r3pek
/
log4j-affected-db
mirror of https://github.com/cisagov/log4j-affected-db
1
0
Fork 0
Code Releases Activity

Merge branch 'develop' into master

Browse Source
pull/463/head
justmurphy 2 years ago committed by GitHub
parent 43603ca4f8 1b09d6cac2
commit 22f140ff44
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
30 changed files with 18033 additions and 6127 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 8
      .github/workflows/update_software_list.yml
  2. 230
      SOFTWARE-LIST.md
  3. 2
      config/requirements.txt
  4. 10757
      data/cisagov.yml
  5. 498
      data/cisagov_A.yml
  6. 132
      data/cisagov_B.yml
  7. 724
      data/cisagov_C.yml
  8. 1338
      data/cisagov_D.yml
  9. 286
      data/cisagov_E.yml
  10. 184
      data/cisagov_F.yml
  11. 193
      data/cisagov_G.yml
  12. 986
      data/cisagov_H.yml
  13. 476
      data/cisagov_I.yml
  14. 260
      data/cisagov_J.yml
  15. 22
      data/cisagov_K.yml
  16. 64
      data/cisagov_L.yml
  17. 280
      data/cisagov_M.yml
  18. 70
      data/cisagov_N.yml
  19. 82
      data/cisagov_O.yml
  20. 2748
      data/cisagov_P.yml
  21. 38
      data/cisagov_Q.yml
  22. 2857
      data/cisagov_R.yml
  23. 764
      data/cisagov_S.yml
  24. 339
      data/cisagov_T.yml
  25. 50
      data/cisagov_U.yml
  26. 396
      data/cisagov_V.yml
  27. 300
      data/cisagov_W.yml
  28. 48
      data/cisagov_X.yml
  29. 6
      data/cisagov_Y.yml
  30. 22
      data/cisagov_Z.yml

8
.github/workflows/update_software_list.yml
Unescape View File

@ -68,6 +68,12 @@ jobs:
run: pip install --upgrade --requirement config/requirements.txt
- name: Create the branch for test validation
run: git switch --create ${{ needs.setup.outputs.testing_branch }}
- name: Normalize individual cisagov_*.yml files
run: |
for file in data/cisagov_*yml; do \
normalize-yml --cisagov-format "$file" > "$file".tmp; \
mv --force "$file".tmp "$file"; \
done
- name: Update the comprehensive cisagov YAML file
run: normalize-yml --cisagov-format data/cisagov_*.yml > data/cisagov.yml
- name: Generate a normalized YAML file from all source YAML files
@ -84,7 +90,7 @@ jobs:
commit_user_name: ${{ needs.setup.outputs.git_user }}
commit_user_email: ${{ needs.setup.outputs.git_email }}
commit_author: ${{ needs.setup.outputs.git_author }}
file_pattern: SOFTWARE-LIST.md data/cisagov.yml
file_pattern: SOFTWARE-LIST.md data/cisagov*.yml
merge_list_update:
runs-on: ubuntu-latest
needs:

