2296,13 @@ software: unaffected_versions: [] vendor_links: - https://thermocalc.com/blog/thermo-calc-response-to-apache-log4j-2-vulnerability/ - notes: Use the program as normal + notes: Use the program as normal, delete the Log4j 2 files in the program installation + if required, see advisory for instructions. references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Thermo Fisher Scientific - product: '' + - vendor: Thermo-Calc + product: Thermo-Calc cves: cve-2021-4104: investigated: false @@ -2311,10 +2310,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 2018a and earlier cve-2021-45046: investigated: false affected_versions: [] @@ -2326,8 +2326,8 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://corporate.thermofisher.com/us/en/index/about/information-security/Protecting-Our-Products.html - notes: '' + - https://thermocalc.com/blog/thermo-calc-response-to-apache-log4j-2-vulnerability/ + notes: Use the program as normal references: - '' last_updated: '2021-12-22T00:00:00' @@ -2393,7 +2393,7 @@ software: - '' last_updated: '2022-01-12T07:18:56+00:00' - vendor: ThycoticCentrify - product: Secret Server + product: Account Lifecycle Manager cves: cve-2021-4104: investigated: false @@ -2423,7 +2423,7 @@ software: - '' last_updated: '2021-12-10T00:00:00' - vendor: ThycoticCentrify - product: Privilege Manager + product: Cloud Suite cves: cve-2021-4104: investigated: false @@ -2453,7 +2453,7 @@ software: - '' last_updated: '2021-12-10T00:00:00' - vendor: ThycoticCentrify - product: Account Lifecycle Manager + product: Connection Manager cves: cve-2021-4104: investigated: false @@ -2483,7 +2483,7 @@ software: - '' last_updated: '2021-12-10T00:00:00' - vendor: ThycoticCentrify - product: Privileged Behavior Analytics + product: DevOps Secrets Vault cves: cve-2021-4104: investigated: false @@ -2513,7 +2513,7 @@ software: - '' last_updated: '2021-12-10T00:00:00' - vendor: ThycoticCentrify - product: DevOps Secrets Vault + product: Password Reset Server cves: cve-2021-4104: investigated: false @@ -2543,7 +2543,7 @@ software: - '' last_updated: '2021-12-10T00:00:00' - vendor: ThycoticCentrify - product: Connection Manager + product: Privilege Manager cves: cve-2021-4104: investigated: false @@ -2573,7 +2573,7 @@ software: - '' last_updated: '2021-12-10T00:00:00' - vendor: ThycoticCentrify - product: Password Reset Server + product: Privileged Behavior Analytics cves: cve-2021-4104: investigated: false @@ -2603,7 +2603,7 @@ software: - '' last_updated: '2021-12-10T00:00:00' - vendor: ThycoticCentrify - product: Cloud Suite + product: Secret Server cves: cve-2021-4104: investigated: false @@ -2952,13 +2952,13 @@ software: unaffected_versions: [] vendor_links: - https://docs.niagara-community.com/bundle/TechBulletin2021/resource/Dec_13_2021_NiagaraNotExposed_Apache_log4j.pdf - notes: Document access requires authentication. CISA is not able to validate vulnerability status. + notes: Document access requires authentication. CISA is not able to validate vulnerability + status. references: - '' last_updated: '2022-01-19T00:00:00' - - vendor: Tripp Lite - product: LX Platform devices (includes WEBCARDLX, WEBCARDLXMINI, SRCOOLNETLX, - SRCOOLNET2LX and devices with pre-installed or embedded WEBCARDLX interfaces) + - vendor: Trimble + product: eCognition cves: cve-2021-4104: investigated: false @@ -2966,8 +2966,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 10.2.0 Build 4618 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -2980,15 +2981,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf - notes: '' + vendor_links: [] + notes: Remediation steps provided by Trimble references: - '' - last_updated: '2022-01-04T00:00:00' + last_updated: '2021-12-23T00:00:00' - vendor: Tripp Lite - product: SNMPWEBCARD, SRCOOLNET, SRCOOLNET2 and devices with pre-installed or - embedded SNMPWEBCARD + product: LX Platform devices (includes WEBCARDLX, WEBCARDLXMINI, SRCOOLNETLX, + SRCOOLNET2LX and devices with pre-installed or embedded WEBCARDLX interfaces) cves: cve-2021-4104: investigated: false @@ -3047,7 +3047,7 @@ software: - '' last_updated: '2022-01-04T00:00:00' - vendor: Tripp Lite - product: PowerAlert Network Shutdown Agent (PANSA) + product: PowerAlert Network Management System (PANMS) cves: cve-2021-4104: investigated: false @@ -3071,13 +3071,13 @@ software: unaffected_versions: [] vendor_links: - https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf - notes: Some versions of PANSA use log4j v1 which is NOT AFFECTED by the CVE-2021-44228 + notes: Some versions of PAL use log4j v1 which is NOT AFFECTED by the CVE-2021-44228 vulnerability. references: - '' last_updated: '2022-01-04T00:00:00' - vendor: Tripp Lite - product: PowerAlert Network Management