diff --git a/.github/workflows/update_software_list.yml b/.github/workflows/update_software_list.yml index 6350ccc..77b125e 100644 --- a/.github/workflows/update_software_list.yml +++ b/.github/workflows/update_software_list.yml @@ -68,6 +68,12 @@ jobs: run: pip install --upgrade --requirement config/requirements.txt - name: Create the branch for test validation run: git switch --create ${{ needs.setup.outputs.testing_branch }} + - name: Normalize individual cisagov_*.yml files + run: | + for file in data/cisagov_*yml; do \ + normalize-yml --cisagov-format "$file" > "$file".tmp; \ + mv --force "$file".tmp "$file"; \ + done - name: Update the comprehensive cisagov YAML file run: normalize-yml --cisagov-format data/cisagov_*.yml > data/cisagov.yml - name: Generate a normalized YAML file from all source YAML files @@ -84,7 +90,7 @@ jobs: commit_user_name: ${{ needs.setup.outputs.git_user }} commit_user_email: ${{ needs.setup.outputs.git_email }} commit_author: ${{ needs.setup.outputs.git_author }} - file_pattern: SOFTWARE-LIST.md data/cisagov.yml + file_pattern: SOFTWARE-LIST.md data/cisagov*.yml merge_list_update: runs-on: ubuntu-latest needs: diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md index 0c198bc..231f55a 100644 --- a/SOFTWARE-LIST.md +++ b/SOFTWARE-LIST.md @@ -231,10 +231,10 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Beijer Electronics | WARP Engineering Studio | | | Unknown | [link](https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | | Bender | | | | Unknown | [link](https://www.bender.de/en/cert) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Best Practical Request Tracker (RT) and Request Tracker for Incident Response (RTIR) | | | | Unknown | [link](https://bestpractical.com/blog/2021/12/request-tracker-rt-and-request-tracker-for-incident-response-rtir-do-not-use-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BeyondTrust Bomgar | | | | Unknown | [link](https://beyondtrustcorp.service-now.com/kb_view.do?sysparm_article=KB0016542) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | BeyondTrust | Privilege Management Cloud | | Unknown | Fixed | [link](https://www.beyondtrust.com/blog/entry/security-advisory-apache-log4j2-cve-2021-44228-log4shell) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | | BeyondTrust | Privilege Management Reporting in BeyondInsight | | 21.2 | Fixed | [link](https://www.beyondtrust.com/blog/entry/security-advisory-apache-log4j2-cve-2021-44228-log4shell) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | | BeyondTrust | Secure Remote Access appliances | | | Not Affected | [link](https://www.beyondtrust.com/blog/entry/security-advisory-apache-log4j2-cve-2021-44228-log4shell) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| BeyondTrust Bomgar | | | | Unknown | [link](https://beyondtrustcorp.service-now.com/kb_view.do?sysparm_article=KB0016542) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | BioMerieux | | | | Unknown | [link](https://www.biomerieux.com/en/cybersecurity-data-privacy) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | | BisectHosting | | | | Unknown | [link](https://www.bisecthosting.com/clients/index.php?rp=/knowledgebase/205/Java-Log4j-Vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | BitDefender | | | | Unknown | [link](https://businessinsights.bitdefender.com/security-advisory-bitdefender-response-to-critical-0-day-apache-log4j2-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | @@ -949,8 +949,8 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Elastic | Kibana | | | Unknown | [link](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Elastic | Logstash | <6.8.21, <7.16.1 | | Affected | [link](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Elastic | Machine Learning | | | Unknown | [link](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| ElasticSearch | all products | | | Unknown | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Elastic | Swiftype | | | Unknown | [link](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| ElasticSearch | all products | | | Unknown | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Ellucian | Admin | | | Unknown | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | | Ellucian | Banner Analytics | | | Unknown | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | | Ellucian | Banner Document Management (includes Banner Document Retention) | | | Unknown | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | @@ -1180,6 +1180,7 @@ NOTE: This file is automatically generated. To submit updates, please refer to | GoAnywhere | MFT | < 6.8.6 | | Affected | [link](https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-18 | | GoAnywhere | MFT Agents | < 1.6.5 | | Affected | [link](https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-18 | | GoCD | | | | Unknown | [link](https://www.gocd.org/2021/12/14/log4j-vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Google | Chrome | | | Not Affected | [link](https://security.googleblog.com/2021/12/apache-log4j-vulnerability.html) | Chrome Browser releases, infrastructure and admin console are not using versions of Log4j affected by the vulnerability. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-14 | | Google Cloud | Access Transparency | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | Google Cloud | Actifio | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Actifio has identified limited exposure to the Log4j 2 vulnerability and has released a hotfix to address this vulnerability. Visit [https://now.actifio.com](https://now.actifio.com) for the full statement and to obtain the hotfix (available to Actifio customers only). | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | Google Cloud | AI Platform Data Labeling | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | @@ -1309,14 +1310,12 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Google Cloud | Virtual Private Cloud | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | | Google Cloud | Web Security Scanner | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | Google Cloud | Workflows | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google | Chrome | | | Not Affected | [link](https://security.googleblog.com/2021/12/apache-log4j-vulnerability.html) | Chrome Browser releases, infrastructure and admin console are not using versions of Log4j affected by the vulnerability. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-14 | | Gradle | Gradle | | | Unknown | [link](https://blog.gradle.org/log4j-vulnerability) | Gradle Scala Compiler Plugin depends upon log4j-core but it is not used. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Gradle | Gradle Enterprise | < 2021.3.6 | | Affected | [link](https://security.gradle.com/advisory/2021-11) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Gradle | Gradle Enterprise Build Cache Node | < 10.1 | | Affected | [link](https://security.gradle.com/advisory/2021-11) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Gradle | Gradle Enterprise Test Distribution Agent | < 1.6.2 | | Affected | [link](https://security.gradle.com/advisory/2021-11) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Grafana | | | | Unknown | [link](https://grafana.com/blog/2021/12/14/grafana-labs-core-products-not-impacted-by-log4j-cve-2021-44228-and-related-vulnerabilities/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Grandstream | | | | Unknown | [link](https://blog.grandstream.com/press-releases/grandstream-products-unaffected-by-log4j-vulnerability?hsLang=en) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Gravitee.io | | | | Unknown | [link](https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Gravitee | Access Management | | | Not Affected | [link](https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Gravitee | Access Management | | | Not Affected | [link](https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Gravitee | Alert Engine | | | Not Affected | [link](https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | @@ -1324,6 +1323,7 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Gravitee | API Management | | | Not Affected | [link](https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Gravitee | API Management | | | Not Affected | [link](https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Gravitee | Cockpit | | | Not Affected | [link](https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Gravitee.io | | | | Unknown | [link](https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Gravwell | | | | Unknown | [link](https://www.gravwell.io/blog/cve-2021-44228-log4j-does-not-impact-gravwell-products) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Graylog | Graylog Server | All versions >= 1.2.0 and <= 4.2.2 | | Affected | [link](https://www.graylog.org/post/graylog-update-for-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | GreenShot | | | | Unknown | [link](https://greenshot.atlassian.net/browse/BUG-2871) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | @@ -1396,7 +1396,11 @@ NOTE: This file is automatically generated. To submit updates, please refer to | HOLOGIC | Unifi Workspace | | | Unknown | [link](https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity) | While the Hologic software itself does not utilize Java/Log4J, the installed APC PowerChute UPS with Business Edition v9.5 software installed may. APC is still assessing its PowerChute software to determine if it is vulnerable. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | | HOLOGIC | Windows Selenia Mammography System | | | Unknown | [link](https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | | Honeywell | | | | Unknown | [link](https://www.honeywell.com/us/en/press/2021/12/honeywells-statement-on-java-apache-log4j-logging-framework-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| HPE/Micro Focus | Data Protector | | 9.09 | Fixed | [link](https://portal.microfocus.com/s/article/KM000003243) | | [https://portal.microfocus.com/s/article/KM000003050](https://portal.microfocus.com/s/article/KM000003050) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| HP | Teradici Cloud Access Controller | | < v113 | Fixed | [link](https://support.hp.com/us-en/document/ish_5268006-5268030-16) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| HP | Teradici EMSDK | | < 1.0.6 | Fixed | [link](https://support.hp.com/us-en/document/ish_5268006-5268030-16) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| HP | Teradici Management Console | | < 21.10.3 | Fixed | [link](https://support.hp.com/us-en/document/ish_5268006-5268030-16) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| HP | Teradici PCoIP Connection Manager | | < 21.03.6, < 20.07.4 | Fixed | [link](https://support.hp.com/us-en/document/ish_5268006-5268030-16) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| HP | Teradici PCoIP License Server | | | Unknown | [link](https://support.hp.com/us-en/document/ish_5268006-5268030-16) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | | HPE | 3PAR StoreServ Arrays | | | Unknown | [link](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) | Support Communication Cross Reference ID: SIK7387 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | | HPE | AirWave Management Platform | | | Unknown | [link](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) | Support Communication Cross Reference ID: SIK7387 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | | HPE | Alletra 6000 | | | Unknown | [link](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) | Support Communication Cross Reference ID: SIK7387 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | @@ -1508,7 +1512,7 @@ NOTE: This file is automatically generated. To submit updates, please refer to | HPE | OfficeConnect | | | Unknown | [link](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) | Support Communication Cross Reference ID: SIK7387 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | | HPE | Primera Storage | | | Unknown | [link](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) | Support Communication Cross Reference ID: SIK7387 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | | HPE | RepoServer part of OPA (on Premises aggregator) | | | Unknown | [link](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) | Support Communication Cross Reference ID: SIK7387 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | -| HPE | Resource Aggregator for Open Distributed Infrastructure Management | | | Unknown | [link](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) | Support Communication Cross Reference ID: SIK7387 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | +| HPE | Resource Aggregator for Open Distributed Infrastructure Management | | | Not Affected | [link](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) | Support Communication Cross Reference ID: SIK7387 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | | HPE | RESTful Interface Tool (iLOREST) | | | Unknown | [link](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) | Support Communication Cross Reference ID: SIK7387 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | | HPE | SAT (System Admin Toolkit) | | | Unknown | [link](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) | Support Communication Cross Reference ID: SIK7387 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | | HPE | Scripting Tools for Windows PowerShell (HPEiLOCmdlets) | | | Unknown | [link](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) | Support Communication Cross Reference ID: SIK7387 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | @@ -1526,11 +1530,7 @@ NOTE: This file is automatically generated. To submit updates, please refer to | HPE | Superdome Flex 280 | | | Unknown | [link](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) | Support Communication Cross Reference ID: SIK7387 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | | HPE | Superdome Flex Server | | | Unknown | [link](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) | Support Communication Cross Reference ID: SIK7387 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | | HPE | UAN (User Access Node) | | | Unknown | [link](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) | Support Communication Cross Reference ID: SIK7387 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | -| HP | Teradici Cloud Access Controller | | < v113 | Fixed | [link](https://support.hp.com/us-en/document/ish_5268006-5268030-16) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| HP | Teradici EMSDK | | < 1.0.6 | Fixed | [link](https://support.hp.com/us-en/document/ish_5268006-5268030-16) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| HP | Teradici Management Console | | < 21.10.3 | Fixed | [link](https://support.hp.com/us-en/document/ish_5268006-5268030-16) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| HP | Teradici PCoIP Connection Manager | | < 21.03.6, < 20.07.4 | Fixed | [link](https://support.hp.com/us-en/document/ish_5268006-5268030-16) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| HP | Teradici PCoIP License Server | | | Unknown | [link](https://support.hp.com/us-en/document/ish_5268006-5268030-16) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| HPE/Micro