230
SOFTWARE-LIST.md
Unescape View File

@ -231,10 +231,10 @@ NOTE: This file is automatically generated. To submit updates, please refer to
| Beijer Electronics | WARP Engineering Studio | | | Unknown | [link](https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 |
| Bender | | | | Unknown | [link](https://www.bender.de/en/cert) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Best Practical Request Tracker (RT) and Request Tracker for Incident Response (RTIR) | | | | Unknown | [link](https://bestpractical.com/blog/2021/12/request-tracker-rt-and-request-tracker-for-incident-response-rtir-do-not-use-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| BeyondTrust Bomgar | | | | Unknown | [link](https://beyondtrustcorp.service-now.com/kb_view.do?sysparm_article=KB0016542) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| BeyondTrust | Privilege Management Cloud | | Unknown | Fixed | [link](https://www.beyondtrust.com/blog/entry/security-advisory-apache-log4j2-cve-2021-44228-log4shell) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 |
| BeyondTrust | Privilege Management Reporting in BeyondInsight | | 21.2 | Fixed | [link](https://www.beyondtrust.com/blog/entry/security-advisory-apache-log4j2-cve-2021-44228-log4shell) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 |
| BeyondTrust | Secure Remote Access appliances | | | Not Affected | [link](https://www.beyondtrust.com/blog/entry/security-advisory-apache-log4j2-cve-2021-44228-log4shell) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 |
| BeyondTrust Bomgar | | | | Unknown | [link](https://beyondtrustcorp.service-now.com/kb_view.do?sysparm_article=KB0016542) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| BioMerieux | | | | Unknown | [link](https://www.biomerieux.com/en/cybersecurity-data-privacy) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 |
| BisectHosting | | | | Unknown | [link](https://www.bisecthosting.com/clients/index.php?rp=/knowledgebase/205/Java-Log4j-Vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| BitDefender | | | | Unknown | [link](https://businessinsights.bitdefender.com/security-advisory-bitdefender-response-to-critical-0-day-apache-log4j2-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
@ -949,8 +949,8 @@ NOTE: This file is automatically generated. To submit updates, please refer to
| Elastic | Kibana | | | Unknown | [link](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 |
| Elastic | Logstash | <6.8.21, <7.16.1 | | Affected | [link](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 |
| Elastic | Machine Learning | | | Unknown | [link](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 |
| ElasticSearch | all products | | | Unknown | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Elastic | Swiftype | | | Unknown | [link](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 |
| ElasticSearch | all products | | | Unknown | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Ellucian | Admin | | | Unknown | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 |
| Ellucian | Banner Analytics | | | Unknown | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 |
| Ellucian | Banner Document Management (includes Banner Document Retention) | | | Unknown | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 |
@ -1180,6 +1180,7 @@ NOTE: This file is automatically generated. To submit updates, please refer to
| GoAnywhere | MFT | < 6.8.6 | | Affected | [link](https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-18 |
| GoAnywhere | MFT Agents | < 1.6.5 | | Affected | [link](https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-18 |
| GoCD | | | | Unknown | [link](https://www.gocd.org/2021/12/14/log4j-vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Google | Chrome | | | Not Affected | [link](https://security.googleblog.com/2021/12/apache-log4j-vulnerability.html) | Chrome Browser releases, infrastructure and admin console are not using versions of Log4j affected by the vulnerability. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-14 |
| Google Cloud | Access Transparency | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 |
| Google Cloud | Actifio | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Actifio has identified limited exposure to the Log4j 2 vulnerability and has released a hotfix to address this vulnerability. Visit [https://now.actifio.com](https://now.actifio.com) for the full statement and to obtain the hotfix (available to Actifio customers only). | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 |
| Google Cloud | AI Platform Data Labeling | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 |
@ -1309,14 +1310,12 @@ NOTE: This file is automatically generated. To submit updates, please refer to
| Google Cloud | Virtual Private Cloud | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 |
| Google Cloud | Web Security Scanner | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 |
| Google Cloud | Workflows | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 |
| Google | Chrome | | | Not Affected | [link](https://security.googleblog.com/2021/12/apache-log4j-vulnerability.html) | Chrome Browser releases, infrastructure and admin console are not using versions of Log4j affected by the vulnerability. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-14 |
| Gradle | Gradle | | | Unknown | [link](https://blog.gradle.org/log4j-vulnerability) | Gradle Scala Compiler Plugin depends upon log4j-core but it is not used. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Gradle | Gradle Enterprise | < 2021.3.6 | | Affected | [link](https://security.gradle.com/advisory/2021-11) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Gradle | Gradle Enterprise Build Cache Node | < 10.1 | | Affected | [link](https://security.gradle.com/advisory/2021-11) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Gradle | Gradle Enterprise Test Distribution Agent | < 1.6.2 | | Affected | [link](https://security.gradle.com/advisory/2021-11) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Grafana | | | | Unknown | [link](https://grafana.com/blog/2021/12/14/grafana-labs-core-products-not-impacted-by-log4j-cve-2021-44228-and-related-vulnerabilities/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Grandstream | | | | Unknown | [link](https://blog.grandstream.com/press-releases/grandstream-products-unaffected-by-log4j-vulnerability?hsLang=en) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Gravitee.io | | | | Unknown | [link](https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Gravitee | Access Management | | | Not Affected | [link](https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Gravitee | Access Management | | | Not Affected | [link](https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Gravitee | Alert Engine | | | Not Affected | [link](https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
@ -1324,6 +1323,7 @@ NOTE: This file is automatically generated. To submit updates, please refer to
| Gravitee | API Management | | | Not Affected | [link](https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Gravitee | API Management | | | Not Affected | [link](https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Gravitee | Cockpit | | | Not Affected | [link](https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Gravitee.io | | | | Unknown | [link](https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Gravwell | | | | Unknown | [link](https://www.gravwell.io/blog/cve-2021-44228-log4j-does-not-impact-gravwell-products) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Graylog | Graylog Server | All versions >= 1.2.0 and <= 4.2.2 | | Affected | [link](https://www.graylog.org/post/graylog-update-for-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| GreenShot | | | | Unknown | [link](https://greenshot.atlassian.net/browse/BUG-2871) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
@ -1396,7 +1396,11 @@ NOTE: This file is automatically generated. To submit updates, please refer to
| HOLOGIC | Unifi Workspace | | | Unknown | [link](https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity) | While the Hologic software itself does not utilize Java/Log4J, the installed APC PowerChute UPS with Business Edition v9.5 software installed may. APC is still assessing its PowerChute software to determine if it is vulnerable. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 |
| HOLOGIC | Windows Selenia Mammography System | | | Unknown | [link](https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 |
| Honeywell | | | | Unknown | [link](https://www.honeywell.com/us/en/press/2021/12/honeywells-statement-on-java-apache-log4j-logging-framework-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| HPE/Micro Focus | Data Protector | | 9.09 | Fixed | [link](https://portal.microfocus.com/s/article/KM000003243) | | [https://portal.microfocus.com/s/article/KM000003050](https://portal.microfocus.com/s/article/KM000003050) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 |
| HP | Teradici Cloud Access Controller | | < v113 | Fixed | [link](https://support.hp.com/us-en/document/ish_5268006-5268030-16) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 |
| HP | Teradici EMSDK | | < 1.0.6 | Fixed | [link](https://support.hp.com/us-en/document/ish_5268006-5268030-16) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 |
| HP | Teradici Management Console | | < 21.10.3 | Fixed | [link](https://support.hp.com/us-en/document/ish_5268006-5268030-16) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 |
| HP | Teradici PCoIP Connection Manager | | < 21.03.6, < 20.07.4 | Fixed | [link](https://support.hp.com/us-en/document/ish_5268006-5268030-16) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 |
| HP | Teradici PCoIP License Server | | | Unknown | [link](https://support.hp.com/us-en/document/ish_5268006-5268030-16) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 |
| HPE | 3PAR StoreServ Arrays | | | Unknown | [link](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) | Support Communication Cross Reference ID: SIK7387 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 |
| HPE | AirWave Management Platform | | | Unknown | [link](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) | Support Communication Cross Reference ID: SIK7387 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 |
| HPE | Alletra 6000 | | | Unknown | [link](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) | Support Communication Cross Reference ID: SIK7387 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 |
@ -1508,7 +1512,7 @@ NOTE: This file is automatically generated. To submit updates, please refer to
| HPE | OfficeConnect | | | Unknown | [link](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) | Support Communication Cross Reference ID: SIK7387 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 |
| HPE | Primera Storage | | | Unknown | [link](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) | Support Communication Cross Reference ID: SIK7387 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 |
| HPE | RepoServer part of OPA (on Premises aggregator) | | | Unknown | [link](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) | Support Communication Cross Reference ID: SIK7387 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 |
| HPE | Resource Aggregator for Open Distributed Infrastructure Management | | | Unknown | [link](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) | Support Communication Cross Reference ID: SIK7387 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 |
| HPE | Resource Aggregator for Open Distributed Infrastructure Management | | | Not Affected | [link](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) | Support Communication Cross Reference ID: SIK7387 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 |
| HPE | RESTful Interface Tool (iLOREST) | | | Unknown | [link](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) | Support Communication Cross Reference ID: SIK7387 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 |
| HPE | SAT (System Admin Toolkit) | | | Unknown | [link](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) | Support Communication Cross Reference ID: SIK7387 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 |
| HPE | Scripting Tools for Windows PowerShell (HPEiLOCmdlets) | | | Unknown | [link](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) | Support Communication Cross Reference ID: SIK7387 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 |
@ -1526,11 +1530,7 @@ NOTE: This file is automatically generated. To submit updates, please refer to
| HPE | Superdome Flex 280 | | | Unknown | [link](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) | Support Communication Cross Reference ID: SIK7387 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 |
| HPE | Superdome Flex Server | | | Unknown | [link](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) | Support Communication Cross Reference ID: SIK7387 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 |
| HPE | UAN (User Access Node) | | | Unknown | [link](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) | Support Communication Cross Reference ID: SIK7387 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 |
| HP | Teradici Cloud Access Controller | | < v113 | Fixed | [link](https://support.hp.com/us-en/document/ish_5268006-5268030-16) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 |
| HP | Teradici EMSDK | | < 1.0.6 | Fixed | [link](https://support.hp.com/us-en/document/ish_5268006-5268030-16) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 |
| HP | Teradici Management Console | | < 21.10.3 | Fixed | [link](https://support.hp.com/us-en/document/ish_5268006-5268030-16) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 |
| HP | Teradici PCoIP Connection Manager | | < 21.03.6, < 20.07.4 | Fixed | [link](https://support.hp.com/us-en/document/ish_5268006-5268030-16) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 |
| HP | Teradici PCoIP License Server | | | Unknown | [link](https://support.hp.com/us-en/document/ish_5268006-5268030-16) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 |
| HPE/Micro Focus | Data Protector | | 9.09 | Fixed | [link](https://portal.microfocus.com/s/article/KM000003243) | | [https://portal.microfocus.com/s/article/KM000003050](https://portal.microfocus.com/s/article/KM000003050) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 |
| Huawei | | | | Unknown | [link](https://www.huawei.com/en/psirt/security-notices/huawei-sn-20211210-01-log4j2-en) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Hubspot | | | | Unknown | [link](https://community.hubspot.com/t5/APIs-Integrations/Log4J-day-zero-exploit-CVE-2021-44228/td-p/541949) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| I-Net software | | | | Unknown | [link](https://faq.inetsoftware.de/t/statement-about-cve-2021-44228-log4j-vulnerability-concerning-i-net-software-products/269/3) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
@ -2019,6 +2019,8 @@ NOTE: This file is automatically generated. To submit updates, please refer to
| Lyrasis | Fedora Repository | | | Not Affected | [link](https://groups.google.com/g/fedora-tech/c/dQMQ5jaX8Xo) | Fedora Repository is unaffiliated with Fedora Linux. Uses logback and explicitly excludes log4j. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 |
| MailStore | | | | Unknown | [link](https://www.mailstore.com/en/blog/mailstore-affected-by-log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Maltego | | | | Unknown | [link](https://www.maltego.com/blog/our-response-to-log4j-cve-2021-44228/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| ManageEngine | AD SelfService Plus | | | Not Affected | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-27 |
| ManageEngine | Servicedesk Plus | 11305 and below | | Affected | [link](https://www.manageengine.com/products/service-desk/security-response-plan.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 |
| ManageEngine Zoho | | | | Unknown | [link](https://pitstop.manageengine.com/portal/en/community/topic/log4j-ad-manager-plus) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| ManageEngine Zoho | ADAudit Plus | | | Unknown | [link](https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 |
| ManageEngine Zoho | ADManager Plus | | | Unknown | [link](https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 |
@ -2032,8 +2034,6 @@ NOTE: This file is automatically generated. To submit updates, please refer to
| ManageEngine Zoho | M365 Manager Plus | | | Unknown | [link](https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 |
| ManageEngine Zoho | M365 Security Plus | | | Unknown | [link](https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 |
| ManageEngine Zoho | RecoveryManager Plus | | | Unknown | [link](https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 |
| ManageEngine | AD SelfService Plus | | | Not Affected | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-27 |
| ManageEngine | Servicedesk Plus | 11305 and below | | Affected | [link](https://www.manageengine.com/products/service-desk/security-response-plan.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 |
| MariaDB | | | | Unknown | [link](https://mariadb.com/resources/blog/log4shell-and-mariadb-cve-2021-44228/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| MathWorks | All MathWorks general release desktop or server products | | | Not Affected | [link](https://www.mathworks.com/matlabcentral/answers/1610640-apache-log4j-vulnerability-cve-2021-44228-how-does-it-affect-matlab-run-time) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 |
| MathWorks | MATLAB | | | Not Affected | [link](https://www.mathworks.com/content/dam/mathworks/policies/mathworks-response-to-cve-2021-44228-log4j-vulnerability.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 |
@ -2217,6 +2217,99 @@ NOTE: This file is automatically generated. To submit updates, please refer to
| OxygenXML | Web Author | | | Unknown | | [https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 |
| OxygenXML | WebHelp | | | Unknown | | [https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 |
| PagerDuty | PagerDuty SaaS | | | Unknown | [link](https://support.pagerduty.com/docs/pagerduty-log4j-zero-day-vulnerability) | We currently see no evidence of compromises on our platform. Our teams continue to monitor for new developments and for impacts on sub-processors and dependent systems. PagerDuty SaaS customers do not need to take any additional action for their PagerDuty SaaS environment | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 |
| Palantir | Palantir AI Inference Platform (AIP) | | All | Fixed | [link](https://www.palantir.com/security-advisories/log4j-vulnerability/) | Fully remediated as of 1.97.0. Disconnected customer instances may require manual updates. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 |
| Palantir | Palantir Apollo | | | Not Affected | [link](https://www.palantir.com/security-advisories/log4j-vulnerability/) | No impact, and updates have been deployed for full remediation. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 |
| Palantir | Palantir Foundry | | All | Fixed | [link](https://www.palantir.com/security-advisories/log4j-vulnerability/) | No impact to Palantir-hosted or Apollo-connected instances, and updates have been deployed for full remediation. Disconnected customer instances may require manual updates. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 |
| Palantir | Palantir Gotham | | All | Fixed | [link](https://www.palantir.com/security-advisories/log4j-vulnerability/) | No impact to Palantir-hosted or Apollo-connected instances, and updates have been deployed for full remediation. Disconnected customer instances may require manual updates. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 |
| Palo-Alto Networks | Bridgecrew | | | Unknown | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Palo-Alto Networks | CloudGenix | | | Unknown | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Palo-Alto Networks | Cortex Data Lake | | | Unknown | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Palo-Alto Networks | Cortex XDR Agent | | | Unknown | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Palo-Alto Networks | Cortex Xpanse | | | Unknown | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Palo-Alto Networks | Cortex XSOAR | | | Unknown | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Palo-Alto Networks | Expedition | | | Unknown | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Palo-Alto Networks | GlobalProtect App | | | Unknown | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Palo-Alto Networks | IoT Security | | | Unknown | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Palo-Alto Networks | Okyo Grade | | | Unknown | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Palo-Alto Networks | Palo-Alto Networks-OS for Firewall and Wildfire | | | Unknown | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Palo-Alto Networks | Palo-Alto Networks-OS for Panorama | 9.0, 9.1, 10.0 | | Affected | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | Upgrade Panorama to PAN-OS 10.1 to remediate this issue. This advisory will be updated when hot fixes for the affected Panorama versions are available. PAN-OS for Panorama versions 8.1, 10.1 are not affected. | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 |
| Palo-Alto Networks | Prisma Access | | | Unknown | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Palo-Alto Networks | Prisma Cloud | | | Unknown | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Palo-Alto Networks | Prisma Cloud Compute | | | Unknown | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Palo-Alto Networks | SaaS Security | | | Unknown | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Palo-Alto Networks | User-ID Agent | | | Unknown | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Palo-Alto Networks | WildFire Appliance | | | Unknown | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Palo-Alto Networks | WildFire Cloud | | | Unknown | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Panopto | | | | Unknown | [link](https://support.panopto.com/s/article/Panopto-Statement-on-the-Log4j2-Zero-Day-Vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| PaperCut | PaperCut MF | 21.0 and later | | Affected | [link](https://www.papercut.com/support/known-issues/?id=PO-684#ng) | Versions 21.0 and later are impacted. Versions 20 and earlier are NOT impacted by this. Workaround manual steps available in reference. Upgrade to PaperCut NG/MF version 21.2.3 Now Available to resolve. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 |
| PaperCut | PaperCut NG | 21.0 and later | | Affected | [link](https://www.papercut.com/support/known-issues/?id=PO-684#ng) | Versions 21.0 and later are impacted. Versions 20 and earlier are NOT impacted by this. Workaround manual steps available in reference. Upgrade to PaperCut NG/MF version 21.2.3 Now Available to resolve. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 |
| Parallels | | | | Unknown | [link](https://kb.parallels.com/en/128696) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Parse.ly | | | | Unknown | [link](https://blog.parse.ly/parse-ly-log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| PBXMonitor | RMM for 3CX PBX | | | Unknown | [link](https://www.pbxmonitor.net/changelog.php) | Mirror Servers were also checked to ensure Log4J was not installed or being used by any of our systems. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 |
| Pega | | | | Unknown | [link](https://docs.pega.com/security-advisory/security-advisory-apache-log4j-zero-day-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Pentaho | | | | Unknown | [link](https://support.pentaho.com/hc/en-us/articles/4416229254541-log4j-2-zero-day-vulnerability-No-impact-to-supported-versions-of-Pentaho-) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Pepperl+Fuchs | | | | Unknown | [link](https://www.pepperl-fuchs.com/global/en/29079.htm) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 |
| Percona | | | | Unknown | [link](https://www.percona.com/blog/log4jshell-vulnerability-update/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Pexip | | | | Unknown | [link](https://www.pexip.com/blog1.0/pexip-statement-on-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Phenix Id | | | | Unknown | [link](https://support.phenixid.se/uncategorized/log4j-fix/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Philips | Multiple products | | | Unknown | [link](https://www.philips.com/a-w/security/security-advisories.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| PHOENIX CONTACT | Cloud Services | | | Unknown | [link](https://dam-mdc.phoenixcontact.com/asset/156443151564/1a0f6db6bbc86540bfe4f05fd65877f4/Vulnerability_Statement_Log4J_20211215.pdf) | Partly affected. Remediations are being implemented. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 |
| PHOENIX CONTACT | Physical products containing firmware | | | Unknown | [link](https://dam-mdc.phoenixcontact.com/asset/156443151564/1a0f6db6bbc86540bfe4f05fd65877f4/Vulnerability_Statement_Log4J_20211215.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 |
| PHOENIX CONTACT | Software Products | | | Unknown | [link](https://dam-mdc.phoenixcontact.com/asset/156443151564/1a0f6db6bbc86540bfe4f05fd65877f4/Vulnerability_Statement_Log4J_20211215.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 |
| Ping Identity | PingAccess | 4.0 <= version <= 6.3.2 | | Affected | [link](https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 |
| Ping Identity | PingCentral | | | Unknown | [link](https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 |
| Ping Identity | PingFederate | 8.0 <= version <= 10.3.4 | | Affected | [link](https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 |
| Ping Identity | PingFederate Java Integration Kit | < 2.7.2 | | Affected | [link](https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 |
| Ping Identity | PingFederate OAuth Playground | < 4.3.1 | | Affected | [link](https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 |
| Ping Identity | PingIntelligence | | | Unknown | [link](https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 |
| Pitney Bowes | | | | Unknown | [link](https://www.pitneybowes.com/us/support/apache-log4j-vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Planmeca | | | | Unknown | [link](https://www.planmeca.com/apache-log4j-vulnerability-in-planmeca-products/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Planon Software | | | | Unknown | [link](https://my.planonsoftware.com/uk/news/log4j-impact-on-planon/) | This advisory is available for customers only and has not been reviewed by CISA | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Platform.SH | | | | Unknown | [link](https://platform.sh/blog/2021/platformsh-protects-from-apache-log4j/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Plesk | | | | Unknown | [link](https://support.plesk.com/hc/en-us/articles/4412182812818-CVE-2021-44228-vulnerability-in-log4j-package-of-Apache) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Plex | Plex Industrial IoT | | | Unknown | [link](https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605) | The product has been updated to Log4j version 2.15. An additional patch is being developed to update to 2.16. No user interaction is required. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 |
| Polycom | | | | Unknown | [link](https://support.polycom.com/content/dam/polycom-support/global/documentation/plygn-21-08-poly-systems-apache.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Portainer | | | | Unknown | [link](https://www.portainer.io/blog/portainer-statement-re-log4j-cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| PortSwigger | | | | Unknown | [link](https://forum.portswigger.net/thread/are-burp-collaborator-or-burp-enterprise-vulnerable-to-log4j-dc6524e0) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| PostGreSQL | | | | Unknown | [link](https://www.postgresql.org/about/news/postgresql-jdbc-and-the-log4j-cve-2371/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Postman | | | | Unknown | [link](https://support.postman.com/hc/en-us/articles/4415791933335-Is-Postman-impacted-by-the-Log4j-vulnerability-CVE-2021-44228-) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Power Admin LLC | PA File Sight | | | Not Affected | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 |
| Power Admin LLC | PA Server Monitor | | | Not Affected | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 |
| Power Admin LLC | PA Storage Monitor | | | Not Affected | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 |
| Pretix | | | | Unknown | [link](https://pretix.eu/about/de/blog/20211213-log4j/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| PrimeKey | | | | Unknown | [link](https://support.primekey.com/news/posts/information-about-primekey-products-and-log4j-vulnerability-cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Progress / IpSwitch | | | | Unknown | [link](https://www.progress.com/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| ProofPoint | | | | Unknown | [link](https://proofpointcommunities.force.com/community/s/article/Proofpoint-Statement-Regarding-CVE-2021-44228-Java-logging-package-log4j2) | This advisory is available for customers only and has not been reviewed by CISA | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| ProSeS | | | | Unknown | [link](https://www.proses.de/en/2021/12/16/log4shell-cve-2021-44228/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Prosys | | | | Unknown | [link](https://prosysopc.com/news/important-security-release/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Proxmox | | | | Unknown | [link](https://forum.proxmox.com/threads/log4j-exploit-what-to-do.101254/#post-436880) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| PRTG Paessler | | | | Unknown | [link](https://kb.paessler.com/en/topic/90213-is-prtg-affected-by-cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| PTC | Axeda Platform | 6.9.2 | | Affected | [link](https://www.ptc.com/en/support/article/CS358990) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 |
| PTC | ThingsWorx Analytics | 8.5, 9.0, 9.1, 9.2, All supported versions | | Affected | [link](https://www.ptc.com/en/support/article/CS358901) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 |
| PTC | ThingsWorx Platform | 8.5, 9.0, 9.1, 9.2, All supported versions | | Affected | [link](https://www.ptc.com/en/support/article/CS358901) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 |
| PTV Group | | | | Unknown | [link](https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Pulse Secure | Ivanti Connect Secure (ICS) | | | Unknown | [link](https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Pulse Secure | Ivanti Neurons for secure Access | | | Unknown | [link](https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Pulse Secure | Ivanti Neurons for secure Access | | | Unknown | [link](https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Pulse Secure | Ivanti Neurons for ZTA | | | Unknown | [link](https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Pulse Secure | Ivanti Neurons for ZTA | | | Unknown | [link](https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Pulse Secure | Pulse Connect Secure | | | Unknown | [link](https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Pulse Secure | Pulse Desktop Client | | | Unknown | [link](https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Pulse Secure | Pulse Mobile Client | | | Unknown | [link](https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Pulse Secure | Pulse One | | | Unknown | [link](https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Pulse Secure | Pulse Policy Secure | | | Unknown | [link](https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Pulse Secure | Pulse Secure Services Director | | | Unknown | [link](https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Pulse Secure | Pulse Secure Virtual Traffic Manager | | | Unknown | [link](https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Pulse Secure | Pulse Secure Web Application Firewall | | | Unknown | [link](https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Pulse Secure | Pulse ZTA | | | Unknown | [link](https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Puppet | | | | Unknown | [link](https://puppet.com/blog/puppet-response-to-remote-code-execution-vulnerability-cve-2021-44228/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Pure Storage | | | | Unknown | [link](https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_(%22log4j%22)) | This advisory is available for customers only and has not been reviewed by CISA | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Pure Storage | Cloud Blockstore | CBS6.1.x, CBS6.2.x | | Affected | [link](https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j) | Patch expected 12/27/2021 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 |
| Pure Storage | Flash Array | 5.3.x, 6.0.x, 6.1.x, 6.2.x | | Affected | [link](https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j) | Patch expected 12/20/2021 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 |
| Pure Storage | FlashBlade | 3.1.x, 3.2.x, 3.3.x | | Affected | [link](https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j) | Patch expected 12/24/2021 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 |
| Pure Storage | PortWorx | 2.8.0+ | | Affected | [link](https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 |
| Pure Storage | Pure1 | | N/A | Fixed | [link](https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 |
| Pyramid Analytics | | | | Unknown | [link](https://community.pyramidanalytics.com/t/83hjjt4/log4j-security-vulnerability-pyramid) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| QF-Test | | | | Unknown | [link](https://www.qfs.de/en/blog/article/no-log4j-vulnerability-in-qf-test.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Qlik | | | | Unknown | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| QMATIC | Appointment Booking | 2.4+ | | Affected | [link](https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability) | Update to v. 2.8.2 which contains log4j 2.16 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 |
@ -2228,6 +2321,102 @@ NOTE: This file is automatically generated. To submit updates, please refer to
| QSC Q-SYS | | | | Unknown | [link](https://qscprod.force.com/selfhelpportal/s/article/Are-Q-SYS-products-affected-by-the-Log4j-vulnerability-CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| QT | | | | Unknown | [link](https://www.qt.io/blog/the-qt-company-products-not-affected-by-cve-2021-44228-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Quest Global | | | | Unknown | [link](https://support.quest.com/fr-fr/search#q=CVE-2021-44228&t=Global) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| R | R | | | Not Affected | [link](https://www.r-project.org/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 |
| R2ediviewer | | | | Unknown | [link](https://r2ediviewer.de/DE/reload.html?Change-log_17858584.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Radware | | | | Unknown | [link](https://support.radware.com/app/answers/answer_view/a_id/1029752) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Rapid7 | AlcidekArt, kAdvisor, and kAudit | | | Not Affected | [link](https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 |
| Rapid7 | AppSpider Enterprise | | | Not Affected | [link](https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 |
| Rapid7 | AppSpider Pro | | | Not Affected | [link](https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 |
| Rapid7 | Insight Agent | | | Not Affected | [link](https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 |
| Rapid7 | InsightAppSec Scan Engine | | | Not Affected | [link](https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 |
| Rapid7 | InsightAppSec Scan Engine | | | Not Affected | [link](https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 |
| Rapid7 | InsightCloudSec/DivvyCloud | | | Not Affected | [link](https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 |
| Rapid7 | InsightConnect Orchestrator | | | Not Affected | [link](https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 |
| Rapid7 | InsightIDR Network Sensor | | | Not Affected | [link](https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 |
| Rapid7 | InsightIDR/InsightOps Collector & Event Sources | | | Not Affected | [link](https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 |
| Rapid7 | InsightOps DataHub | InsightOps DataHub <= 2.0 | | Affected | [link](https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8) | Upgrade [DataHub to version 2.0.1](https://rep.logentries.com/datahub/DataHub_2.0.1.deb) using the [following instructions](https://docs.rapid7.com/insightops/setting-up-datahub/). | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 |
| Rapid7 | InsightOps non-Java logging libraries | | | Not Affected | [link](https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 |
| Rapid7 | InsightOps r7insight_java logging library | <=3.0.8 | | Affected | [link](https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8) | Upgrade [r7insight_java](https://github.com/rapid7/r7insight_java) to 3.0.9 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 |
| Rapid7 | InsightVM Kubernetes Monitor | | | Not Affected | [link](https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 |
| Rapid7 | InsightVM/Nexpose | | | Not Affected | [link](https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 |
| Rapid7 | InsightVM/Nexpose Console | | | Not Affected | [link](https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8) | Installations of the InsightVM/Nexpose have “log4j-over-slf4j-1.7.7.jar” packaged in them. This is a different library than log4j-core and is not vulnerable to Log4Shell. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 |
| Rapid7 | InsightVM/Nexpose Engine | | | Not Affected | [link](https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8) | Installations of the InsightVM/Nexpose have “log4j-over-slf4j-1.7.7.jar” packaged in them. This is a different library than log4j-core and is not vulnerable to Log4Shell. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 |
| Rapid7 | IntSights virtual appliance | | | Not Affected | [link](https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 |
| Rapid7 | Logentries DataHub | Linux version <= 1.2.0.820; Windows version <= 1.2.0.820 | | Affected | [link](https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8) | Linux: Install DataHub_1.2.0.822.deb using the following [instructions](https://docs.logentries.com/docs/datahub-linux). Windows: Run version 1.2.0.822 in a Docker container or as a Java command per these [instructions](https://docs.logentries.com/docs/datahub-windows). You can find more details [here](https://docs.logentries.com/docs/datahub-linux). | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 |
| Rapid7 | Logentries le_java logging library | All versions: this is a deprecated component | | Affected | [link](https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8) | Migrate to version 3.0.9 of [r7insight_java](https://github.com/rapid7/r7insight_java) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 |
| Rapid7 | Metasploit Framework | | | Not Affected | [link](https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 |
| Rapid7 | Metasploit Pro | | | Not Affected | [link](https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8) | Metasploit Pro ships with log4j but has specific configurations applied to it that mitigate Log4Shell. A future update will contain a fully patched version of log4j. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 |
| Rapid7 | tCell Java Agent | | | Not Affected | [link](https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 |
| Rapid7 | Velociraptor | | | Not Affected | [link](https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 |
| Raritan | | | | Unknown | [link](https://www.raritan.com/support) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Ravelin | | | | Unknown | [link](https://syslog.ravelin.com/log4shell-cve-2021-44228-4338bb8da67b) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Real-Time Innovations (RTI) | Distributed Logger | | | Unknown | [link](https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 |
| Real-Time Innovations (RTI) | Recording Console | | | Unknown | [link](https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 |
| Real-Time Innovations (RTI) | RTI Administration Console | | | Unknown | [link](https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 |
| Real-Time Innovations (RTI) | RTI Code Generator | | | Unknown | [link](https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 |
| Real-Time Innovations (RTI) | RTI Code Generator Server | | | Unknown | [link](https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 |
| Real-Time Innovations (RTI) | RTI Micro Application Generator (MAG) | as part of RTI Connext Micro 3.0.0, 3.0.1, 3.0.2, 3.0.3 | | Affected | [link](https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 |
| Real-Time Innovations (RTI) | RTI Micro Application Generator (MAG) | as part of RTI Connext Professional 6.0.0 and 6.0.1 | | Affected | [link](https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 |
| Real-Time Innovations (RTI) | RTI Monitor | | | Unknown | [link](https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 |
| Red Hat | log4j-core | | | Unknown | [link](https://access.redhat.com/security/cve/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 |
| Red Hat | Red Hat Integration Camel K | | | Unknown | [link](https://access.redhat.com/security/cve/cve-2021-44228) | [RHSA-2021:5130](https://access.redhat.com/errata/RHSA-2021:5130) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 |
| Red Hat | Red Hat build of Quarkus | | | Unknown | [link](https://access.redhat.com/security/cve/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 |
| Red Hat | Red Hat CodeReady Studio | | 12.21.0 | Fixed | [link](https://access.redhat.com/security/cve/cve-2021-44228) | [CRS 12.21.1 Patch](https://developers.redhat.com/products/codeready-studio/download?source=sso) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 |
| Red Hat | Red Hat Data Grid | | 8 | Fixed | [link](https://access.redhat.com/security/cve/cve-2021-44228) | [RHSA-2021:5132](http://access.redhat.com/errata/RHSA-2021:5132) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 |
| Red Hat | Red Hat Decision Manager | | | Not Affected | [link](https://access.redhat.com/security/cve/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 |
| Red Hat | Red Hat Enterprise Linux | | | Not Affected | [link](https://access.redhat.com/security/cve/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 |
| Red Hat | Red Hat Enterprise Linux | | | Not Affected | [link](https://access.redhat.com/security/cve/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 |
| Red Hat | Red Hat Enterprise Linux | | | Not Affected | [link](https://access.redhat.com/security/cve/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 |
| Red Hat | Red Hat Integration Camel Quarkus | | | Unknown | [link](https://access.redhat.com/security/cve/cve-2021-44228) | [RHSA-2021:5126](https://access.redhat.com/errata/RHSA-2021:5126) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 |
| Red Hat | Red Hat JBoss A-MQ Streaming | | | Unknown | [link](https://access.redhat.com/security/cve/cve-2021-44228) | [RHSA-2021:5138](https://access.redhat.com/errata/RHSA-2021:5138) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 |
| Red Hat | Red Hat JBoss Enterprise Application Platform | | 7 | Fixed | [link](https://access.redhat.com/security/cve/cve-2021-44228) | [Maven Patch](https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform&downloadType=securityPatches&version=7.4) - Affects only the Mavenized distribution. Container, Zip and RPM distro aren't affected. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 |
| Red Hat | Red Hat JBoss Enterprise Application Platform Expansion Pack | | | Not Affected | [link](https://access.redhat.com/security/cve/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 |
| Red Hat | Red Hat JBoss Fuse | | 7 | Fixed | [link](https://access.redhat.com/security/cve/cve-2021-44228) | [RHSA-2021:5134](https://access.redhat.com/errata/RHSA-2021:5134) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 |
| Red Hat | Red Hat Process Automation | | 7 | Fixed | [link](https://access.redhat.com/security/cve/cve-2021-44228) | [Maven Patch](https://access.redhat.com/jbossnetwork/restricted/softwareDetail.html?softwareId=103671&product=rhpam&version=7.11.1&downloadType=patches) - Affects only the Mavenized distribution. Container, Zip and RPM distro aren't affected. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 |
| Red Hat | Red Hat Single Sign-On | | | Not Affected | [link](https://access.redhat.com/security/cve/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 |
| Red Hat | Red Hat Vert.X | | 4 | Fixed | [link](https://access.redhat.com/security/cve/cve-2021-44228) | [RHSA-2021:5093](https://access.redhat.com/errata/RHSA-2021:5093) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 |
| Red Hat | Satellite 5 | | | Unknown | [link](https://access.redhat.com/security/cve/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 |
| Red Hat | Spacewalk | | | Unknown | [link](https://access.redhat.com/security/cve/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 |
| Red Hat OpenShift Container Platform 3.11 | openshift3/ose-logging-elasticsearch5 | | | Unknown | [link](https://access.redhat.com/security/cve/cve-2021-44228) | [RHSA-2021:5094](http://access.redhat.com/errata/RHSA-2021:5094) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 |
| Red Hat OpenShift Container Platform 4 | openshift4/ose-logging-elasticsearch6 | | | Unknown | [link](https://access.redhat.com/security/cve/cve-2021-44228) | Please refer to Red Hat Customer Portal to find the right errata for your version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 |
| Red Hat OpenShift Container Platform 4 | openshift4/ose-metering-hive | | | Unknown | [link](https://access.redhat.com/security/cve/cve-2021-44228) | Please refer to Red Hat Customer Portal to find the right errata for your version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 |
| Red Hat OpenShift Container Platform 4 | openshift4/ose-metering-presto | | | Unknown | [link](https://access.redhat.com/security/cve/cve-2021-44228) | Please refer to Red Hat Customer Portal to find the right errata for your version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 |
| Red Hat OpenShift Logging | logging-elasticsearch6-container | | | Unknown | [link](https://access.redhat.com/security/cve/cve-2021-44228) | Please refer to Red Hat Customer Portal to find the right errata for your version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 |
| Red Hat OpenStack Platform 13 (Queens) | opendaylight | | | Unknown | [link](https://access.redhat.com/security/cve/cve-2021-44228) | End of Life | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 |
| Red Hat Software Collections | rh-java-common-log4j | | | Unknown | [link](https://access.redhat.com/security/cve/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 |
| Red Hat Software Collections | rh-maven35-log4j12 | | | Unknown | [link](https://access.redhat.com/security/cve/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 |
| Red Hat Software Collections | rh-maven36-log4j12 | | | Unknown | [link](https://access.redhat.com/security/cve/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 |
| Red5Pro | | | | Unknown | [link](https://www.red5pro.com/blog/red5-marked-safe-from-log4j-and-log4j2-zero-day/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| RedGate | | | | Unknown | [link](https://www.red-gate.com/privacy-and-security/vulnerabilities/2021-12-15-log4j-statement) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Redis | | | | Unknown | [link](https://redis.com/security/notice-apache-log4j2-cve-2021-44228/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Reiner SCT | | | | Unknown | [link](https://forum.reiner-sct.com/index.php?/topic/5973-timecard-und-log4j-schwachstelle/&do=findComment&comment=14933) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| ReportURI | | | | Unknown | [link](https://scotthelme.co.uk/responding-to-the-log4j-2-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| ResMed | AirView | | | Unknown | [link](https://www.resmed.com/en-us/security/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 |
| ResMed | myAir | | | Unknown | [link](https://www.resmed.com/en-us/security/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 |
| Respondus | | | | Unknown | [link](https://support.respondus.com/support/index.php?/News/NewsItem/View/339) | This advisory is available to customers only and has not been reviewed by CISA | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Revenera / Flexera | | | | Unknown | [link](https://community.flexera.com/t5/Revenera-Company-News/Security-Advisory-Log4j-Java-Vulnerability-CVE-2021-44228/ba-p/216905) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Ricoh | | | | Unknown | [link](https://www.ricoh.com/info/2021/1215_1/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| RingCentral | | | | Unknown | [link](https://www.ringcentral.com/trust-center/security-bulletin.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Riverbed | | | | Unknown | [link](https://supportkb.riverbed.com/support/index?page=content&id=S35645) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Rockwell Automation | FactoryTalk Analytics DataFlowML | 4.00.00 | | Affected | [link](https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 |
| Rockwell Automation | FactoryTalk Analytics DataView | 3.03.00 | | Affected | [link](https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 |
| Rockwell Automation | Industrial Data Center | | Gen 1, Gen 2, Gen 3, Gen 3.5 | Fixed | [link](https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 |
| Rockwell Automation | MES EIG | 3.03.00 | | Affected | [link](https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605) | Customers should upgrade to EIG Hub if possible or work with their local representatives about alternative solutions. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 |
| Rockwell Automation | VersaVirtual | | Series A | Fixed | [link](https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 |
| Rockwell Automation | Warehouse Management | 4.01.00, 4.02.00, 4.02.01, 4.02.02 | | Affected | [link](https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 |
| Rollbar | | | | Unknown | [link](https://rollbar.com/blog/log4j-zero-day-2021-log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Rosette.com | | | | Unknown | [link](https://support.rosette.com/hc/en-us/articles/4416216525965-Log4j-Vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| RSA | SecurID Authentication Manager | | | Unknown | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| RSA | SecurID Authentication Manager Prime | | | Unknown | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| RSA | SecurID Authentication Manager WebTier | | | Unknown | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| RSA | SecurID Governance and Lifecycle | | | Unknown | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| RSA | SecurID Governance and Lifecycle Cloud | | | Unknown | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| RSA | SecurID Identity Router | | | Unknown | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| RSA Netwitness | | | | Unknown | [link](https://community.rsa.com/t5/netwitness-platform-product/netwitness-apache-vulnerability-log4j2-cve-2021-44228-nbsp/ta-p/660540) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Rstudioapi | Rstudioapi | | | Not Affected | [link](https://github.com/rstudio/rstudioapi) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 |
| Rubrik | | | | Unknown | [link](https://support.rubrik.com/s/announcementdetail?Id=a406f000001PwOcAAK) | This advisory is available to customers only and has not been reviewed by CISA | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Ruckus | Virtual SmartZone (vSZ) | 5.1 to 6.0 | | Affected | [link](https://support.ruckuswireless.com/security_bulletins/313) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 |
| RunDeck by PagerDuty | | | | Unknown | [link](https://docs.rundeck.com/docs/history/CVEs/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Runecast | Runecast Analyzer | | 6.0.3 | Fixed | [link](https://www.runecast.com/release-notes) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| SAE-IT | | | | Unknown | [link](https://www.sae-it.com/nc/de/news/sicherheitsmeldungen.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| SAFE FME Server | | | | Unknown | [link](https://community.safe.com/s/article/Is-FME-Server-Affected-by-the-Security-Vulnerability-Reported-Against-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
@ -2319,6 +2508,8 @@ NOTE: This file is automatically generated. To submit updates, please refer to
| Shibboleth | All Products | | | Not Affected | [link](https://shibboleth.net/pipermail/announce/2021-December/000253.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-10 |
| Shopify | | | | Unknown | [link](https://community.shopify.com/c/technical-q-a/is-shopify-affected-by-the-log4j-vulnerability/td-p/1417625) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Siebel | | | | Unknown | [link](https://www.siebelhub.com/main/2021/12/log4j-vulnerability-cve-2021-44228-and-siebel-crm.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Siemens | Affected Products | | | Unknown | [link](https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf) | Siemens requests: See pdf for the complete list of affected products, CSAF for automated parsing of data | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 |
| Siemens | Affected Products | | | Unknown | [link](https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf) | Siemens requests: See pdf for the complete list of affected products, CSAF for automated parsing of data | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 |
| Siemens Energy | Affected Products | | | Unknown | [link](https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf) | Siemens requests: See pdf for the complete list of affected products, CSAF for automated parsing of data | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 |
| Siemens Energy | Affected Products | | | Unknown | [link](https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf) | Siemens requests: See pdf for the complete list of affected products, CSAF for automated parsing of data | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 |
| Siemens Energy | Affected Products | | | Unknown | [link](https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf) | Siemens requests: See pdf for the complete list of affected products, CSAF for automated parsing of data | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 |
@ -2356,8 +2547,6 @@ NOTE: This file is automatically generated. To submit updates, please refer to
| Siemens Healthineers | syngo.via WebViewer VA13B / VA20A / VA20B | | | Unknown | [link](https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228) | Workaround: remove the vulnerable class from the .jar file | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 |
| Siemens Healthineers | X.Ceed Somaris 10 VA40* | | | Unknown | [link](https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228) | Workaround: In the meantime, we recommend preventing access to port 8090 from other devices by configuration of the hospital network. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 |
| Siemens Healthineers | X.Cite Somaris 10 VA30*/VA40* | | | Unknown | [link](https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228) | Workaround: In the meantime, we recommend preventing access to port 8090 from other devices by configuration of the hospital network. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 |
| Siemens | Affected Products | | | Unknown | [link](https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf) | Siemens requests: See pdf for the complete list of affected products, CSAF for automated parsing of data | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 |
| Siemens | Affected Products | | | Unknown | [link](https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf) | Siemens requests: See pdf for the complete list of affected products, CSAF for automated parsing of data | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 |
| Sierra Wireless | | | | Unknown | [link](https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2021-007/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Sierra Wireless | AirVantage and Octave cloud platforms | | | Unknown | [link](https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2021-007/#sthash.iT98k4HP.dpbs) | These systems do not operate with the specific non-standard configuration required for CVE-2021-25046 and hence were not vulnerable to it. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-05 |
| Sierra Wireless | AM/AMM servers | | | Unknown | [link](https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2021-007/#sthash.iT98k4HP.dpbs) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-05 |
@ -2458,8 +2647,8 @@ NOTE: This file is automatically generated. To submit updates, please refer to
| Splunk | Splunk UBA OVA Software | 5.0.3a, 5.0.0 | | Affected | [link](https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-30 |
| Splunk | Splunk VMWare OVA for ITSI [App ID 4760](https://splunkbase.splunk.com/app/4760/) | 1.1.1 and older | | Affected | [link](https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-30 |
| Sprecher Automation | | | | Unknown | [link](https://www.sprecher-automation.com/en/it-security/security-alerts) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Spring Boot | | | | Unknown | [link](https://spring.io/blog/2021/12/10/log4j2-vulnerability-and-spring-boot) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Spring | Spring Boot | | | Unknown | [link](https://spring.io/blog/2021/12/10/log4j2-vulnerability-and-spring-boot) | Spring Boot users are only affected by this vulnerability if they have switched the default logging system to Log4J2 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Spring Boot | | | | Unknown | [link](https://spring.io/blog/2021/12/10/log4j2-vulnerability-and-spring-boot) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| StarDog | | | | Unknown | [link](https://community.stardog.com/t/stardog-7-8-1-available/3411) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| STERIS | Advantage | | | Unknown | [link](https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 |
| STERIS | Advantage Plus | | | Unknown | [link](https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 |
@ -2750,7 +2939,14 @@ NOTE: This file is automatically generated. To submit updates, please refer to
| Western Digital | | | | Unknown | [link](https://www.westerndigital.com/support/product-security/wdc-21016-apache-log4j-2-remote-code-execution-vulnerability-analysis) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| WIBU Systems | CodeMeter Cloud Lite | 2.2 and prior | | Affected | [link](https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-211213-01.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 |
| WIBU Systems | CodeMeter Keyring for TIA Portal | 1.30 and prior | | Affected | [link](https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-211213-01.pdf) | Only the Password Manager is affected | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 |
| WindRiver | | | | Unknown | [link](https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Wind River | LTS17 | | | Not Affected | [link](https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-21 |
| Wind River | LTS18 | | | Not Affected | [link](https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-21 |
| Wind River | LTS19 | | | Not Affected | [link](https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-21 |
| Wind River | LTS21 | | | Not Affected | [link](https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Wind River | WRL-6 | | | Not Affected | [link](https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191) | The Wind River Linux Product Versions 8.0 and prior contains the log4j1.2 and JMSAppender components, however, JMSAppender is deactivated in the release package and not affected by CVE-2021-4104 customers are advised to NOT manually activate the JMSAppender component. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-21 |
| Wind River | WRL-7 | | | Not Affected | [link](https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191) | The Wind River Linux Product Versions 8.0 and prior contains the log4j1.2 and JMSAppender components, however, JMSAppender is deactivated in the release package and not affected by CVE-2021-4104 customers are advised to NOT manually activate the JMSAppender component. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-21 |
| Wind River | WRL-8 | | | Not Affected | [link](https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191) | The Wind River Linux Product Versions 8.0 and prior contains the log4j1.2 and JMSAppender components, however, JMSAppender is deactivated in the release package and not affected by CVE-2021-4104 customers are advised to NOT manually activate the JMSAppender component. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-21 |
| Wind River | WRL-9 | | | Not Affected | [link](https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-21 |
| WireShark | | | | Unknown | [link](https://gitlab.com/wireshark/wireshark/-/issues/17783) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Wistia | | | | Unknown | [link](https://status.wistia.com/incidents/jtg0dfl5l224) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| WitFoo | | | | Unknown | [link](https://www.witfoo.com/blog/emergency-update-for-cve-2021-44228-log4j/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |

2
config/requirements.txt
Unescape View File

@ -1 +1 @@
https://github.com/cisagov/log4j-md-yml/archive/v1.1.0.tar.gz
https://github.com/cisagov/log4j-md-yml/archive/v1.1.1.tar.gz

10757
data/cisagov.yml
View File

File diff suppressed because it is too large Load Diff

498
data/cisagov_A.yml
View File

File diff suppressed because it is too large Load Diff

132
data/cisagov_B.yml
Unescape View File

@ -33,7 +33,7 @@ software:
references:
- ''
last_updated: '2021-12-16T00:00:00'
- vendor: Baxter
- vendor: BackBox
product: ''
cves:
cve-2021-4104:
@ -57,12 +57,12 @@ software:
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.baxter.com/sites/g/files/ebysai746/files/2021-12/Apache_Log4j_Vulnerability.pdf
- https://updates.backbox.com/V6.5/Docs/CVE-2021-44228.pdf
notes: ''
references:
- ''
last_updated: '2021-12-20T00:00:00'
- vendor: BackBox
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Balbix
product: ''
cves:
cve-2021-4104:
@ -86,12 +86,12 @@ software:
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://updates.backbox.com/V6.5/Docs/CVE-2021-44228.pdf
- https://www.balbix.com/blog/broad-exposure-to-log4shell-cve-2021-44228-highlights-how-the-attack-surface-has-exploded/
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Balbix
- vendor: Baramundi Products
product: ''
cves:
cve-2021-4104:
@ -115,12 +115,12 @@ software:
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.balbix.com/blog/broad-exposure-to-log4shell-cve-2021-44228-highlights-how-the-attack-surface-has-exploded/
- https://forum.baramundi.com/index.php?threads/baramundi-produkte-von-log4shell-schwachstelle-in-log4j-nicht-betroffen.12539/#post-62875
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Baramundi Products
- vendor: Barco
product: ''
cves:
cve-2021-4104:
@ -144,12 +144,12 @@ software:
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://forum.baramundi.com/index.php?threads/baramundi-produkte-von-log4shell-schwachstelle-in-log4j-nicht-betroffen.12539/#post-62875
- https://www.barco.com/en/support/knowledge-base/kb12495
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Barco
- vendor: Barracuda
product: ''
cves:
cve-2021-4104:
@ -173,12 +173,12 @@ software:
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.barco.com/en/support/knowledge-base/kb12495
- https://www.barracuda.com/company/legal/trust-center
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Barracuda
- vendor: Baxter
product: ''
cves:
cve-2021-4104:
@ -202,13 +202,13 @@ software:
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.barracuda.com/company/legal/trust-center
- https://www.baxter.com/sites/g/files/ebysai746/files/2021-12/Apache_Log4j_Vulnerability.pdf
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:50+00:00'
last_updated: '2021-12-20T00:00:00'
- vendor: BBraun
product: Outlook® Safety Infusion System Pump family
product: APEX® Compounder
cves:
cve-2021-4104:
investigated: false
@ -237,8 +237,7 @@ software:
- ''
last_updated: '2021-12-20T00:00:00'
- vendor: BBraun
product: Space® Infusion Pump family (Infusomat® Space® Infusion Pump, Perfusor®
Space® Infusion
product: DoseTrac® Server, DoseLink™ Server, and Space® Online Suite Server software
cves:
cve-2021-4104:
investigated: false
@ -267,7 +266,7 @@ software:
- ''
last_updated: '2021-12-20T00:00:00'
- vendor: BBraun
product: Pump, SpaceStation, and Space® Wireless Battery)
product: Outlook® Safety Infusion System Pump family
cves:
cve-2021-4104:
investigated: false
@ -296,7 +295,7 @@ software:
- ''
last_updated: '2021-12-20T00:00:00'
- vendor: BBraun
product: DoseTrac® Server, DoseLink™ Server, and Space® Online Suite Server software
product: Pinnacle® Compounder
cves:
cve-2021-4104:
investigated: false
@ -325,7 +324,7 @@ software:
- ''
last_updated: '2021-12-20T00:00:00'
- vendor: BBraun
product: Pinnacle® Compounder
product: Pump, SpaceStation, and Space® Wireless Battery)
cves:
cve-2021-4104:
investigated: false
@ -354,7 +353,8 @@ software:
- ''
last_updated: '2021-12-20T00:00:00'
- vendor: BBraun
product: APEX® Compounder
product: Space® Infusion Pump family (Infusomat® Space® Infusion Pump, Perfusor®
Space® Infusion
cves:
cve-2021-4104:
investigated: false
@ -615,7 +615,7 @@ software:
- ''
last_updated: '2021-12-20T00:00:00'
- vendor: BD
product: BD Knowledge Portal for Infusion Technologies
product: BD Knowledge Portal for BD Pyxis™ Supply
cves:
cve-2021-4104:
investigated: false
@ -644,7 +644,7 @@ software:
- ''
last_updated: '2021-12-20T00:00:00'
- vendor: BD
product: BD Knowledge Portal for Medication Technologies
product: BD Knowledge Portal for Infusion Technologies
cves:
cve-2021-4104:
investigated: false
@ -673,7 +673,7 @@ software:
- ''
last_updated: '2021-12-20T00:00:00'
- vendor: BD
product: BD Knowledge Portal for BD Pyxis™ Supply
product: BD Knowledge Portal for Medication Technologies
cves:
cve-2021-4104:
investigated: false
@ -1049,7 +1049,7 @@ software:
references:
- ''
last_updated: '2021-12-22T00:00:00'
- vendor: BioMerieux
- vendor: Bender
product: ''
cves:
cve-2021-4104:
@ -1073,12 +1073,13 @@ software:
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.biomerieux.com/en/cybersecurity-data-privacy
- https://www.bender.de/en/cert
notes: ''
references:
- ''
last_updated: '2021-12-22T00:00:00'
- vendor: Bender
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Best Practical Request Tracker (RT) and Request Tracker for Incident Response
(RTIR)
product: ''
cves:
cve-2021-4104:
@ -1102,14 +1103,13 @@ software:
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.bender.de/en/cert
- https://bestpractical.com/blog/2021/12/request-tracker-rt-and-request-tracker-for-incident-response-rtir-do-not-use-log4j
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Best Practical Request Tracker (RT) and Request Tracker for Incident Response
(RTIR)
product: ''
- vendor: BeyondTrust
product: Privilege Management Cloud
cves:
cve-2021-4104:
investigated: false
@ -1117,9 +1117,10 @@ software:
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
investigated: true
affected_versions: []
fixed_versions: []
fixed_versions:
- Unknown
unaffected_versions: []
cve-2021-45046:
investigated: false
@ -1132,13 +1133,13 @@ software:
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://bestpractical.com/blog/2021/12/request-tracker-rt-and-request-tracker-for-incident-response-rtir-do-not-use-log4j
- https://www.beyondtrust.com/blog/entry/security-advisory-apache-log4j2-cve-2021-44228-log4shell
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:50+00:00'
last_updated: '2021-12-17T00:00:00'
- vendor: BeyondTrust
product: Privilege Management Cloud
product: Privilege Management Reporting in BeyondInsight
cves:
cve-2021-4104:
investigated: false
@ -1149,7 +1150,7 @@ software:
investigated: true
affected_versions: []
fixed_versions:
- Unknown
- '21.2'
unaffected_versions: []
cve-2021-45046:
investigated: false
@ -1168,7 +1169,7 @@ software:
- ''
last_updated: '2021-12-17T00:00:00'
- vendor: BeyondTrust
product: Privilege Management Reporting in BeyondInsight
product: Secure Remote Access appliances
cves:
cve-2021-4104:
investigated: false
@ -1178,9 +1179,9 @@ software:
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions:
- '21.2'
unaffected_versions: []
fixed_versions: []
unaffected_versions:
- Unknown
cve-2021-45046:
investigated: false
affected_versions: []
@ -1197,8 +1198,8 @@ software:
references:
- ''
last_updated: '2021-12-17T00:00:00'
- vendor: BeyondTrust
product: Secure Remote Access appliances
- vendor: BeyondTrust Bomgar
product: ''
cves:
cve-2021-4104:
investigated: false
@ -1206,11 +1207,10 @@ software:
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions:
- Unknown
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
@ -1222,12 +1222,12 @@ software:
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.beyondtrust.com/blog/entry/security-advisory-apache-log4j2-cve-2021-44228-log4shell
- https://beyondtrustcorp.service-now.com/kb_view.do?sysparm_article=KB0016542
notes: ''
references:
- ''
last_updated: '2021-12-17T00:00:00'
- vendor: BeyondTrust Bomgar
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: BioMerieux
product: ''
cves:
cve-2021-4104:
@ -1251,11 +1251,11 @@ software:
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://beyondtrustcorp.service-now.com/kb_view.do?sysparm_article=KB0016542
- https://www.biomerieux.com/en/cybersecurity-data-privacy
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:50+00:00'
last_updated: '2021-12-22T00:00:00'
- vendor: BisectHosting
product: ''
cves:
@ -2590,7 +2590,7 @@ software:
references:
- ''
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Boston Scientific
- vendor: Bosch
product: ''
cves:
cve-2021-4104:
@ -2614,12 +2614,12 @@ software:
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.bostonscientific.com/content/dam/bostonscientific/corporate/product-security/bsc_statement_on_apache_log4j-v1.pdf
- https://bosch-iot-suite.com/news/apache-log4j-rce-vulnerability/
notes: ''
references:
- ''
last_updated: '2021-12-20T00:00:00'
- vendor: Bosch
last_updated: '2021-12-22T00:00:00'
- vendor: Boston Scientific
product: ''
cves:
cve-2021-4104:
@ -2643,11 +2643,11 @@ software:
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://bosch-iot-suite.com/news/apache-log4j-rce-vulnerability/
- https://www.bostonscientific.com/content/dam/bostonscientific/corporate/product-security/bsc_statement_on_apache_log4j-v1.pdf
notes: ''
references:
- ''
last_updated: '2021-12-22T00:00:00'
last_updated: '2021-12-20T00:00:00'
- vendor: Box
product: ''
cves:
@ -4067,7 +4067,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:51+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Broadcom
product: Symantec Protection Engine (SPE)
cves:
@ -4096,7 +4096,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:51+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Broadcom
product: Symantec Protection for SharePoint Servers (SPSS)
cves:
@ -4125,7 +4125,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:51+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Broadcom
product: VIP
cves:
@ -4154,7 +4154,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:51+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Broadcom
product: VIP Authentication Hub
cves:
@ -4183,7 +4183,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:51+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Broadcom
product: Web Isolation (WI)
cves:
@ -4212,7 +4212,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:51+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Broadcom
product: Web Security Service (WSS)
cves:
@ -4241,7 +4241,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:51+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Broadcom
product: WebPulse
cves:
@ -4270,5 +4270,5 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:51+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
...