System (PANMS) + product: PowerAlert Network Shutdown Agent (PANSA) cves: cve-2021-4104: investigated: false @@ -3101,13 +3101,13 @@ software: unaffected_versions: [] vendor_links: - https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf - notes: Some versions of PAL use log4j v1 which is NOT AFFECTED by the CVE-2021-44228 + notes: Some versions of PANSA use log4j v1 which is NOT AFFECTED by the CVE-2021-44228 vulnerability. references: - '' last_updated: '2022-01-04T00:00:00' - vendor: Tripp Lite - product: TLNETCARD and associated software + product: PowerAlertElement Manager (PAEM) cves: cve-2021-4104: investigated: false @@ -3115,8 +3115,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 1.0.0 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -3131,12 +3132,14 @@ software: unaffected_versions: [] vendor_links: - https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf - notes: '' + notes: Tripp Lite will soon be issuing a patch in the form of PAEM 1.0.1 which + will contain a patched version of Log4j2 references: - '' last_updated: '2022-01-04T00:00:00' - vendor: Tripp Lite - product: PowerAlertElement Manager (PAEM) + product: SNMPWEBCARD, SRCOOLNET, SRCOOLNET2 and devices with pre-installed or + embedded SNMPWEBCARD cves: cve-2021-4104: investigated: false @@ -3144,9 +3147,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 1.0.0 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -3161,13 +3163,12 @@ software: unaffected_versions: [] vendor_links: - https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf - notes: Tripp Lite will soon be issuing a patch in the form of PAEM 1.0.1 which - will contain a patched version of Log4j2 + notes: '' references: - '' last_updated: '2022-01-04T00:00:00' - - vendor: Tripwire - product: '' + - vendor: Tripp Lite + product: TLNETCARD and associated software cves: cve-2021-4104: investigated: false @@ -3190,13 +3191,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.tripwire.com/log4j + - https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' - - vendor: Trimble - product: eCognition + last_updated: '2022-01-04T00:00:00' + - vendor: Tripwire + product: '' cves: cve-2021-4104: investigated: false @@ -3204,9 +3205,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 10.2.0 Build 4618 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -3219,11 +3219,12 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] - notes: Remediation steps provided by Trimble + vendor_links: + - https://www.tripwire.com/log4j + notes: '' references: - '' - last_updated: '2021-12-23T00:00:00' + last_updated: '2022-01-12T07:18:56+00:00' - vendor: TrueNAS product: '' cves: diff --git a/data/cisagov_U.yml b/data/cisagov_U.yml index 7240ee1..0ce28f2 100644 --- a/data/cisagov_U.yml +++ b/data/cisagov_U.yml @@ -94,8 +94,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:56+00:00' - - vendor: Umbraco - product: '' + - vendor: UiPath + product: InSights cves: cve-2021-4104: investigated: false @@ -103,8 +103,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '20.10' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -118,12 +119,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://umbraco.com/blog/security-advisory-december-15-2021-umbraco-cms-and-cloud-not-affected-by-cve-2021-44228-log4j-rce-0-day-mitigation/ + - https://www.uipath.com/legal/trust-and-security/cve-2021-44228 notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' - - vendor: UniFlow + last_updated: '2021-12-15T00:00:00' + - vendor: Umbraco product: '' cves: cve-2021-4104: @@ -147,12 +148,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.uniflow.global/en/security/security-and-maintenance/ + - https://umbraco.com/blog/security-advisory-december-15-2021-umbraco-cms-and-cloud-not-affected-by-cve-2021-44228-log4j-rce-0-day-mitigation/ notes: '' references: - '' last_updated: '2022-01-12T07:18:56+00:00' - - vendor: Unify ATOS + - vendor: UniFlow product: '' cves: cve-2021-4104: @@ -176,12 +177,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://networks.unify.com/security/advisories/OBSO-2112-01.pdf + - https://www.uniflow.global/en/security/security-and-maintenance/ notes: '' references: - '' last_updated: '2022-01-12T07:18:56+00:00' - - vendor: Unimus + - vendor: Unify ATOS product: '' cves: cve-2021-4104: @@ -205,13 +206,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forum.unimus.net/viewtopic.php?f=7&t=1390#top + - https://networks.unify.com/security/advisories/OBSO-2112-01.pdf notes: '' references: - '' last_updated: '2022-01-12T07:18:56+00:00' - - vendor: UiPath - product: InSights + - vendor: Unimus + product: '' cves: cve-2021-4104: investigated: false @@ -219,9 +220,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - '20.10' + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -235,11 +235,11 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.uipath.com/legal/trust-and-security/cve-2021-44228 + - https://forum.unimus.net/viewtopic.php?f=7&t=1390#top notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-12T07:18:56+00:00' - vendor: USSIGNAL MSP product: '' cves: diff --git a/data/cisagov_V.yml b/data/cisagov_V.yml index 4d2e58d..9594d23 100644 --- a/data/cisagov_V.yml +++ b/data/cisagov_V.yml @@ -4,35 +4,6 @@ owners: - name: cisagov url: https://github.com/cisagov/log4j-affected-db software: - - vendor: VArmour - product: '' - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://support.varmour.com/hc/en-us/articles/4416396248717-Log4j2-Emergency-Configuration-Change-for-Critical-Auth-Free-Code-Execution-in-Logging-Utility - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:56+00:00' - vendor: Varian product: Acuity cves: @@ -64,7 +35,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Varian - product: DITC + product: ARIA Connect (Cloverleaf) cves: cve-2021-4104: investigated: false @@ -72,11 +43,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: - - All + investigated: true + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -94,7 +65,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Varian - product: ARIA Connect (Cloverleaf) + product: ARIA eDOC cves: cve-2021-4104: investigated: false @@ -154,7 +125,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Varian - product: XMediusFax for ARIA oncology information system for Medical Oncology + product: ARIA oncology information system for Radiation Oncology cves: cve-2021-4104: investigated: false @@ -162,11 +133,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: - - All + investigated: true + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -184,7 +155,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Varian - product: ARIA oncology information system for Radiation Oncology + product: ARIA Radiation Therapy Management System (RTM) cves: cve-2021-4104: investigated: false @@ -214,7 +185,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Varian - product: ARIA eDOC + product: Bravos Console cves: cve-2021-4104: investigated: false @@ -244,7 +215,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Varian - product: XMediusFax for ARIA oncology information system for Radiation Oncology + product: Clinac cves: cve-2021-4104: investigated: false @@ -274,37 +245,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Varian - product: ARIA Radiation Therapy Management System (RTM) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities - notes: '' - references: - - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: Bravos Console + product: Cloud Planner cves: cve-2021-4104: investigated: false @@ -334,7 +275,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Varian - product: Clinac + product: DITC cves: cve-2021-4104: investigated: false @@ -364,7 +305,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Varian - product: Cloud Planner + product: DoseLab cves: cve-2021-4104: investigated: false @@ -394,7 +335,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Varian - product: DoseLab + product: Eclipse treatment planning software cves: cve-2021-4104: investigated: false @@ -424,7 +365,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Varian - product: Eclipse treatment planning software + product: ePeerReview cves: cve-2021-4104: investigated: false @@ -432,11 +373,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: + investigated: false + affected_versions: - All + fixed_versions: [] + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -454,7 +395,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Varian - product: ePeerReview + product: Ethos cves: cve-2021-4104: investigated: false @@ -462,11 +403,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: - - All + investigated: true + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -484,7 +425,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Varian - product: Ethos + product: FullScale oncology IT solutions cves: cve-2021-4104: investigated: false @@ -492,11 +433,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: + investigated: false + affected_versions: - All + fixed_versions: [] + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -514,7 +455,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Varian - product: FullScale oncology IT solutions + product: Halcyon system cves: cve-2021-4104: investigated: false @@ -544,7 +485,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Varian - product: Halcyon system + product: ICAP cves: cve-2021-4104: investigated: false @@ -552,11 +493,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: - - All + investigated: true + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -694,7 +635,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Varian - product: ICAP + product: Mobius3D platform cves: cve-2021-4104: investigated: false @@ -724,7 +665,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Varian - product: Mobius3D platform + product: PaaS cves: cve-2021-4104: investigated: false @@ -934,7 +875,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Varian - product: PaaS + product: TrueBeam radiotherapy system cves: cve-2021-4104: investigated: false @@ -964,7 +905,37 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Varian - product: TrueBeam radiotherapy system + product: UNIQUE system + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: + - All + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + notes: '' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: Varian Authentication and Identity Server (VAIS) cves: cve-2021-4104: investigated: false @@ -994,7 +965,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Varian - product: UNIQUE system + product: Varian Managed Services Cloud cves: cve-2021-4104: investigated: false @@ -1024,7 +995,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Varian - product: Varian Authentication and Identity Server (VAIS) + product: Varian Mobile App cves: cve-2021-4104: investigated: false @@ -1036,7 +1007,8 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '2.0' + - '2.5' cve-2021-45046: investigated: false affected_versions: [] @@ -1054,7 +1026,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Varian - product: Varian Managed Services Cloud + product: VariSeed cves: cve-2021-4104: investigated: false @@ -1062,11 +1034,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: - - All + investigated: true + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1084,7 +1056,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Varian - product: Varian Mobile App + product: Velocity cves: cve-2021-4104: investigated: false @@ -1096,8 +1068,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '2.0' - - '2.5' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1115,7 +1086,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Varian - product: VariSeed + product: VitalBeam radiotherapy system cves: cve-2021-4104: investigated: false @@ -1145,7 +1116,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Varian - product: Velocity + product: Vitesse cves: cve-2021-4104: investigated: false @@ -1175,7 +1146,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Varian - product: VitalBeam radiotherapy system + product: XMediusFax for ARIA oncology information system for Medical Oncology cves: cve-2021-4104: investigated: false @@ -1183,11 +1154,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: + investigated: false + affected_versions: - All + fixed_versions: [] + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1205,7 +1176,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Varian - product: Vitesse + product: XMediusFax for ARIA oncology information system for Radiation Oncology cves: cve-2021-4104: investigated: false @@ -1213,11 +1184,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: + investigated: false + affected_versions: - All + fixed_versions: [] + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1234,6 +1205,35 @@ software: references: - '' last_updated: '2021-12-22T00:00:00' + - vendor: VArmour + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.varmour.com/hc/en-us/articles/4416396248717-Log4j2-Emergency-Configuration-Change-for-Critical-Auth-Free-Code-Execution-in-Logging-Utility + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:56+00:00' - vendor: Varnish Software product: '' cves: @@ -1421,7 +1421,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -1678,6 +1678,71 @@ software: references: - '' last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: vCenter Server - OVA + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 7.x + - 6.7.x + - 6.5.x + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + notes: '[Workaround @ KB87081 (vmware.com)](https://kb.vmware.com/s/article/87081 + )' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: VMware + product: vCenter Server - Windows + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 6.7.x + - 6.5.x + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + notes: '[Workaround @ KB87096 (vmware.com)](https://kb.vmware.com/s/article/87096 + )' + references: + - '' + last_updated: '2021-12-17T00:00:00' - vendor: VMware product: VMware Carbon Black Cloud Workload Appliance cves: @@ -2291,71 +2356,6 @@ software: references: - '' last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: vCenter