724
data/cisagov_C.yml
View File

File diff suppressed because it is too large Load Diff

1338
data/cisagov_D.yml
View File

File diff suppressed because it is too large Load Diff

286
data/cisagov_E.yml
View File

File diff suppressed because it is too large Load Diff

184
data/cisagov_F.yml
Unescape View File

@ -32,7 +32,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:52+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: F-Secure
product: Endpoint Proxy
cves:
@ -62,7 +62,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:52+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: F-Secure
product: Messaging Security Gateway
cves:
@ -91,7 +91,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:52+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: F-Secure
product: Policy Manager
cves:
@ -121,7 +121,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:52+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: F-Secure
product: Policy Manager Proxy
cves:
@ -151,7 +151,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:52+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: F5
product: BIG-IP (all modules)
cves:
@ -181,7 +181,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:52+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: F5
product: BIG-IQ Centralized Management
cves:
@ -211,7 +211,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:52+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: F5
product: F5OS
cves:
@ -241,9 +241,9 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:52+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: F5
product: Traffix SDC
product: NGINX App Protect
cves:
cve-2021-4104:
investigated: false
@ -252,11 +252,10 @@ software:
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions:
- 5.x (5.2.0 CF1
- 5.1.0 CF-30 - 5.1.0 CF-33)
affected_versions: []
fixed_versions: []
unaffected_versions: []
unaffected_versions:
- 3.x
cve-2021-45046:
investigated: false
affected_versions: []
@ -269,13 +268,12 @@ software:
unaffected_versions: []
vendor_links:
- https://support.f5.com/csp/article/K19026212
notes: 'Vulnerable components: EMS-ELK components (Fluentd + Elastic Search +
Kibana), Element Management System'
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:52+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: F5
product: NGINX Plus
product: NGINX Controller
cves:
cve-2021-4104:
investigated: false
@ -287,7 +285,7 @@ software:
affected_versions: []
fixed_versions: []
unaffected_versions:
- R19 - R25
- 3.x
cve-2021-45046:
investigated: false
affected_versions: []
@ -303,9 +301,9 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:52+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: F5
product: NGINX Open Source
product: NGINX Ingress Controller
cves:
cve-2021-4104:
investigated: false
@ -317,7 +315,7 @@ software:
affected_versions: []
fixed_versions: []
unaffected_versions:
- 1.x
- 1.x - 2.x
cve-2021-45046:
investigated: false
affected_versions: []
@ -333,9 +331,9 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:52+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: F5
product: NGINX Unit
product: NGINX Instance Manager
cves:
cve-2021-4104:
investigated: false
@ -363,9 +361,9 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:52+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: F5
product: NGINX App Protect
product: NGINX Open Source
cves:
cve-2021-4104:
investigated: false
@ -377,7 +375,7 @@ software:
affected_versions: []
fixed_versions: []
unaffected_versions:
- 3.x
- 1.x
cve-2021-45046:
investigated: false
affected_versions: []
@ -393,9 +391,9 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:52+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: F5
product: NGINX Controller
product: NGINX Plus
cves:
cve-2021-4104:
investigated: false
@ -407,7 +405,7 @@ software:
affected_versions: []
fixed_versions: []
unaffected_versions:
- 3.x
- R19 - R25
cve-2021-45046:
investigated: false
affected_versions: []
@ -423,9 +421,9 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:52+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: F5
product: NGINX Ingress Controller
product: NGINX Service Mesh
cves:
cve-2021-4104:
investigated: false
@ -437,7 +435,7 @@ software:
affected_versions: []
fixed_versions: []
unaffected_versions:
- 1.x - 2.x
- 1.x
cve-2021-45046:
investigated: false
affected_versions: []
@ -453,9 +451,9 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:52+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: F5
product: NGINX Instance Manager
product: NGINX Unit
cves:
cve-2021-4104:
investigated: false
@ -483,9 +481,9 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:52+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: F5
product: NGINX Service Mesh
product: Traffix SDC
cves:
cve-2021-4104:
investigated: false
@ -494,10 +492,11 @@ software:
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
affected_versions:
- 5.x (5.2.0 CF1
- 5.1.0 CF-30 - 5.1.0 CF-33)
fixed_versions: []
unaffected_versions:
- 1.x
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
@ -510,10 +509,11 @@ software:
unaffected_versions: []
vendor_links:
- https://support.f5.com/csp/article/K19026212
notes: ''
notes: 'Vulnerable components: EMS-ELK components (Fluentd + Elastic Search +
Kibana), Element Management System'
references:
- ''
last_updated: '2022-01-12T07:18:52+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: FAST LTA
product: ''
cves:
@ -542,7 +542,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:52+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Fastly
product: ''
cves:
@ -571,7 +571,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:52+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: FedEx
product: Ship Manager Software
cves:
@ -668,7 +668,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:52+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: FileCatalyst
product: ''
cves:
@ -697,7 +697,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:52+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: FileCloud
product: ''
cves:
@ -726,7 +726,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:52+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: FileWave
product: ''
cves:
@ -755,7 +755,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:52+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: FINVI
product: ''
cves:
@ -784,7 +784,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:52+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: FireDaemon
product: ''
cves:
@ -813,7 +813,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:52+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Fisher & Paykel Healthcare
product: ''
cves:
@ -871,7 +871,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:52+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Flexera
product: ''
cves:
@ -900,7 +900,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:52+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Forcepoint
product: DLP Manager
cves:
@ -929,7 +929,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:52+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Forcepoint
product: Forcepoint Cloud Security Gateway (CSG)
cves:
@ -958,7 +958,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:52+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Forcepoint
product: Next Generation Firewall (NGFW)
cves:
@ -987,7 +987,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:52+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Forcepoint
product: Next Generation Firewall, NGFW VPN Client, Forcepoint User ID service
and Sidewinder
@ -1017,7 +1017,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:52+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Forcepoint
product: One Endpoint
cves:
@ -1046,7 +1046,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:52+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Forcepoint
product: Security Manager (Web, Email and DLP)
cves:
@ -1075,7 +1075,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:52+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Forescout
product: ''
cves:
@ -1104,7 +1104,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:52+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: ForgeRock
product: Autonomous Identity
cves:
@ -1133,7 +1133,7 @@ software:
notes: all other ForgeRock products Not vulnerable
references:
- ''
last_updated: '2022-01-12T07:18:52+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Fortinet
product: FortiAIOps
cves:
@ -1162,7 +1162,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:52+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Fortinet
product: FortiAnalyzer
cves:
@ -1191,7 +1191,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:52+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Fortinet
product: FortiAnalyzer Cloud
cves:
@ -1220,7 +1220,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:52+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Fortinet
product: FortiAP
cves:
@ -1249,7 +1249,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:52+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Fortinet
product: FortiAuthenticator
cves:
@ -1278,7 +1278,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:52+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Fortinet
product: FortiCASB
cves:
@ -1307,7 +1307,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:52+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Fortinet
product: FortiConvertor
cves:
@ -1336,7 +1336,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:52+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Fortinet
product: FortiDeceptor
cves:
@ -1365,7 +1365,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:52+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Fortinet
product: FortiEDR Agent
cves:
@ -1394,7 +1394,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:52+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Fortinet
product: FortiEDR Cloud
cves:
@ -1423,7 +1423,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:52+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Fortinet
product: FortiGate Cloud
cves:
@ -1452,7 +1452,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:52+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Fortinet
product: FortiGSLB Cloud
cves:
@ -1481,7 +1481,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:52+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Fortinet
product: FortiMail
cves:
@ -1510,7 +1510,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:52+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Fortinet
product: FortiManager
cves:
@ -1539,7 +1539,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:52+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Fortinet
product: FortiManager Cloud
cves:
@ -1568,7 +1568,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:52+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Fortinet
product: FortiNAC
cves:
@ -1597,7 +1597,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:52+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Fortinet
product: FortiNAC
cves:
@ -1626,7 +1626,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:52+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Fortinet
product: FortiOS (includes FortiGate & FortiWiFi)
cves:
@ -1655,7 +1655,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:52+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Fortinet
product: FortiPhish Cloud
cves:
@ -1684,7 +1684,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:52+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Fortinet
product: FortiPolicy
cves:
@ -1713,7 +1713,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:52+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Fortinet
product: FortiPortal
cves:
@ -1742,7 +1742,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:52+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Fortinet
product: FortiRecorder
cves:
@ -1771,7 +1771,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:52+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Fortinet
product: FortiSIEM
cves:
@ -1800,7 +1800,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:52+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Fortinet
product: FortiSOAR
cves:
@ -1829,7 +1829,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:52+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Fortinet
product: FortiSwicth Cloud in FortiLANCloud
cves:
@ -1858,7 +1858,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:52+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Fortinet
product: FortiSwitch & FortiSwitchManager
cves:
@ -1887,7 +1887,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:52+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Fortinet
product: FortiToken Cloud
cves:
@ -1916,7 +1916,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:52+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Fortinet
product: FortiVoice
cves:
@ -1945,7 +1945,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:52+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Fortinet
product: FortiWeb Cloud
cves:
@ -1974,7 +1974,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:52+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Fortinet
product: ShieldX
cves:
@ -2003,7 +2003,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:52+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: FTAPI
product: ''
cves:
@ -2032,7 +2032,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:52+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Fujitsu
product: ''
cves:
@ -2061,7 +2061,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:52+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: FusionAuth
product: FusionAuth
cves:
@ -2091,5 +2091,5 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:52+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
...

193
data/cisagov_G.yml
Unescape View File

@ -65,7 +65,7 @@ software:
- ''
last_updated: '2021-12-22T00:00:00'
- vendor: GE Gas Power
product: Baseline Security Center (BSC)
product: Asset Performance Management (APM)
cves:
cve-2021-4104:
investigated: false
@ -89,13 +89,12 @@ software:
unaffected_versions: []
vendor_links:
- https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf
notes: Vulnerability to be fixed by vendor provided workaround. No user actions
necessary. Contact GE for details.
notes: GE verifying workaround.
references:
- ''
last_updated: '2021-12-22T00:00:00'
- vendor: GE Gas Power
product: Baseline Security Center (BSC) 2.0
product: Baseline Security Center (BSC)
cves:
cve-2021-4104:
investigated: false
@ -120,12 +119,12 @@ software:
vendor_links:
- https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf
notes: Vulnerability to be fixed by vendor provided workaround. No user actions
necessary. Contact GE for details
necessary. Contact GE for details.
references:
- ''
last_updated: '2021-12-22T00:00:00'
- vendor: GE Gas Power
product: Asset Performance Management (APM)
product: Baseline Security Center (BSC) 2.0
cves:
cve-2021-4104:
investigated: false
@ -149,7 +148,8 @@ software:
unaffected_versions: []
vendor_links:
- https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf
notes: GE verifying workaround.
notes: Vulnerability to be fixed by vendor provided workaround. No user actions
necessary. Contact GE for details
references:
- ''
last_updated: '2021-12-22T00:00:00'
@ -270,7 +270,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:52+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Genesys
product: ''
cves:
@ -299,7 +299,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:52+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: GeoServer
product: ''
cves:
@ -328,7 +328,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:52+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Gerrit code review
product: ''
cves:
@ -357,7 +357,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:52+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: GFI
product: ''
cves:
@ -386,7 +386,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:52+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Ghidra
product: ''
cves:
@ -415,7 +415,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:52+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Gigamon
product: Fabric Manager
cves:
@ -505,7 +505,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:52+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Globus
product: ''
cves:
@ -534,9 +534,9 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:52+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: GoAnywhere
product: MFT
product: Gateway
cves:
cve-2021-4104:
investigated: false
@ -546,7 +546,7 @@ software:
cve-2021-44228:
investigated: true
affected_versions:
- < 6.8.6
- < 2.8.4
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
@ -566,7 +566,7 @@ software:
- ''
last_updated: '2021-12-18T00:00:00'
- vendor: GoAnywhere
product: Gateway
product: MFT
cves:
cve-2021-4104:
investigated: false
@ -576,7 +576,7 @@ software:
cve-2021-44228:
investigated: true
affected_versions:
- < 2.8.4
- < 6.8.6
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
@ -679,12 +679,13 @@ software:
unaffected_versions: []
vendor_links:
- https://security.googleblog.com/2021/12/apache-log4j-vulnerability.html
notes: Chrome Browser releases, infrastructure and admin console are not using versions of Log4j affected by the vulnerability.
notes: Chrome Browser releases, infrastructure and admin console are not using
versions of Log4j affected by the vulnerability.
references:
- ''
last_updated: '2022-01-14'
- vendor: Google Cloud
product: AI Platform Data Labeling
product: Access Transparency
cves:
cve-2021-4104:
investigated: false
@ -714,7 +715,7 @@ software:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Google Cloud
product: AI Platform Neural Architecture Search (NAS)
product: Actifio
cves:
cve-2021-4104:
investigated: false
@ -738,13 +739,15 @@ software:
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046.
notes: Actifio has identified limited exposure to the Log4j 2 vulnerability and
has released a hotfix to address this vulnerability. Visit [https://now.actifio.com](https://now.actifio.com)
for the full statement and to obtain the hotfix (available to Actifio customers
only).
references:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Google Cloud
product: AI Platform Training and Prediction
product: AI Platform Data Labeling
cves:
cve-2021-4104:
investigated: false
@ -774,7 +777,7 @@ software:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Google Cloud
product: Access Transparency
product: AI Platform Neural Architecture Search (NAS)
cves:
cve-2021-4104:
investigated: false
@ -804,7 +807,7 @@ software:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Google Cloud
product: Actifio
product: AI Platform Training and Prediction
cves:
cve-2021-4104:
investigated: false
@ -828,10 +831,8 @@ software:
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Actifio has identified limited exposure to the Log4j 2 vulnerability and
has released a hotfix to address this vulnerability. Visit [https://now.actifio.com](https://now.actifio.com)
for the full statement and to obtain the hotfix (available to Actifio customers
only).
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-21T00:00:00'
@ -989,7 +990,7 @@ software:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Google Cloud
product: Anthos Premium Software
product: Anthos on VMWare
cves:
cve-2021-4104:
investigated: false
@ -1014,12 +1015,16 @@ software:
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046.
in CVE-2021-44228 and CVE-2021-45046. We strongly encourage customers to check
VMware recommendations documented in VMSA-2021-0028 and deploy fixes or workarounds
to their VMware products as they become available. We also recommend customers
review their respective applications and workloads affected by the same vulnerabilities
and apply appropriate patches.
references:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Google Cloud
product: Anthos Service Mesh
product: Anthos Premium Software
cves:
cve-2021-4104:
investigated: false
@ -1049,7 +1054,7 @@ software:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Google Cloud
product: Anthos on VMWare
product: Anthos Service Mesh
cves:
cve-2021-4104:
investigated: false
@ -1074,11 +1079,7 @@ software:
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046. We strongly encourage customers to check
VMware recommendations documented in VMSA-2021-0028 and deploy fixes or workarounds
to their VMware products as they become available. We also recommend customers
review their respective applications and workloads affected by the same vulnerabilities
and apply appropriate patches.
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-21T00:00:00'
@ -1793,7 +1794,7 @@ software:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Google Cloud
product: Cloud DNS
product: Cloud Data Loss Prevention
cves:
cve-2021-4104:
investigated: false
@ -1821,9 +1822,9 @@ software:
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-20T00:00:00'
last_updated: '2021-12-21T00:00:00'
- vendor: Google Cloud
product: Cloud Data Loss Prevention
product: Cloud Debugger
cves:
cve-2021-4104:
investigated: false
@ -1853,7 +1854,7 @@ software:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Google Cloud
product: Cloud Debugger
product: Cloud Deployment Manager
cves:
cve-2021-4104:
investigated: false
@ -1883,7 +1884,7 @@ software:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Google Cloud
product: Cloud Deployment Manager
product: Cloud DNS
cves:
cve-2021-4104:
investigated: false
@ -1911,7 +1912,7 @@ software:
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-21T00:00:00'
last_updated: '2021-12-20T00:00:00'
- vendor: Google Cloud
product: Cloud Endpoints
cves:
@ -2036,7 +2037,7 @@ software:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Google Cloud
product: Cloud Intrusion Detection System (IDS)
product: Cloud Interconnect
cves:
cve-2021-4104:
investigated: false
@ -2066,7 +2067,7 @@ software:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Google Cloud
product: Cloud Interconnect
product: Cloud Intrusion Detection System (IDS)
cves:
cve-2021-4104:
investigated: false
@ -2186,7 +2187,7 @@ software:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Google Cloud
product: Cloud Network Address Translation (NAT)
product: Cloud Natural Language API
cves:
cve-2021-4104:
investigated: false
@ -2214,9 +2215,9 @@ software:
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-20T00:00:00'
last_updated: '2021-12-21T00:00:00'
- vendor: Google Cloud
product: Cloud Natural Language API
product: Cloud Network Address Translation (NAT)
cves:
cve-2021-4104:
investigated: false
@ -2244,7 +2245,7 @@ software:
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-21T00:00:00'
last_updated: '2021-12-20T00:00:00'
- vendor: Google Cloud
product: Cloud Profiler
cves:
@ -2372,7 +2373,7 @@ software:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Google Cloud
product: Cloud SDK
product: Cloud Scheduler
cves:
cve-2021-4104:
investigated: false
@ -2402,7 +2403,7 @@ software:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Google Cloud
product: Cloud SQL
product: Cloud SDK
cves:
cve-2021-4104:
investigated: false
@ -2430,9 +2431,9 @@ software:
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-19T00:00:00'
last_updated: '2021-12-21T00:00:00'
- vendor: Google Cloud
product: Cloud Scheduler
product: Cloud Shell
cves:
cve-2021-4104:
investigated: false
@ -2457,12 +2458,15 @@ software:
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046.
in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate
logging solution that uses Log4j 2. We strongly encourage customers who manage
Cloud Shell environments to identify components dependent on Log4j 2 and update
them to the latest version.
references:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Google Cloud
product: Cloud Shell
product: Cloud Source Repositories
cves:
cve-2021-4104:
investigated: false
@ -2487,15 +2491,12 @@ software:
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate
logging solution that uses Log4j 2. We strongly encourage customers who manage
Cloud Shell environments to identify components dependent on Log4j 2 and update
them to the latest version.
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Google Cloud
product: Cloud Source Repositories
product: Cloud Spanner
cves:
cve-2021-4104:
investigated: false
@ -2523,9 +2524,9 @@ software:
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-21T00:00:00'
last_updated: '2021-12-19T00:00:00'
- vendor: Google Cloud
product: Cloud Spanner
product: Cloud SQL
cves:
cve-2021-4104:
investigated: false
@ -2705,7 +2706,7 @@ software:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Google Cloud
product: Cloud VPN
product: Cloud Vision
cves:
cve-2021-4104:
investigated: false
@ -2733,9 +2734,9 @@ software:
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-20T00:00:00'
last_updated: '2021-12-21T00:00:00'
- vendor: Google Cloud
product: Cloud Vision
product: Cloud Vision OCR On-Prem
cves:
cve-2021-4104:
investigated: false
@ -2765,7 +2766,7 @@ software:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Google Cloud
product: Cloud Vision OCR On-Prem
product: Cloud VPN
cves:
cve-2021-4104:
investigated: false
@ -2793,7 +2794,7 @@ software:
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-21T00:00:00'
last_updated: '2021-12-20T00:00:00'
- vendor: Google Cloud
product: CompilerWorks
cves:
@ -4656,7 +4657,7 @@ software:
notes: Gradle Scala Compiler Plugin depends upon log4j-core but it is not used.
references:
- ''
last_updated: '2022-01-12T07:18:53+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Gradle
product: Gradle Enterprise
cves:
@ -4686,7 +4687,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:53+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Gradle
product: Gradle Enterprise Build Cache Node
cves:
@ -4716,7 +4717,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:53+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Gradle
product: Gradle Enterprise Test Distribution Agent
cves:
@ -4746,7 +4747,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:53+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Grafana
product: ''
cves:
@ -4775,7 +4776,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:53+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Grandstream
product: ''
cves:
@ -4804,7 +4805,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:53+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Gravitee
product: Access Management
cves:
@ -4834,7 +4835,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:53+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Gravitee
product: Access Management
cves:
@ -4864,9 +4865,9 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:53+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Gravitee
product: API Management
product: Alert Engine
cves:
cve-2021-4104:
investigated: false
@ -4878,7 +4879,7 @@ software:
affected_versions: []
fixed_versions: []
unaffected_versions:
- 3.10.x
- 1.5.x
cve-2021-45046:
investigated: false
affected_versions: []
@ -4894,9 +4895,9 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:53+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Gravitee
product: API Management
product: Alert Engine
cves:
cve-2021-4104:
investigated: false
@ -4908,7 +4909,7 @@ software:
affected_versions: []
fixed_versions: []
unaffected_versions:
- 3.5.x
- 1.4.x
cve-2021-45046:
investigated: false
affected_versions: []
@ -4924,9 +4925,9 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:53+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Gravitee
product: Alert Engine
product: API Management
cves:
cve-2021-4104:
investigated: false
@ -4938,7 +4939,7 @@ software:
affected_versions: []
fixed_versions: []
unaffected_versions:
- 1.5.x
- 3.10.x
cve-2021-45046:
investigated: false
affected_versions: []
@ -4954,9 +4955,9 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:53+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Gravitee
product: Alert Engine
product: API Management
cves:
cve-2021-4104:
investigated: false
@ -4968,7 +4969,7 @@ software:
affected_versions: []
fixed_versions: []
unaffected_versions:
- 1.4.x
- 3.5.x
cve-2021-45046:
investigated: false
affected_versions: []
@ -4984,7 +4985,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:53+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Gravitee
product: Cockpit
cves:
@ -5014,7 +5015,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:53+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Gravitee.io
product: ''
cves:
@ -5043,7 +5044,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:53+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Gravwell
product: ''
cves:
@ -5072,7 +5073,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:53+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Graylog
product: Graylog Server
cves:
@ -5102,7 +5103,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:53+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: GreenShot
product: ''
cves:
@ -5131,7 +5132,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:53+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: GSA
product: Cloud.gov
cves:
@ -5189,5 +5190,5 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:53+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
...

986
data/cisagov_H.yml
View File

File diff suppressed because it is too large Load Diff

476
data/cisagov_I.yml
View File

File diff suppressed because it is too large Load Diff

260
data/cisagov_J.yml
Unescape View File

@ -32,7 +32,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Jamf
product: Jamf Pro
cves:
@ -62,7 +62,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Janitza
product: GridVis
cves:
@ -121,7 +121,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Jedox
product: ''
cves:
@ -150,7 +150,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Jenkins
product: CI/CD Core
cves:
@ -178,7 +178,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Jenkins
product: Plugins
cves:
@ -209,9 +209,8 @@ software:
- ''
last_updated: '2021-12-16T00:00:00'
- vendor: JetBrains
product: IntelliJ platform based IDEs (AppCode, CLion, DataGrip, DataSpell, GoLand,
IntelliJ IDEA Ultimate/Community/Edu, PhpStorm, PyCharm Professional/Community/Edu,
Rider, RubyMine, WebStorm)
product: All .NET tools (ReSharper, Rider, ReSharper C++, dotTrace, dotMemory,
dotCover, dotPeek)
cves:
cve-2021-4104:
investigated: false
@ -239,10 +238,9 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
- vendor: JetBrains
product: All .NET tools (ReSharper, Rider, ReSharper C++, dotTrace, dotMemory,
dotCover, dotPeek)
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Jetbrains
product: Code With Me
cves:
cve-2021-4104:
investigated: false
@ -252,9 +250,9 @@ software:
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
fixed_versions:
- Unknown
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
@ -270,9 +268,9 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: JetBrains
product: ToolBox
product: Datalore
cves:
cve-2021-4104:
investigated: false
@ -300,9 +298,9 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: JetBrains
product: TeamCity
product: Floating license server
cves:
cve-2021-4104:
investigated: false
@ -312,9 +310,9 @@ software:
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- Unknown
fixed_versions:
- '30211'
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
@ -326,13 +324,13 @@ software:
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://youtrack.jetbrains.com/issue/TW-74298
- https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: JetBrains
product: Hub
product: Gateway
cves:
cve-2021-4104:
investigated: false
@ -342,9 +340,9 @@ software:
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions:
- 2021.1.14080
unaffected_versions: []
fixed_versions: []
unaffected_versions:
- Unknown
cve-2021-45046:
investigated: false
affected_versions: []
@ -356,13 +354,13 @@ software:
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://blog.jetbrains.com/hub/2021/12/14/hub-update-regarding-log4j2-vulnerability/
- https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: JetBrains
product: YouTrack Standalone
product: Hub
cves:
cve-2021-4104:
investigated: false
@ -373,7 +371,7 @@ software:
investigated: true
affected_versions: []
fixed_versions:
- 2021.4.35970
- 2021.1.14080
unaffected_versions: []
cve-2021-45046:
investigated: false
@ -386,13 +384,15 @@ software:
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://blog.jetbrains.com/youtrack/2021/12/youtrack-update-regarding-log4j2-vulnerability/
- https://blog.jetbrains.com/hub/2021/12/14/hub-update-regarding-log4j2-vulnerability/
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: JetBrains
product: YouTrack InCloud
product: IntelliJ platform based IDEs (AppCode, CLion, DataGrip, DataSpell, GoLand,
IntelliJ IDEA Ultimate/Community/Edu, PhpStorm, PyCharm Professional/Community/Edu,
Rider, RubyMine, WebStorm)
cves:
cve-2021-4104:
investigated: false
@ -402,9 +402,9 @@ software:
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions:
fixed_versions: []
unaffected_versions:
- Unknown
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
@ -420,9 +420,9 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: JetBrains
product: Datalore
product: Kotlin
cves:
cve-2021-4104:
investigated: false
@ -450,9 +450,9 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: JetBrains
product: Space
product: Ktor
cves:
cve-2021-4104:
investigated: false
@ -480,9 +480,9 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
- vendor: Jetbrains
product: Code With Me
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: JetBrains
product: MPS
cves:
cve-2021-4104:
investigated: false
@ -492,9 +492,9 @@ software:
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions:
fixed_versions: []
unaffected_versions:
- Unknown
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
@ -510,9 +510,9 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: JetBrains
product: Gateway
product: Space
cves:
cve-2021-4104:
investigated: false
@ -540,9 +540,9 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: JetBrains
product: Kotlin
product: TeamCity
cves:
cve-2021-4104:
investigated: false
@ -566,13 +566,13 @@ software:
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/
- https://youtrack.jetbrains.com/issue/TW-74298
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: JetBrains
product: Ktor
product: ToolBox
cves:
cve-2021-4104:
investigated: false
@ -600,9 +600,9 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: JetBrains
product: MPS
product: UpSource
cves:
cve-2021-4104:
investigated: false
@ -612,9 +612,9 @@ software:
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- Unknown
fixed_versions:
- 2020.1.1952
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
@ -630,9 +630,9 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: JetBrains
product: Floating license server
product: YouTrack InCloud
cves:
cve-2021-4104:
investigated: false
@ -643,7 +643,7 @@ software:
investigated: true
affected_versions: []
fixed_versions:
- '30211'
- Unknown
unaffected_versions: []
cve-2021-45046:
investigated: false
@ -660,9 +660,9 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: JetBrains
product: UpSource
product: YouTrack Standalone
cves:
cve-2021-4104:
investigated: false
@ -673,7 +673,7 @@ software:
investigated: true
affected_versions: []
fixed_versions:
- 2020.1.1952
- 2021.4.35970
unaffected_versions: []
cve-2021-45046:
investigated: false
@ -686,11 +686,11 @@ software:
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/
- https://blog.jetbrains.com/youtrack/2021/12/youtrack-update-regarding-log4j2-vulnerability/
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: JFROG
product: ''
cves:
@ -719,7 +719,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Jitsi
product: ''
cves:
@ -748,7 +748,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Jitterbit
product: ''
cves:
@ -777,9 +777,9 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
- vendor: jPOS
product: (ISO-8583) bridge
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Johnson Controls
product: BCPro
cves:
cve-2021-4104:
investigated: false
@ -791,7 +791,7 @@ software:
affected_versions: []
fixed_versions: []
unaffected_versions:
- Unknown
- All versions
cve-2021-45046:
investigated: false
affected_versions: []
@ -803,13 +803,13 @@ software:
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://github.com/jpos/jPOS/commit/d615199a1bdd35c35d63c07c10fd0bdbbc96f625
- https://www.johnsoncontrols.com/cyber-solutions/security-advisories
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2021-12-21T00:00:00'
- vendor: Johnson Controls
product: C•CURE‐9000
product: CEM AC2000
cves:
cve-2021-4104:
investigated: false
@ -821,7 +821,7 @@ software:
affected_versions: []
fixed_versions: []
unaffected_versions:
- 2.90.x (all 2.90 versions)
- All versions
cve-2021-45046:
investigated: false
affected_versions: []
@ -839,7 +839,7 @@ software:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Johnson Controls
product: C•CURE‐9000
product: CEM Hardware Products
cves:
cve-2021-4104:
investigated: false
@ -851,7 +851,7 @@ software:
affected_versions: []
fixed_versions: []
unaffected_versions:
- 2.80.x (all 2.80 versions)
- All versions
cve-2021-45046:
investigated: false
affected_versions: []
@ -869,7 +869,7 @@ software:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Johnson Controls
product: C•CURE‐9000
product: CloudVue Gateway
cves:
cve-2021-4104:
investigated: false
@ -881,7 +881,7 @@ software:
affected_versions: []
fixed_versions: []
unaffected_versions:
- 2.70 (All versions)
- All versions
cve-2021-45046:
investigated: false
affected_versions: []
@ -899,7 +899,7 @@ software:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Johnson Controls
product: C•CURE‐9000
product: CloudVue Web
cves:
cve-2021-4104:
investigated: false
@ -911,7 +911,7 @@ software:
affected_versions: []
fixed_versions: []
unaffected_versions:
- 2.60 (All versions)
- All versions
cve-2021-45046:
investigated: false
affected_versions: []
@ -929,7 +929,7 @@ software:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Johnson Controls
product: victor
product: C•CURE‐9000
cves:
cve-2021-4104:
investigated: false
@ -941,7 +941,7 @@ software:
affected_versions: []
fixed_versions: []
unaffected_versions:
- 5.x
- 2.90.x (all 2.90 versions)
cve-2021-45046:
investigated: false
affected_versions: []
@ -959,7 +959,7 @@ software:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Johnson Controls
product: victor/ C•CURE‐9000 Unified
product: C•CURE‐9000
cves:
cve-2021-4104:
investigated: false
@ -971,7 +971,7 @@ software:
affected_versions: []
fixed_versions: []
unaffected_versions:
- 3.81.x / victor 5.4.1 / C•CURE‐9000 2.80
- 2.80.x (all 2.80 versions)
cve-2021-45046:
investigated: false
affected_versions: []
@ -989,7 +989,7 @@ software:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Johnson Controls
product: victor/ C•CURE‐9000 Unified
product: C•CURE‐9000
cves:
cve-2021-4104:
investigated: false
@ -1001,7 +1001,7 @@ software:
affected_versions: []
fixed_versions: []
unaffected_versions:
- 3.91.x / victor 5.6.1 / C•CURE‐9000 2.90
- 2.70 (All versions)
cve-2021-45046:
investigated: false
affected_versions: []
@ -1019,7 +1019,7 @@ software:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Johnson Controls
product: Metasys Products and Tools
product: C•CURE‐9000
cves:
cve-2021-4104:
investigated: false
@ -1031,7 +1031,7 @@ software:
affected_versions: []
fixed_versions: []
unaffected_versions:
- All versions
- 2.60 (All versions)
cve-2021-45046:
investigated: false
affected_versions: []
@ -1049,7 +1049,7 @@ software:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Johnson Controls
product: Facility Explorer
product: DLS
cves:
cve-2021-4104:
investigated: false
@ -1061,7 +1061,7 @@ software:
affected_versions: []
fixed_versions: []
unaffected_versions:
- 14.x
- All versions
cve-2021-45046:
investigated: false
affected_versions: []
@ -1079,7 +1079,7 @@ software:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Johnson Controls
product: CEM AC2000
product: Entrapass
cves:
cve-2021-4104:
investigated: false
@ -1109,7 +1109,7 @@ software:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Johnson Controls
product: CEM Hardware Products
product: exacqVision Client
cves:
cve-2021-4104:
investigated: false
@ -1139,7 +1139,7 @@ software:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Johnson Controls
product: Illustra Cameras
product: exacqVision Server
cves:
cve-2021-4104:
investigated: false
@ -1169,7 +1169,7 @@ software:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Johnson Controls
product: Illustra Insight
product: exacqVision WebService
cves:
cve-2021-4104:
investigated: false
@ -1199,7 +1199,7 @@ software:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Johnson Controls
product: Tyco AI
product: Facility Explorer
cves:
cve-2021-4104:
investigated: false
@ -1211,7 +1211,7 @@ software:
affected_versions: []
fixed_versions: []
unaffected_versions:
- All versions
- 14.x
cve-2021-45046:
investigated: false
affected_versions: []
@ -1229,7 +1229,7 @@ software:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Johnson Controls
product: DLS
product: Illustra Cameras
cves:
cve-2021-4104:
investigated: false
@ -1259,7 +1259,7 @@ software:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Johnson Controls
product: Entrapass
product: Illustra Insight
cves:
cve-2021-4104:
investigated: false
@ -1289,7 +1289,7 @@ software:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Johnson Controls
product: CloudVue Web
product: iSTAR
cves:
cve-2021-4104:
investigated: false
@ -1319,7 +1319,7 @@ software:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Johnson Controls
product: CloudVue Gateway
product: Metasys Products and Tools
cves:
cve-2021-4104:
investigated: false
@ -1349,7 +1349,7 @@ software:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Johnson Controls
product: Qolsys IQ Panels
product: PowerSeries NEO
cves:
cve-2021-4104:
investigated: false
@ -1379,7 +1379,7 @@ software:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Johnson Controls
product: PowerSeries NEO
product: PowerSeries Pro
cves:
cve-2021-4104:
investigated: false
@ -1409,7 +1409,7 @@ software:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Johnson Controls
product: PowerSeries Pro
product: Qolsys IQ Panels
cves:
cve-2021-4104:
investigated: false
@ -1469,7 +1469,7 @@ software:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Johnson Controls
product: VideoEdge
product: Tyco AI
cves:
cve-2021-4104:
investigated: false
@ -1481,7 +1481,7 @@ software:
affected_versions: []
fixed_versions: []
unaffected_versions:
- 5.x
- All versions
cve-2021-45046:
investigated: false
affected_versions: []
@ -1499,7 +1499,7 @@ software:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Johnson Controls
product: exacqVision Server
product: victor
cves:
cve-2021-4104:
investigated: false
@ -1511,7 +1511,7 @@ software:
affected_versions: []
fixed_versions: []
unaffected_versions:
- All versions
- 5.x
cve-2021-45046:
investigated: false
affected_versions: []
@ -1529,7 +1529,7 @@ software:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Johnson Controls
product: exacqVision Client
product: victor/ C•CURE‐9000 Unified
cves:
cve-2021-4104:
investigated: false
@ -1541,7 +1541,7 @@ software:
affected_versions: []
fixed_versions: []
unaffected_versions:
- All versions
- 3.81.x / victor 5.4.1 / C•CURE‐9000 2.80
cve-2021-45046:
investigated: false
affected_versions: []
@ -1559,7 +1559,7 @@ software:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Johnson Controls
product: exacqVision WebService
product: victor/ C•CURE‐9000 Unified
cves:
cve-2021-4104:
investigated: false
@ -1571,7 +1571,7 @@ software:
affected_versions: []
fixed_versions: []
unaffected_versions:
- All versions
- 3.91.x / victor 5.6.1 / C•CURE‐9000 2.90
cve-2021-45046:
investigated: false
affected_versions: []
@ -1589,7 +1589,7 @@ software:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Johnson Controls
product: BCPro
product: VideoEdge
cves:
cve-2021-4104:
investigated: false
@ -1601,7 +1601,7 @@ software:
affected_versions: []
fixed_versions: []
unaffected_versions:
- All versions
- 5.x
cve-2021-45046:
investigated: false
affected_versions: []
@ -1618,8 +1618,8 @@ software:
references:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Johnson Controls
product: iSTAR
- vendor: Journyx
product: ''
cves:
cve-2021-4104:
investigated: false
@ -1627,11 +1627,10 @@ software:
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions:
- All versions
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
@ -1643,13 +1642,13 @@ software:
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.johnsoncontrols.com/cyber-solutions/security-advisories
- https://community.journyx.com/support/solutions/articles/9000209044-apache-log4j-2-vulnerability-cve-2021-44228-
notes: ''
references:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Journyx
product: ''
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: jPOS
product: (ISO-8583) bridge
cves:
cve-2021-4104:
investigated: false
@ -1657,10 +1656,11 @@ software:
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions: []
unaffected_versions:
- Unknown
cve-2021-45046:
investigated: false
affected_versions: []
@ -1672,11 +1672,11 @@ software:
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://community.journyx.com/support/solutions/articles/9000209044-apache-log4j-2-vulnerability-cve-2021-44228-
- https://github.com/jpos/jPOS/commit/d615199a1bdd35c35d63c07c10fd0bdbbc96f625
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Jump Desktop
product: ''
cves:
@ -1705,7 +1705,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Juniper Networks
product: ''
cves:
@ -1734,7 +1734,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Justice Systems
product: ''
cves:
@ -1763,5 +1763,5 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
...