Server - OVA - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: - - 7.x - - 6.7.x - - 6.5.x - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html - notes: '[Workaround @ KB87081 (vmware.com)](https://kb.vmware.com/s/article/87081 - )' - references: - - '' - last_updated: '2021-12-17T00:00:00' - - vendor: VMware - product: vCenter Server - Windows - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: - - 6.7.x - - 6.5.x - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html - notes: '[Workaround @ KB87096 (vmware.com)](https://kb.vmware.com/s/article/87096 - )' - references: - - '' - last_updated: '2021-12-17T00:00:00' - vendor: VMware product: VMware vRealize Automation cves: @@ -2614,7 +2614,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] diff --git a/data/cisagov_W.yml b/data/cisagov_W.yml index f8b1dae..b1651d2 100644 --- a/data/cisagov_W.yml +++ b/data/cisagov_W.yml @@ -151,7 +151,7 @@ software: - '' last_updated: '2022-01-12T07:18:56+00:00' - vendor: WIBU Systems - product: CodeMeter Keyring for TIA Portal + product: CodeMeter Cloud Lite cves: cve-2021-4104: investigated: false @@ -161,7 +161,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 1.30 and prior + - 2.2 and prior fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -176,12 +176,12 @@ software: unaffected_versions: [] vendor_links: - https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-211213-01.pdf - notes: Only the Password Manager is affected + notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - vendor: WIBU Systems - product: CodeMeter Cloud Lite + product: CodeMeter Keyring for TIA Portal cves: cve-2021-4104: investigated: false @@ -191,7 +191,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 2.2 and prior + - 1.30 and prior fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -206,7 +206,7 @@ software: unaffected_versions: [] vendor_links: - https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-211213-01.pdf - notes: '' + notes: Only the Password Manager is affected references: - '' last_updated: '2021-12-22T00:00:00' diff --git a/data/cisagov_X.yml b/data/cisagov_X.yml index 1235c42..e2f18a2 100644 --- a/data/cisagov_X.yml +++ b/data/cisagov_X.yml @@ -237,7 +237,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Xylem - product: Sensus Analytics + product: Configuration change complete cves: cve-2021-4104: investigated: false @@ -266,7 +266,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Xylem - product: Sensus Automation Control Configuration change complete + product: Sensus Analytics cves: cve-2021-4104: investigated: false @@ -295,7 +295,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Xylem - product: Sensus Cathodic Protection Mitigation in process Mitigation in process + product: Sensus Automation Control Configuration change complete cves: cve-2021-4104: investigated: false @@ -324,7 +324,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Xylem - product: Sensus FieldLogic LogServer + product: Sensus Cathodic Protection Mitigation in process Mitigation in process cves: cve-2021-4104: investigated: false @@ -353,7 +353,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Xylem - product: Sensus Lighting Control + product: Sensus FieldLogic LogServer cves: cve-2021-4104: investigated: false @@ -382,7 +382,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Xylem - product: Sensus NetMetrics Configuration change complete + product: Sensus Lighting Control cves: cve-2021-4104: investigated: false @@ -411,7 +411,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Xylem - product: Sensus RNI Saas + product: Sensus NetMetrics Configuration change complete cves: cve-2021-4104: investigated: false @@ -419,11 +419,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 4.7 through 4.10 - - 4.4 through 4.6 - - '4.2' + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -475,7 +472,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Xylem - product: Sensus SCS + product: Sensus RNI Saas cves: cve-2021-4104: investigated: false @@ -483,8 +480,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 4.7 through 4.10 + - 4.4 through 4.6 + - '4.2' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -504,7 +504,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Xylem - product: Smart Irrigation + product: Sensus SCS cves: cve-2021-4104: investigated: false @@ -533,7 +533,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Xylem - product: Water Loss Management (Visenti) + product: Smart Irrigation cves: cve-2021-4104: investigated: false @@ -562,7 +562,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Xylem - product: Configuration change complete + product: Water Loss Management (Visenti) cves: cve-2021-4104: investigated: false