22
data/cisagov_K.yml
Unescape View File

@ -32,7 +32,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: K6
product: ''
cves:
@ -61,7 +61,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Karakun
product: ''
cves:
@ -90,7 +90,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Kaseya
product: ''
cves:
@ -119,7 +119,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Keeper Security
product: ''
cves:
@ -148,7 +148,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: KEMP
product: ''
cves:
@ -177,7 +177,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: KEMP 2
product: ''
cves:
@ -206,7 +206,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Kofax
product: ''
cves:
@ -235,7 +235,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Konica Minolta
product: ''
cves:
@ -264,7 +264,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Kronos UKG
product: ''
cves:
@ -293,7 +293,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Kyberna
product: ''
cves:
@ -322,5 +322,5 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
...

64
data/cisagov_L.yml
Unescape View File

@ -32,7 +32,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: L3Harris Geospatial
product: ''
cves:
@ -61,7 +61,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Lancom Systems
product: ''
cves:
@ -90,7 +90,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Lansweeper
product: ''
cves:
@ -119,7 +119,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Laserfiche
product: ''
cves:
@ -148,7 +148,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: LastPass
product: ''
cves:
@ -177,7 +177,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: LaunchDarkly
product: ''
cves:
@ -206,7 +206,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Leanix
product: ''
cves:
@ -235,7 +235,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Leica BIOSYSTEMS
product: Aperio AT2
cves:
@ -614,7 +614,7 @@ software:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Leica BIOSYSTEMS
product: BOND-ADVANCE
product: BOND Controller
cves:
cve-2021-4104:
investigated: false
@ -643,7 +643,7 @@ software:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Leica BIOSYSTEMS
product: BOND Controller
product: BOND RX
cves:
cve-2021-4104:
investigated: false
@ -672,7 +672,7 @@ software:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Leica BIOSYSTEMS
product: BOND-III
product: BOND RXm
cves:
cve-2021-4104:
investigated: false
@ -701,7 +701,7 @@ software:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Leica BIOSYSTEMS
product: BOND-MAX
product: BOND-ADVANCE
cves:
cve-2021-4104:
investigated: false
@ -730,7 +730,7 @@ software:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Leica BIOSYSTEMS
product: BOND RX
product: BOND-III
cves:
cve-2021-4104:
investigated: false
@ -759,7 +759,7 @@ software:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Leica BIOSYSTEMS
product: BOND RXm
product: BOND-MAX
cves:
cve-2021-4104:
investigated: false
@ -2415,7 +2415,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Let's Encrypt
product: ''
cves:
@ -2444,7 +2444,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: LibreNMS
product: ''
cves:
@ -2473,7 +2473,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: LifeRay
product: ''
cves:
@ -2502,7 +2502,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: LifeSize
product: ''
cves:
@ -2531,7 +2531,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Lightbend
product: ''
cves:
@ -2560,7 +2560,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Lime CRM
product: ''
cves:
@ -2589,7 +2589,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: LIONGARD
product: ''
cves:
@ -2618,7 +2618,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: LiquidFiles
product: ''
cves:
@ -2647,7 +2647,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: LiveAction
product: ''
cves:
@ -2676,7 +2676,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Loftware
product: ''
cves:
@ -2705,7 +2705,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: LOGalyze
product: SIEM & log analyzer tool
cves:
@ -2766,7 +2766,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: LogicMonitor
product: LogicMonitor Platform
cves:
@ -2795,7 +2795,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: LogMeIn
product: ''
cves:
@ -2824,7 +2824,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: LogRhythm
product: ''
cves:
@ -2853,7 +2853,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Looker
product: Looker
cves:
@ -2888,7 +2888,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: LucaNet
product: ''
cves:
@ -2917,7 +2917,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Lucee
product: ''
cves:
@ -2946,7 +2946,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Lyrasis
product: Fedora Repository
cves:

280
data/cisagov_M.yml
Unescape View File

@ -32,7 +32,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Maltego
product: ''
cves:
@ -61,9 +61,9 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: ManageEngine
product: Servicedesk Plus
product: AD SelfService Plus
cves:
cve-2021-4104:
investigated: false
@ -72,10 +72,10 @@ software:
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions:
- '11305 and below'
affected_versions: []
fixed_versions: []
unaffected_versions: []
unaffected_versions:
- Build 6.1 build 6114
cve-2021-45046:
investigated: false
affected_versions: []
@ -86,14 +86,13 @@ software:
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.manageengine.com/products/service-desk/security-response-plan.html
vendor_links: []
notes: ''
references:
- ''
last_updated: '2021-12-15T00:00:00'
last_updated: '2021-12-27T00:00:00'
- vendor: ManageEngine
product: AD SelfService Plus
product: Servicedesk Plus
cves:
cve-2021-4104:
investigated: false
@ -102,10 +101,10 @@ software:
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
affected_versions:
- 11305 and below
fixed_versions: []
unaffected_versions:
- 'Build 6.1 build 6114'
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
@ -116,11 +115,12 @@ software:
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links: []
vendor_links:
- https://www.manageengine.com/products/service-desk/security-response-plan.html
notes: ''
references:
- ''
last_updated: '2021-12-27T00:00:00'
last_updated: '2021-12-15T00:00:00'
- vendor: ManageEngine Zoho
product: ''
cves:
@ -149,9 +149,9 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: ManageEngine Zoho
product: ADManager Plus
product: ADAudit Plus
cves:
cve-2021-4104:
investigated: false
@ -180,7 +180,7 @@ software:
- ''
last_updated: '2021-12-16T00:00:00'
- vendor: ManageEngine Zoho
product: ADAudit Plus
product: ADManager Plus
cves:
cve-2021-4104:
investigated: false
@ -209,7 +209,7 @@ software:
- ''
last_updated: '2021-12-16T00:00:00'
- vendor: ManageEngine Zoho
product: DataSecurity Plus
product: Analytics Plus
cves:
cve-2021-4104:
investigated: false
@ -238,7 +238,7 @@ software:
- ''
last_updated: '2021-12-16T00:00:00'
- vendor: ManageEngine Zoho
product: EventLog Analyzer
product: Cloud Security Plus
cves:
cve-2021-4104:
investigated: false
@ -267,7 +267,7 @@ software:
- ''
last_updated: '2021-12-16T00:00:00'
- vendor: ManageEngine Zoho
product: M365 Manager Plus
product: DataSecurity Plus
cves:
cve-2021-4104:
investigated: false
@ -296,7 +296,7 @@ software:
- ''
last_updated: '2021-12-16T00:00:00'
- vendor: ManageEngine Zoho
product: RecoveryManager Plus
product: EventLog Analyzer
cves:
cve-2021-4104:
investigated: false
@ -412,7 +412,7 @@ software:
- ''
last_updated: '2021-12-16T00:00:00'
- vendor: ManageEngine Zoho
product: Cloud Security Plus
product: M365 Manager Plus
cves:
cve-2021-4104:
investigated: false
@ -470,7 +470,7 @@ software:
- ''
last_updated: '2021-12-16T00:00:00'
- vendor: ManageEngine Zoho
product: Analytics Plus
product: RecoveryManager Plus
cves:
cve-2021-4104:
investigated: false
@ -526,7 +526,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: MathWorks
product: All MathWorks general release desktop or server products
cves:
@ -569,7 +569,7 @@ software:
affected_versions: []
fixed_versions: []
unaffected_versions:
- 'All'
- All
cve-2021-45046:
investigated: false
affected_versions: []
@ -598,7 +598,7 @@ software:
investigated: true
affected_versions: []
fixed_versions:
- '1.59.10+'
- 1.59.10+
unaffected_versions: []
cve-2021-45046:
investigated: false
@ -644,7 +644,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Mattermost FocalBoard
product: ''
cves:
@ -673,7 +673,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: McAfee
product: Data Exchange Layer (DXL) Client
cves:
@ -927,7 +927,7 @@ software:
- ''
last_updated: '2021-12-20T00:00:00'
- vendor: McAfee
product: ePolicy Orchestrator Application Server (ePO)
product: Enterprise Security Manager (ESM)
cves:
cve-2021-4104:
investigated: false
@ -938,7 +938,7 @@ software:
investigated: true
affected_versions: []
fixed_versions:
- '5.10 CU11'
- 11.5.3
unaffected_versions: []
cve-2021-45046:
investigated: false
@ -985,7 +985,7 @@ software:
- ''
last_updated: '2021-12-20T00:00:00'
- vendor: McAfee
product: Host Intrusion Prevention (Host IPS)
product: ePolicy Orchestrator Application Server (ePO)
cves:
cve-2021-4104:
investigated: false
@ -993,9 +993,10 @@ software:
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
investigated: true
affected_versions: []
fixed_versions: []
fixed_versions:
- 5.10 CU11
unaffected_versions: []
cve-2021-45046:
investigated: false
@ -1007,13 +1008,14 @@ software:
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links: []
vendor_links:
- https://kc.mcafee.com/agent/index?page=content&id=SB10377
notes: ''
references:
- ''
last_updated: '2021-12-20T00:00:00'
- vendor: McAfee
product: Management of Native Encryption (MNE)
product: Host Intrusion Prevention (Host IPS)
cves:
cve-2021-4104:
investigated: false
@ -1041,7 +1043,7 @@ software:
- ''
last_updated: '2021-12-20T00:00:00'
- vendor: McAfee
product: McAfee Active Response (MAR)
product: Management of Native Encryption (MNE)
cves:
cve-2021-4104:
investigated: false
@ -1069,7 +1071,7 @@ software:
- ''
last_updated: '2021-12-20T00:00:00'
- vendor: McAfee
product: McAfee Agent (MA)
product: McAfee Active Response (MAR)
cves:
cve-2021-4104:
investigated: false
@ -1097,7 +1099,7 @@ software:
- ''
last_updated: '2021-12-20T00:00:00'
- vendor: McAfee
product: McAfee Application and Change Control (MACC) for Linux
product: McAfee Agent (MA)
cves:
cve-2021-4104:
investigated: false
@ -1125,7 +1127,7 @@ software:
- ''
last_updated: '2021-12-20T00:00:00'
- vendor: McAfee
product: McAfee Application and Change Control (MACC) for Windows
product: McAfee Application and Change Control (MACC) for Linux
cves:
cve-2021-4104:
investigated: false
@ -1153,7 +1155,7 @@ software:
- ''
last_updated: '2021-12-20T00:00:00'
- vendor: McAfee
product: McAfee Client Proxy (MCP) for Mac
product: McAfee Application and Change Control (MACC) for Windows
cves:
cve-2021-4104:
investigated: false
@ -1181,7 +1183,7 @@ software:
- ''
last_updated: '2021-12-20T00:00:00'
- vendor: McAfee
product: McAfee Client Proxy (MCP) for Windows
product: McAfee Client Proxy (MCP) for Mac
cves:
cve-2021-4104:
investigated: false
@ -1209,7 +1211,7 @@ software:
- ''
last_updated: '2021-12-20T00:00:00'
- vendor: McAfee
product: McAfee Drive Encryption (MDE)
product: McAfee Client Proxy (MCP) for Windows
cves:
cve-2021-4104:
investigated: false
@ -1237,7 +1239,7 @@ software:
- ''
last_updated: '2021-12-20T00:00:00'
- vendor: McAfee
product: McAfee Security for Microsoft Exchange (MSME)
product: McAfee Drive Encryption (MDE)
cves:
cve-2021-4104:
investigated: false
@ -1265,7 +1267,7 @@ software:
- ''
last_updated: '2021-12-20T00:00:00'
- vendor: McAfee
product: McAfee Security for Microsoft SharePoint (MSMS)
product: McAfee Security for Microsoft Exchange (MSME)
cves:
cve-2021-4104:
investigated: false
@ -1321,7 +1323,7 @@ software:
- ''
last_updated: '2021-12-20T00:00:00'
- vendor: McAfee
product: Enterprise Security Manager (ESM)
product: McAfee Security for Microsoft SharePoint (MSMS)
cves:
cve-2021-4104:
investigated: false
@ -1329,10 +1331,9 @@ software:
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
investigated: false
affected_versions: []
fixed_versions:
- '11.5.3'
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
@ -1344,8 +1345,7 @@ software:
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://kc.mcafee.com/agent/index?page=content&id=SB10377
vendor_links: []
notes: ''
references:
- ''
@ -1549,7 +1549,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: MEINBERG
product: LANTIME and microSync
cves:
@ -1607,7 +1607,7 @@ software:
notes: Project is written in Python
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Memurai
product: ''
cves:
@ -1637,8 +1637,8 @@ software:
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
- vendor: Microsoft
product: Azure Application Gateway
- vendor: Micro Focus
product: Data Protector
cves:
cve-2021-4104:
investigated: false
@ -1646,9 +1646,19 @@ software:
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
investigated: true
affected_versions: []
fixed_versions: []
fixed_versions:
- '10.20'
- '10.30'
- '10.40'
- '10.50'
- '10.60'
- '10.70'
- '10.80'
- '10.90'
- '10.91'
- '11.00'
unaffected_versions: []
cve-2021-45046:
investigated: false
@ -1661,11 +1671,11 @@ software:
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/
- https://portal.microfocus.com/s/article/KM000003052
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
- '[https://portal.microfocus.com/s/article/KM000003050](https://portal.microfocus.com/s/article/KM000003050)'
last_updated: '2021-12-13T00:00:00'
- vendor: Microsoft
product: Azure API Gateway
cves:
@ -1694,9 +1704,9 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Microsoft
product: Azure Data lake store java
product: Azure Application Gateway
cves:
cve-2021-4104:
investigated: false
@ -1704,9 +1714,8 @@ software:
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions:
- '< 2.3.10'
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
@ -1720,11 +1729,11 @@ software:
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://github.com/Azure/azure-data-lake-store-java/blob/ed5d6304783286c3cfff0a1dee457a922e23ad48/CHANGES.md#version-2310
- https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Microsoft
product: Azure Data lake store java
cves:
@ -1736,7 +1745,7 @@ software:
cve-2021-44228:
investigated: true
affected_versions:
- '< 2.3.10'
- < 2.3.10
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
@ -1754,9 +1763,9 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Microsoft
product: Azure DevOps Server
product: Azure Data lake store java
cves:
cve-2021-4104:
investigated: false
@ -1766,7 +1775,7 @@ software:
cve-2021-44228:
investigated: true
affected_versions:
- '2019.0 - 2020.1'
- < 2.3.10
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
@ -1780,11 +1789,11 @@ software:
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://devblogs.microsoft.com/devops/azure-devops-and-azure-devops-server-and-the-log4j-vulnerability/?WT.mc_id=DOP-MVP-5001511
- https://github.com/Azure/azure-data-lake-store-java/blob/ed5d6304783286c3cfff0a1dee457a922e23ad48/CHANGES.md#version-2310
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Microsoft
product: Azure DevOps
cves:
@ -1813,9 +1822,9 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Microsoft
product: Azure Traffic Manager
product: Azure DevOps Server
cves:
cve-2021-4104:
investigated: false
@ -1823,8 +1832,9 @@ software:
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions: []
investigated: true
affected_versions:
- 2019.0 - 2020.1
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
@ -1838,13 +1848,13 @@ software:
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/
- https://devblogs.microsoft.com/devops/azure-devops-and-azure-devops-server-and-the-log4j-vulnerability/?WT.mc_id=DOP-MVP-5001511
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Microsoft
product: Team Foundation Server
product: Azure Traffic Manager
cves:
cve-2021-4104:
investigated: false
@ -1852,9 +1862,8 @@ software:
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions:
- '2018.2+'
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
@ -1868,13 +1877,13 @@ software:
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://devblogs.microsoft.com/devops/azure-devops-and-azure-devops-server-and-the-log4j-vulnerability/?WT.mc_id=DOP-MVP-5001511
- https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
- vendor: Microstrategy
product: ''
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Microsoft
product: Team Foundation Server
cves:
cve-2021-4104:
investigated: false
@ -1882,8 +1891,9 @@ software:
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions: []
investigated: true
affected_versions:
- 2018.2+
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
@ -1897,13 +1907,13 @@ software:
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://community.microstrategy.com/s/article/MicroStrategy-s-response-to-CVE-2021-44228-The-Log4j-0-Day-Vulnerability?language=en_US
- https://devblogs.microsoft.com/devops/azure-devops-and-azure-devops-server-and-the-log4j-vulnerability/?WT.mc_id=DOP-MVP-5001511
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
- vendor: Micro Focus
product: Data Protector
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Microstrategy
product: ''
cves:
cve-2021-4104:
investigated: false
@ -1911,19 +1921,9 @@ software:
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
investigated: false
affected_versions: []
fixed_versions:
- '10.20'
- '10.30'
- '10.40'
- '10.50'
- '10.60'
- '10.70'
- '10.80'
- '10.90'
- '10.91'
- '11.00'
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
@ -1936,11 +1936,11 @@ software:
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://portal.microfocus.com/s/article/KM000003052
- https://community.microstrategy.com/s/article/MicroStrategy-s-response-to-CVE-2021-44228-The-Log4j-0-Day-Vulnerability?language=en_US
notes: ''
references:
- '[https://portal.microfocus.com/s/article/KM000003050](https://portal.microfocus.com/s/article/KM000003050)'
last_updated: '2021-12-13T00:00:00'
- ''
last_updated: '2022-01-12T07:18:54+00:00'
- vendor: Midori Global
product: ''
cves:
@ -1998,7 +1998,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Milestone sys
product: ''
cves:
@ -2027,7 +2027,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Mimecast
product: ''
cves:
@ -2056,7 +2056,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Minecraft
product: ''
cves:
@ -2085,7 +2085,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Mirantis
product: ''
cves:
@ -2114,7 +2114,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Miro
product: ''
cves:
@ -2143,7 +2143,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Mitel
product: ''
cves:
@ -2172,7 +2172,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: MMM Group
product: Control software of all MMM series
cves:
@ -2260,7 +2260,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: MongoDB
product: MongoDB Atlas Search
cves:
@ -2289,7 +2289,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: MongoDB
product: MongoDB Community Edition (including Community Server, Cloud Manager,
Community Kubernetes Operators)
@ -2319,7 +2319,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: MongoDB
product: MongoDB Drivers
cves:
@ -2348,7 +2348,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: MongoDB
product: MongoDB Enterprise Advanced (including Enterprise Server, Ops Manager,
Enterprise Kubernetes Operators)
@ -2378,7 +2378,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: MongoDB
product: MongoDB Realm (including Realm Database, Sync, Functions, APIs)
cves:
@ -2407,7 +2407,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: MongoDB
product: MongoDB Tools (including Compass, Database Shell, VS Code Plugin, Atlas
CLI, Database Connectors)
@ -2437,7 +2437,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Moodle
product: ''
cves:
@ -2466,7 +2466,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: MoogSoft
product: ''
cves:
@ -2495,7 +2495,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Motorola Avigilon
product: ''
cves:
@ -2538,7 +2538,7 @@ software:
affected_versions: []
fixed_versions: []
unaffected_versions:
- 'All'
- All
cve-2021-45046:
investigated: ''
affected_versions: []
@ -2551,7 +2551,9 @@ software:
unaffected_versions: []
vendor_links:
- https://www.moxa.com/en/support/product-support/security-advisory/moxa-s-response-regarding-the-apache-log4j-vulnerability
notes: Moxa is investigating to determine if any of our products are affected by this vulnerability. At the time of publication, none of Moxa's products are affected.
notes: Moxa is investigating to determine if any of our products are affected
by this vulnerability. At the time of publication, none of Moxa's products are
affected.
references:
- ''
last_updated: '2022-01-19T00:00:00'
@ -2584,9 +2586,9 @@ software:
by CISA
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Mulesoft
product: Mule Runtime
product: Anypoint Studio
cves:
cve-2021-4104:
investigated: false
@ -2596,8 +2598,7 @@ software:
cve-2021-44228:
investigated: true
affected_versions:
- '3.x'
- '4.x'
- 7.x
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
@ -2618,7 +2619,7 @@ software:
- ''
last_updated: '2021-12-15T00:00:00'
- vendor: Mulesoft
product: Mule Agent
product: Cloudhub
cves:
cve-2021-4104:
investigated: false
@ -2626,9 +2627,8 @@ software:
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions:
- '6.x'
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
@ -2649,7 +2649,7 @@ software:
- ''
last_updated: '2021-12-15T00:00:00'
- vendor: Mulesoft
product: Cloudhub
product: Mule Agent
cves:
cve-2021-4104:
investigated: false
@ -2657,8 +2657,9 @@ software:
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions: []
investigated: true
affected_versions:
- 6.x
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
@ -2679,7 +2680,7 @@ software:
- ''
last_updated: '2021-12-15T00:00:00'
- vendor: Mulesoft
product: Anypoint Studio
product: Mule Runtime
cves:
cve-2021-4104:
investigated: false
@ -2689,7 +2690,8 @@ software:
cve-2021-44228:
investigated: true
affected_versions:
- '7.x'
- 3.x
- 4.x
fixed_versions: []
unaffected_versions: []
cve-2021-45046:

70
data/cisagov_N.yml
Unescape View File

@ -32,7 +32,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Nagios
product: ''
cves:
@ -61,7 +61,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: NAKIVO
product: ''
cves:
@ -90,7 +90,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: National Instruments
product: OptimalPlus
cves:
@ -102,9 +102,9 @@ software:
cve-2021-44228:
investigated: true
affected_versions:
- 'Vertica'
- 'Cloudera'
- 'Logstash'
- Vertica
- Cloudera
- Logstash
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
@ -136,7 +136,7 @@ software:
investigated: true
affected_versions:
- '>4.2'
- '<4..2.12'
- <4..2.12
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
@ -182,7 +182,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Netcup
product: ''
cves:
@ -211,7 +211,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: NetGate PFSense
product: ''
cves:
@ -240,7 +240,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Netwrix
product: ''
cves:
@ -269,7 +269,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: New Relic
product: Containerized Private Minion (CPM)
cves:
@ -282,7 +282,7 @@ software:
investigated: true
affected_versions: []
fixed_versions:
- '3.0.57'
- 3.0.57
unaffected_versions: []
cve-2021-45046:
investigated: false
@ -312,7 +312,7 @@ software:
cve-2021-44228:
investigated: true
affected_versions:
- '<7.4.3'
- <7.4.3
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
@ -360,7 +360,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Nextflow
product: Nextflow
cves:
@ -374,7 +374,7 @@ software:
affected_versions: []
fixed_versions: []
unaffected_versions:
- '21.04.0.5552'
- 21.04.0.5552
cve-2021-45046:
investigated: false
affected_versions: []
@ -448,7 +448,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: NinjaRMM
product: ''
cves:
@ -478,7 +478,7 @@ software:
by CISA
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Nomachine
product: ''
cves:
@ -507,7 +507,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: NoviFlow
product: ''
cves:
@ -536,7 +536,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Nulab
product: Backlog
cves:
@ -566,7 +566,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Nulab
product: Backlog Enterprise (On-premises)
cves:
@ -596,7 +596,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Nulab
product: Cacoo
cves:
@ -626,7 +626,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Nulab
product: Cacoo Enterprise (On-premises)
cves:
@ -656,7 +656,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Nulab
product: Typetalk
cves:
@ -686,7 +686,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Nutanix
product: AHV
cves:
@ -1343,7 +1343,7 @@ software:
- ''
last_updated: '2021-12-20T00:00:00'
- vendor: Nutanix
product: Leap
product: LCM
cves:
cve-2021-4104:
investigated: false
@ -1351,10 +1351,11 @@ software:
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions: []
unaffected_versions:
- All
cve-2021-45046:
investigated: false
affected_versions: []
@ -1367,12 +1368,12 @@ software:
unaffected_versions: []
vendor_links:
- https://download.nutanix.com/alerts/Security_Advisory_0023.pdf
notes: Saas-Based Procuct. See Advisory.
notes: ''
references:
- ''
last_updated: '2021-12-20T00:00:00'
- vendor: Nutanix
product: LCM
product: Leap
cves:
cve-2021-4104:
investigated: false
@ -1380,11 +1381,10 @@ software:
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions:
- All
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
@ -1397,7 +1397,7 @@ software:
unaffected_versions: []
vendor_links:
- https://download.nutanix.com/alerts/Security_Advisory_0023.pdf
notes: ''
notes: Saas-Based Procuct. See Advisory.
references:
- ''
last_updated: '2021-12-20T00:00:00'
@ -1758,7 +1758,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: NXLog
product: ''
cves:
@ -1787,5 +1787,5 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
...

82
data/cisagov_O.yml
Unescape View File

@ -32,7 +32,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: OCLC
product: ''
cves:
@ -61,7 +61,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Octopus
product: ''
cves:
@ -90,7 +90,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Okta
product: Advanced Server Access
cves:
@ -295,7 +295,7 @@ software:
- ''
last_updated: '2021-12-12T00:00:00'
- vendor: Okta
product: Okta RADIUS Server Agent
product: Okta On-Prem MFA Agent
cves:
cve-2021-4104:
investigated: false
@ -305,7 +305,7 @@ software:
cve-2021-44228:
investigated: true
affected_versions:
- < 2.17.0
- < 1.4.6
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
@ -319,13 +319,13 @@ software:
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://trust.okta.com/security-advisories/okta-radius-server-agent-cve-2021-44228
- https://trust.okta.com/security-advisories/okta-on-prem-mfa-agent-cve-2021-44228
notes: ''
references:
- ''
last_updated: '2021-12-12T00:00:00'
- vendor: Okta
product: Okta Verify
product: Okta RADIUS Server Agent
cves:
cve-2021-4104:
investigated: false
@ -333,8 +333,9 @@ software:
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions: []
investigated: true
affected_versions:
- < 2.17.0
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
@ -348,13 +349,13 @@ software:
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://sec.okta.com/articles/2021/12/log4shell
- https://trust.okta.com/security-advisories/okta-radius-server-agent-cve-2021-44228
notes: ''
references:
- ''
last_updated: '2021-12-12T00:00:00'
- vendor: Okta
product: Okta Workflows
product: Okta Verify
cves:
cve-2021-4104:
investigated: false
@ -383,7 +384,7 @@ software:
- ''
last_updated: '2021-12-12T00:00:00'
- vendor: Okta
product: Okta On-Prem MFA Agent
product: Okta Workflows
cves:
cve-2021-4104:
investigated: false
@ -391,9 +392,8 @@ software:
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions:
- < 1.4.6
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
@ -407,7 +407,7 @@ software:
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://trust.okta.com/security-advisories/okta-on-prem-mfa-agent-cve-2021-44228
- https://sec.okta.com/articles/2021/12/log4shell
notes: ''
references:
- ''
@ -440,7 +440,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Opengear
product: ''
cves:
@ -469,7 +469,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: OpenMRS TALK
product: ''
cves:
@ -498,7 +498,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: OpenNMS
product: ''
cves:
@ -527,7 +527,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: OpenSearch
product: ''
cves:
@ -556,7 +556,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: OpenText
product: ''
cves:
@ -587,7 +587,7 @@ software:
- ''
last_updated: '2021-12-23T00:00:00'
- vendor: Opto 22
product: GRV-EPIC-PR1, GRV-EPIC-PR2
product: GROOV-AR1, GROOV-AR1-BASE, GROOV-AR1-SNAP
cves:
cve-2021-4104:
investigated: false
@ -597,9 +597,9 @@ software:
cve-2021-44228:
investigated: true
affected_versions:
- < 3.3.2
- < 4.3g
fixed_versions:
- 3.3.2
- 4.3g
unaffected_versions: []
cve-2021-45046:
investigated: false
@ -618,7 +618,7 @@ software:
- ''
last_updated: '2022-01-13T00:00:00'
- vendor: Opto 22
product: GROOV-AR1, GROOV-AR1-BASE, GROOV-AR1-SNAP
product: GROOV-AT1, GROOV-AT1-SNAP
cves:
cve-2021-4104:
investigated: false
@ -649,7 +649,7 @@ software:
- ''
last_updated: '2022-01-13T00:00:00'
- vendor: Opto 22
product: GROOV-AT1, GROOV-AT1-SNAP
product: GROOV-SVR-WIN, GROOV-SVR-WIN-BASE, GROOV-SVR-WIN-SNAP
cves:
cve-2021-4104:
investigated: false
@ -680,7 +680,7 @@ software:
- ''
last_updated: '2022-01-13T00:00:00'
- vendor: Opto 22
product: GROOV-SVR-WIN, GROOV-SVR-WIN-BASE, GROOV-SVR-WIN-SNAP
product: GRV-EPIC-PR1, GRV-EPIC-PR2
cves:
cve-2021-4104:
investigated: false
@ -690,9 +690,9 @@ software:
cve-2021-44228:
investigated: true
affected_versions:
- < 4.3g
- < 3.3.2
fixed_versions:
- 4.3g
- 3.3.2
unaffected_versions: []
cve-2021-45046:
investigated: false
@ -741,7 +741,7 @@ software:
- ''
last_updated: '2021-12-17T00:00:00'
- vendor: Oracle
product: Exadata
product: Enterprise Manager
cves:
cve-2021-4104:
investigated: false
@ -751,7 +751,8 @@ software:
cve-2021-44228:
investigated: true
affected_versions:
- <21.3.4
- '13.5'
- 13.4 & 13.3.2
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
@ -773,7 +774,7 @@ software:
- ''
last_updated: '2021-12-17T00:00:00'
- vendor: Oracle
product: Enterprise Manager
product: Exadata
cves:
cve-2021-4104:
investigated: false
@ -783,8 +784,7 @@ software:
cve-2021-44228:
investigated: true
affected_versions:
- '13.5'
- 13.4 & 13.3.2
- <21.3.4
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
@ -833,7 +833,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Osirium
product: PAM
cves:
@ -862,7 +862,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Osirium
product: PEM
cves:
@ -891,7 +891,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Osirium
product: PPA
cves:
@ -920,7 +920,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: OTRS
product: ''
cves:
@ -949,7 +949,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: OVHCloud
product: ''
cves:
@ -978,7 +978,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: OwnCloud
product: ''
cves:
@ -1007,7 +1007,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: OxygenXML
product: Author
cves:

2748
data/cisagov_P.yml
View File

File diff suppressed because it is too large Load Diff

38
data/cisagov_Q.yml
Unescape View File

@ -32,7 +32,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:55+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Qlik
product: ''
cves:
@ -61,9 +61,9 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:55+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: QMATIC
product: Orchestra Central
product: Appointment Booking
cves:
cve-2021-4104:
investigated: false
@ -72,10 +72,10 @@ software:
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
affected_versions:
- 2.4+
fixed_versions: []
unaffected_versions:
- 6.0+
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
@ -88,7 +88,7 @@ software:
unaffected_versions: []
vendor_links:
- https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability
notes: ''
notes: Update to v. 2.8.2 which contains log4j 2.16
references:
- ''
last_updated: '2021-12-21T00:00:00'
@ -103,7 +103,7 @@ software:
cve-2021-44228:
investigated: true
affected_versions:
- 2.4+
- Cloud/Managed Service
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
@ -118,7 +118,7 @@ software:
unaffected_versions: []
vendor_links:
- https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability
notes: Update to v. 2.8.2 which contains log4j 2.16
notes: log4j 2.16 applied 2021-12-15
references:
- ''
last_updated: '2021-12-21T00:00:00'
@ -153,7 +153,7 @@ software:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: QMATIC
product: Appointment Booking
product: Orchestra Central
cves:
cve-2021-4104:
investigated: false
@ -162,10 +162,10 @@ software:
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions:
- Cloud/Managed Service
affected_versions: []
fixed_versions: []
unaffected_versions: []
unaffected_versions:
- 6.0+
cve-2021-45046:
investigated: false
affected_versions: []
@ -178,7 +178,7 @@ software:
unaffected_versions: []
vendor_links:
- https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability
notes: log4j 2.16 applied 2021-12-15
notes: ''
references:
- ''
last_updated: '2021-12-21T00:00:00'
@ -210,7 +210,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:55+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: QOPPA
product: ''
cves:
@ -239,7 +239,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:55+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: QSC Q-SYS
product: ''
cves:
@ -268,7 +268,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:55+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: QT
product: ''
cves:
@ -297,7 +297,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:55+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Quest Global
product: ''
cves:
@ -326,5 +326,5 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:55+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
...

2857
data/cisagov_R.yml
View File

File diff suppressed because it is too large Load Diff

764
data/cisagov_S.yml
View File

File diff suppressed because it is too large Load Diff

339
data/cisagov_T.yml
View File

File diff suppressed because it is too large Load Diff

50
data/cisagov_U.yml
Unescape View File

@ -33,7 +33,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:56+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Ubiquiti
product: UniFi Network Controller
cves:
@ -93,9 +93,9 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:56+00:00'
- vendor: Umbraco
product: ''
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: UiPath
product: InSights
cves:
cve-2021-4104:
investigated: false
@ -103,8 +103,9 @@ software:
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions: []
investigated: true
affected_versions:
- '20.10'
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
@ -118,12 +119,12 @@ software:
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://umbraco.com/blog/security-advisory-december-15-2021-umbraco-cms-and-cloud-not-affected-by-cve-2021-44228-log4j-rce-0-day-mitigation/
- https://www.uipath.com/legal/trust-and-security/cve-2021-44228
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:56+00:00'
- vendor: UniFlow
last_updated: '2021-12-15T00:00:00'
- vendor: Umbraco
product: ''
cves:
cve-2021-4104:
@ -147,12 +148,12 @@ software:
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.uniflow.global/en/security/security-and-maintenance/
- https://umbraco.com/blog/security-advisory-december-15-2021-umbraco-cms-and-cloud-not-affected-by-cve-2021-44228-log4j-rce-0-day-mitigation/
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:56+00:00'
- vendor: Unify ATOS
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: UniFlow
product: ''
cves:
cve-2021-4104:
@ -176,12 +177,12 @@ software:
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://networks.unify.com/security/advisories/OBSO-2112-01.pdf
- https://www.uniflow.global/en/security/security-and-maintenance/
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:56+00:00'
- vendor: Unimus
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Unify ATOS
product: ''
cves:
cve-2021-4104:
@ -205,13 +206,13 @@ software:
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://forum.unimus.net/viewtopic.php?f=7&t=1390#top
- https://networks.unify.com/security/advisories/OBSO-2112-01.pdf
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:56+00:00'
- vendor: UiPath
product: InSights
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Unimus
product: ''
cves:
cve-2021-4104:
investigated: false
@ -219,9 +220,8 @@ software:
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions:
- '20.10'
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
@ -235,11 +235,11 @@ software:
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.uipath.com/legal/trust-and-security/cve-2021-44228
- https://forum.unimus.net/viewtopic.php?f=7&t=1390#top
notes: ''
references:
- ''
last_updated: '2021-12-15T00:00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: USSIGNAL MSP
product: ''
cves:
@ -268,5 +268,5 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:56+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
...

396
data/cisagov_V.yml
Unescape View File

@ -4,35 +4,6 @@ owners:
- name: cisagov
url: https://github.com/cisagov/log4j-affected-db
software:
- vendor: VArmour
product: ''
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://support.varmour.com/hc/en-us/articles/4416396248717-Log4j2-Emergency-Configuration-Change-for-Critical-Auth-Free-Code-Execution-in-Logging-Utility
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:56+00:00'
- vendor: Varian
product: Acuity
cves:
@ -64,7 +35,7 @@ software:
- ''
last_updated: '2021-12-22T00:00:00'
- vendor: Varian
product: DITC
product: ARIA Connect (Cloverleaf)
cves:
cve-2021-4104:
investigated: false
@ -72,11 +43,11 @@ software:
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions:
- All
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions: []
unaffected_versions:
- All
cve-2021-45046:
investigated: false
affected_versions: []
@ -94,7 +65,7 @@ software:
- ''
last_updated: '2021-12-22T00:00:00'
- vendor: Varian
product: ARIA Connect (Cloverleaf)
product: ARIA eDOC
cves:
cve-2021-4104:
investigated: false
@ -154,7 +125,7 @@ software:
- ''
last_updated: '2021-12-22T00:00:00'
- vendor: Varian
product: XMediusFax for ARIA oncology information system for Medical Oncology
product: ARIA oncology information system for Radiation Oncology
cves:
cve-2021-4104:
investigated: false
@ -162,11 +133,11 @@ software:
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions:
- All
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions: []
unaffected_versions:
- All
cve-2021-45046:
investigated: false
affected_versions: []
@ -184,7 +155,7 @@ software:
- ''
last_updated: '2021-12-22T00:00:00'
- vendor: Varian
product: ARIA oncology information system for Radiation Oncology
product: ARIA Radiation Therapy Management System (RTM)
cves:
cve-2021-4104:
investigated: false
@ -214,7 +185,7 @@ software:
- ''
last_updated: '2021-12-22T00:00:00'
- vendor: Varian
product: ARIA eDOC
product: Bravos Console
cves:
cve-2021-4104:
investigated: false
@ -244,7 +215,7 @@ software:
- ''
last_updated: '2021-12-22T00:00:00'
- vendor: Varian
product: XMediusFax for ARIA oncology information system for Radiation Oncology
product: Clinac
cves:
cve-2021-4104:
investigated: false
@ -274,37 +245,7 @@ software:
- ''
last_updated: '2021-12-22T00:00:00'
- vendor: Varian
product: ARIA Radiation Therapy Management System (RTM)
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- All
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities
notes: ''
references:
- ''
last_updated: '2021-12-22T00:00:00'
- vendor: Varian
product: Bravos Console
product: Cloud Planner
cves:
cve-2021-4104:
investigated: false
@ -334,7 +275,7 @@ software:
- ''
last_updated: '2021-12-22T00:00:00'
- vendor: Varian
product: Clinac
product: DITC
cves:
cve-2021-4104:
investigated: false
@ -364,7 +305,7 @@ software:
- ''
last_updated: '2021-12-22T00:00:00'
- vendor: Varian
product: Cloud Planner
product: DoseLab
cves:
cve-2021-4104:
investigated: false
@ -394,7 +335,7 @@ software:
- ''
last_updated: '2021-12-22T00:00:00'
- vendor: Varian
product: DoseLab
product: Eclipse treatment planning software
cves:
cve-2021-4104:
investigated: false
@ -424,7 +365,7 @@ software:
- ''
last_updated: '2021-12-22T00:00:00'
- vendor: Varian
product: Eclipse treatment planning software
product: ePeerReview
cves:
cve-2021-4104:
investigated: false
@ -432,11 +373,11 @@ software:
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
investigated: false
affected_versions:
- All
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
@ -454,7 +395,7 @@ software:
- ''
last_updated: '2021-12-22T00:00:00'
- vendor: Varian
product: ePeerReview
product: Ethos
cves:
cve-2021-4104:
investigated: false
@ -462,11 +403,11 @@ software:
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions:
- All
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions: []
unaffected_versions:
- All
cve-2021-45046:
investigated: false
affected_versions: []
@ -484,7 +425,7 @@ software:
- ''
last_updated: '2021-12-22T00:00:00'
- vendor: Varian
product: Ethos
product: FullScale oncology IT solutions
cves:
cve-2021-4104:
investigated: false
@ -492,11 +433,11 @@ software:
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
investigated: false
affected_versions:
- All
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
@ -514,7 +455,7 @@ software:
- ''
last_updated: '2021-12-22T00:00:00'
- vendor: Varian
product: FullScale oncology IT solutions
product: Halcyon system
cves:
cve-2021-4104:
investigated: false
@ -544,7 +485,7 @@ software:
- ''
last_updated: '2021-12-22T00:00:00'
- vendor: Varian
product: Halcyon system
product: ICAP
cves:
cve-2021-4104:
investigated: false
@ -552,11 +493,11 @@ software:
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions:
- All
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions: []
unaffected_versions:
- All
cve-2021-45046:
investigated: false
affected_versions: []
@ -694,7 +635,7 @@ software:
- ''
last_updated: '2021-12-22T00:00:00'
- vendor: Varian
product: ICAP
product: Mobius3D platform
cves:
cve-2021-4104:
investigated: false
@ -724,7 +665,7 @@ software:
- ''
last_updated: '2021-12-22T00:00:00'
- vendor: Varian
product: Mobius3D platform
product: PaaS
cves:
cve-2021-4104:
investigated: false
@ -934,7 +875,7 @@ software:
- ''
last_updated: '2021-12-22T00:00:00'
- vendor: Varian
product: PaaS
product: TrueBeam radiotherapy system
cves:
cve-2021-4104:
investigated: false
@ -964,7 +905,37 @@ software:
- ''
last_updated: '2021-12-22T00:00:00'
- vendor: Varian
product: TrueBeam radiotherapy system
product: UNIQUE system
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions:
- All
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities
notes: ''
references:
- ''
last_updated: '2021-12-22T00:00:00'
- vendor: Varian
product: Varian Authentication and Identity Server (VAIS)
cves:
cve-2021-4104:
investigated: false
@ -994,7 +965,7 @@ software:
- ''
last_updated: '2021-12-22T00:00:00'
- vendor: Varian
product: UNIQUE system
product: Varian Managed Services Cloud
cves:
cve-2021-4104:
investigated: false
@ -1024,7 +995,7 @@ software:
- ''
last_updated: '2021-12-22T00:00:00'
- vendor: Varian
product: Varian Authentication and Identity Server (VAIS)
product: Varian Mobile App
cves:
cve-2021-4104:
investigated: false
@ -1036,7 +1007,8 @@ software:
affected_versions: []
fixed_versions: []
unaffected_versions:
- All
- '2.0'
- '2.5'
cve-2021-45046:
investigated: false
affected_versions: []
@ -1054,7 +1026,7 @@ software:
- ''
last_updated: '2021-12-22T00:00:00'
- vendor: Varian
product: Varian Managed Services Cloud
product: VariSeed
cves:
cve-2021-4104:
investigated: false
@ -1062,11 +1034,11 @@ software:
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions:
- All
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions: []
unaffected_versions:
- All
cve-2021-45046:
investigated: false
affected_versions: []
@ -1084,7 +1056,7 @@ software:
- ''
last_updated: '2021-12-22T00:00:00'
- vendor: Varian
product: Varian Mobile App
product: Velocity
cves:
cve-2021-4104:
investigated: false
@ -1096,8 +1068,7 @@ software:
affected_versions: []
fixed_versions: []
unaffected_versions:
- '2.0'
- '2.5'
- All
cve-2021-45046:
investigated: false
affected_versions: []
@ -1115,7 +1086,7 @@ software:
- ''
last_updated: '2021-12-22T00:00:00'
- vendor: Varian
product: VariSeed
product: VitalBeam radiotherapy system
cves:
cve-2021-4104:
investigated: false
@ -1145,7 +1116,7 @@ software:
- ''
last_updated: '2021-12-22T00:00:00'
- vendor: Varian
product: Velocity
product: Vitesse
cves:
cve-2021-4104:
investigated: false
@ -1175,7 +1146,7 @@ software:
- ''
last_updated: '2021-12-22T00:00:00'
- vendor: Varian
product: VitalBeam radiotherapy system
product: XMediusFax for ARIA oncology information system for Medical Oncology
cves:
cve-2021-4104:
investigated: false
@ -1183,11 +1154,11 @@ software:
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
investigated: false
affected_versions:
- All
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
@ -1205,7 +1176,7 @@ software:
- ''
last_updated: '2021-12-22T00:00:00'
- vendor: Varian
product: Vitesse
product: XMediusFax for ARIA oncology information system for Radiation Oncology
cves:
cve-2021-4104:
investigated: false
@ -1213,11 +1184,11 @@ software:
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
investigated: false
affected_versions:
- All
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
@ -1234,6 +1205,35 @@ software:
references:
- ''
last_updated: '2021-12-22T00:00:00'
- vendor: VArmour
product: ''
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://support.varmour.com/hc/en-us/articles/4416396248717-Log4j2-Emergency-Configuration-Change-for-Critical-Auth-Free-Code-Execution-in-Logging-Utility
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Varnish Software
product: ''
cves:
@ -1262,7 +1262,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:56+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Varonis
product: ''
cves:
@ -1291,7 +1291,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:56+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Veeam
product: ''
cves:
@ -1320,7 +1320,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:56+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Venafi
product: ''
cves:
@ -1349,7 +1349,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:56+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Veritas NetBackup
product: ''
cves:
@ -1378,7 +1378,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:56+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Vertica
product: ''
cves:
@ -1421,7 +1421,7 @@ software:
affected_versions: []
fixed_versions: []
unaffected_versions:
- 'All'
- All
cve-2021-45046:
investigated: ''
affected_versions: []
@ -1466,7 +1466,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:56+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: VMware
product: API Portal for VMware Tanzu
cves:
@ -1678,6 +1678,71 @@ software:
references:
- ''
last_updated: '2021-12-12T00:00:00'
- vendor: VMware
product: vCenter Server - OVA
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions:
- 7.x
- 6.7.x
- 6.5.x
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.vmware.com/security/advisories/VMSA-2021-0028.html
notes: '[Workaround @ KB87081 (vmware.com)](https://kb.vmware.com/s/article/87081
)'
references:
- ''
last_updated: '2021-12-17T00:00:00'
- vendor: VMware
product: vCenter Server - Windows
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions:
- 6.7.x
- 6.5.x
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.vmware.com/security/advisories/VMSA-2021-0028.html
notes: '[Workaround @ KB87096 (vmware.com)](https://kb.vmware.com/s/article/87096
)'
references:
- ''
last_updated: '2021-12-17T00:00:00'
- vendor: VMware
product: VMware Carbon Black Cloud Workload Appliance
cves:
@ -2291,71 +2356,6 @@ software:
references:
- ''
last_updated: '2021-12-12T00:00:00'
- vendor: VMware
product: vCenter Server - OVA
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions:
- 7.x
- 6.7.x
- 6.5.x
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.vmware.com/security/advisories/VMSA-2021-0028.html
notes: '[Workaround @ KB87081 (vmware.com)](https://kb.vmware.com/s/article/87081
)'
references:
- ''
last_updated: '2021-12-17T00:00:00'
- vendor: VMware
product: vCenter Server - Windows
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions:
- 6.7.x
- 6.5.x
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.vmware.com/security/advisories/VMSA-2021-0028.html
notes: '[Workaround @ KB87096 (vmware.com)](https://kb.vmware.com/s/article/87096
)'
references:
- ''
last_updated: '2021-12-17T00:00:00'
- vendor: VMware
product: VMware vRealize Automation
cves:
@ -2614,7 +2614,7 @@ software:
affected_versions: []
fixed_versions: []
unaffected_versions:
- 'All'
- All
cve-2021-45046:
investigated: ''
affected_versions: []

300
data/cisagov_W.yml
Unescape View File

@ -62,7 +62,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:56+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Wasp Barcode technologies
product: ''
cves:
@ -91,7 +91,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:56+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: WatchGuard
product: Secplicity
cves:
@ -120,7 +120,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:56+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Western Digital
product: ''
cves:
@ -149,9 +149,9 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:56+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: WIBU Systems
product: CodeMeter Keyring for TIA Portal
product: CodeMeter Cloud Lite
cves:
cve-2021-4104:
investigated: false
@ -161,7 +161,7 @@ software:
cve-2021-44228:
investigated: true
affected_versions:
- 1.30 and prior
- 2.2 and prior
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
@ -176,12 +176,12 @@ software:
unaffected_versions: []
vendor_links:
- https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-211213-01.pdf
notes: Only the Password Manager is affected
notes: ''
references:
- ''
last_updated: '2021-12-22T00:00:00'
- vendor: WIBU Systems
product: CodeMeter Cloud Lite
product: CodeMeter Keyring for TIA Portal
cves:
cve-2021-4104:
investigated: false
@ -191,7 +191,7 @@ software:
cve-2021-44228:
investigated: true
affected_versions:
- 2.2 and prior
- 1.30 and prior
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
@ -206,39 +206,283 @@ software:
unaffected_versions: []
vendor_links:
- https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-211213-01.pdf
notes: ''
notes: Only the Password Manager is affected
references:
- ''
last_updated: '2021-12-22T00:00:00'
- vendor: WindRiver
product: ''
- vendor: Wind River
product: LTS17
cves:
cve-2021-4104:
investigated: false
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions: []
unaffected_versions:
- All
cve-2021-44228:
investigated: false
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions: []
unaffected_versions:
- All
cve-2021-45046:
investigated: false
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions: []
unaffected_versions:
- All
cve-2021-45105:
investigated: false
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions: []
unaffected_versions:
- All
vendor_links:
- https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191
notes: ''
references:
- ''
last_updated: '2022-01-21T00:00:00'
- vendor: Wind River
product: LTS18
cves:
cve-2021-4104:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- All
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- All
cve-2021-45046:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- All
cve-2021-45105:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- All
vendor_links:
- https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191
notes: ''
references:
- ''
last_updated: '2022-01-21T00:00:00'
- vendor: Wind River
product: LTS19
cves:
cve-2021-4104:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- All
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- All
cve-2021-45046:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- All
cve-2021-45105:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- All
vendor_links:
- https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191
notes: ''
references:
- ''
last_updated: '2022-01-21T00:00:00'
- vendor: Wind River
product: LTS21
cves:
cve-2021-4104:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- All
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- All
cve-2021-45046:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- All
cve-2021-45105:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- All
vendor_links:
- https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Wind River
product: WRL-6
cves:
cve-2021-4104:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- All
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- All
cve-2021-45046:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- All
cve-2021-45105:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- All
vendor_links:
- https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191
notes: The Wind River Linux Product Versions 8.0 and prior contains the log4j1.2
and JMSAppender components, however, JMSAppender is deactivated in the release
package and not affected by CVE-2021-4104 customers are advised to NOT manually
activate the JMSAppender component.
references:
- ''
last_updated: '2022-01-21T00:00:00'
- vendor: Wind River
product: WRL-7
cves:
cve-2021-4104:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- All
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- All
cve-2021-45046:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- All
cve-2021-45105:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- All
vendor_links:
- https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191
notes: The Wind River Linux Product Versions 8.0 and prior contains the log4j1.2
and JMSAppender components, however, JMSAppender is deactivated in the release
package and not affected by CVE-2021-4104 customers are advised to NOT manually
activate the JMSAppender component.
references:
- ''
last_updated: '2022-01-21T00:00:00'
- vendor: Wind River
product: WRL-8
cves:
cve-2021-4104:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- All
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- All
cve-2021-45046:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- All
cve-2021-45105:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- All
vendor_links:
- https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191
notes: The Wind River Linux Product Versions 8.0 and prior contains the log4j1.2
and JMSAppender components, however, JMSAppender is deactivated in the release
package and not affected by CVE-2021-4104 customers are advised to NOT manually
activate the JMSAppender component.
references:
- ''
last_updated: '2022-01-21T00:00:00'
- vendor: Wind River
product: WRL-9
cves:
cve-2021-4104:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- All
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- All
cve-2021-45046:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- All
cve-2021-45105:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- All
vendor_links:
- https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:56+00:00'
last_updated: '2022-01-21T00:00:00'
- vendor: WireShark
product: ''
cves:
@ -267,7 +511,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:56+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Wistia
product: ''
cves:
@ -296,7 +540,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:56+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: WitFoo
product: ''
cves:
@ -325,7 +569,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:56+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: WordPress
product: ''
cves:
@ -354,7 +598,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:56+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Worksphere
product: ''
cves:
@ -383,7 +627,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:56+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Wowza
product: ''
cves:
@ -412,7 +656,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:56+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: WSO2
product: WSO2 Enterprise Integrator
cves:
@ -442,5 +686,5 @@ software:
notes: A temporary mitigation is available while vendor works on update
references:
- ''
last_updated: '2022-01-12T07:18:56+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
...

48
data/cisagov_X.yml
Unescape View File

@ -32,7 +32,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:56+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: XenForo
product: ''
cves:
@ -61,7 +61,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:56+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Xerox
product: ''
cves:
@ -90,7 +90,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:56+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: XPertDoc
product: ''
cves:
@ -119,7 +119,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:56+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: XPLG
product: ''
cves:
@ -148,7 +148,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:56+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: XWIKI
product: ''
cves:
@ -177,7 +177,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:56+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Xylem
product: Aquatalk
cves:
@ -237,7 +237,7 @@ software:
- ''
last_updated: '2021-12-22T00:00:00'
- vendor: Xylem
product: Sensus Analytics
product: Configuration change complete
cves:
cve-2021-4104:
investigated: false
@ -266,7 +266,7 @@ software:
- ''
last_updated: '2021-12-22T00:00:00'
- vendor: Xylem
product: Sensus Automation Control Configuration change complete
product: Sensus Analytics
cves:
cve-2021-4104:
investigated: false
@ -295,7 +295,7 @@ software:
- ''
last_updated: '2021-12-22T00:00:00'
- vendor: Xylem
product: Sensus Cathodic Protection Mitigation in process Mitigation in process
product: Sensus Automation Control Configuration change complete
cves:
cve-2021-4104:
investigated: false
@ -324,7 +324,7 @@ software:
- ''
last_updated: '2021-12-22T00:00:00'
- vendor: Xylem
product: Sensus FieldLogic LogServer
product: Sensus Cathodic Protection Mitigation in process Mitigation in process
cves:
cve-2021-4104:
investigated: false
@ -353,7 +353,7 @@ software:
- ''
last_updated: '2021-12-22T00:00:00'
- vendor: Xylem
product: Sensus Lighting Control
product: Sensus FieldLogic LogServer
cves:
cve-2021-4104:
investigated: false
@ -382,7 +382,7 @@ software:
- ''
last_updated: '2021-12-22T00:00:00'
- vendor: Xylem
product: Sensus NetMetrics Configuration change complete
product: Sensus Lighting Control
cves:
cve-2021-4104:
investigated: false
@ -411,7 +411,7 @@ software:
- ''
last_updated: '2021-12-22T00:00:00'
- vendor: Xylem
product: Sensus RNI Saas
product: Sensus NetMetrics Configuration change complete
cves:
cve-2021-4104:
investigated: false
@ -419,11 +419,8 @@ software:
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions:
- 4.7 through 4.10
- 4.4 through 4.6
- '4.2'
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
@ -475,7 +472,7 @@ software:
- ''
last_updated: '2021-12-22T00:00:00'
- vendor: Xylem
product: Sensus SCS
product: Sensus RNI Saas
cves:
cve-2021-4104:
investigated: false
@ -483,8 +480,11 @@ software:
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions: []
investigated: true
affected_versions:
- 4.7 through 4.10
- 4.4 through 4.6
- '4.2'
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
@ -504,7 +504,7 @@ software:
- ''
last_updated: '2021-12-22T00:00:00'
- vendor: Xylem
product: Smart Irrigation
product: Sensus SCS
cves:
cve-2021-4104:
investigated: false
@ -533,7 +533,7 @@ software:
- ''
last_updated: '2021-12-22T00:00:00'
- vendor: Xylem
product: Water Loss Management (Visenti)
product: Smart Irrigation
cves:
cve-2021-4104:
investigated: false
@ -562,7 +562,7 @@ software:
- ''
last_updated: '2021-12-22T00:00:00'
- vendor: Xylem
product: Configuration change complete
product: Water Loss Management (Visenti)
cves:
cve-2021-4104:
investigated: false

6
data/cisagov_Y.yml
Unescape View File

@ -32,7 +32,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:56+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: YellowFin
product: ''
cves:
@ -61,7 +61,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:56+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: YOKOGAWA
product: ''
cves:
@ -119,5 +119,5 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:56+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
...

22
data/cisagov_Z.yml
Unescape View File

@ -32,7 +32,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:56+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: ZAMMAD
product: ''
cves:
@ -61,7 +61,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:56+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Zaproxy
product: ''
cves:
@ -90,7 +90,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:56+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Zebra
product: ''
cves:
@ -119,7 +119,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:56+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Zendesk
product: All Products
cves:
@ -180,7 +180,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:56+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Zentera Systems, Inc.
product: CoIP Access Platform
cves:
@ -239,7 +239,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:56+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Zesty
product: ''
cves:
@ -268,7 +268,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:56+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Zimbra
product: ''
cves:
@ -297,7 +297,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:56+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Zix
product: ''
cves:
@ -355,7 +355,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:56+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: ZPE systems Inc
product: ''
cves:
@ -384,7 +384,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:56+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Zscaler
product: See Link (Multiple Products)
cves:
@ -442,7 +442,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:56+00:00'
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Zyxel
product: Security Firewall/Gateways
cves:

Write Preview
Loading…
Cancel
Save