Focus | Data Protector | | 9.09 | Fixed | [link](https://portal.microfocus.com/s/article/KM000003243) | | [https://portal.microfocus.com/s/article/KM000003050](https://portal.microfocus.com/s/article/KM000003050) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | | Huawei | | | | Unknown | [link](https://www.huawei.com/en/psirt/security-notices/huawei-sn-20211210-01-log4j2-en) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Hubspot | | | | Unknown | [link](https://community.hubspot.com/t5/APIs-Integrations/Log4J-day-zero-exploit-CVE-2021-44228/td-p/541949) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | I-Net software | | | | Unknown | [link](https://faq.inetsoftware.de/t/statement-about-cve-2021-44228-log4j-vulnerability-concerning-i-net-software-products/269/3) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | @@ -2019,6 +2019,8 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Lyrasis | Fedora Repository | | | Not Affected | [link](https://groups.google.com/g/fedora-tech/c/dQMQ5jaX8Xo) | Fedora Repository is unaffiliated with Fedora Linux. Uses logback and explicitly excludes log4j. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | MailStore | | | | Unknown | [link](https://www.mailstore.com/en/blog/mailstore-affected-by-log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Maltego | | | | Unknown | [link](https://www.maltego.com/blog/our-response-to-log4j-cve-2021-44228/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| ManageEngine | AD SelfService Plus | | | Not Affected | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-27 | +| ManageEngine | Servicedesk Plus | 11305 and below | | Affected | [link](https://www.manageengine.com/products/service-desk/security-response-plan.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | ManageEngine Zoho | | | | Unknown | [link](https://pitstop.manageengine.com/portal/en/community/topic/log4j-ad-manager-plus) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | ManageEngine Zoho | ADAudit Plus | | | Unknown | [link](https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | | ManageEngine Zoho | ADManager Plus | | | Unknown | [link](https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | @@ -2032,8 +2034,6 @@ NOTE: This file is automatically generated. To submit updates, please refer to | ManageEngine Zoho | M365 Manager Plus | | | Unknown | [link](https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | | ManageEngine Zoho | M365 Security Plus | | | Unknown | [link](https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | | ManageEngine Zoho | RecoveryManager Plus | | | Unknown | [link](https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | -| ManageEngine | AD SelfService Plus | | | Not Affected | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-27 | -| ManageEngine | Servicedesk Plus | 11305 and below | | Affected | [link](https://www.manageengine.com/products/service-desk/security-response-plan.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | MariaDB | | | | Unknown | [link](https://mariadb.com/resources/blog/log4shell-and-mariadb-cve-2021-44228/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | MathWorks | All MathWorks general release desktop or server products | | | Not Affected | [link](https://www.mathworks.com/matlabcentral/answers/1610640-apache-log4j-vulnerability-cve-2021-44228-how-does-it-affect-matlab-run-time) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | | MathWorks | MATLAB | | | Not Affected | [link](https://www.mathworks.com/content/dam/mathworks/policies/mathworks-response-to-cve-2021-44228-log4j-vulnerability.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | @@ -2217,6 +2217,99 @@ NOTE: This file is automatically generated. To submit updates, please refer to | OxygenXML | Web Author | | | Unknown | | [https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | | OxygenXML | WebHelp | | | Unknown | | [https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | | PagerDuty | PagerDuty SaaS | | | Unknown | [link](https://support.pagerduty.com/docs/pagerduty-log4j-zero-day-vulnerability) | We currently see no evidence of compromises on our platform. Our teams continue to monitor for new developments and for impacts on sub-processors and dependent systems. PagerDuty SaaS customers do not need to take any additional action for their PagerDuty SaaS environment | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Palantir | Palantir AI Inference Platform (AIP) | | All | Fixed | [link](https://www.palantir.com/security-advisories/log4j-vulnerability/) | Fully remediated as of 1.97.0. Disconnected customer instances may require manual updates. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | +| Palantir | Palantir Apollo | | | Not Affected | [link](https://www.palantir.com/security-advisories/log4j-vulnerability/) | No impact, and updates have been deployed for full remediation. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | +| Palantir | Palantir Foundry | | All | Fixed | [link](https://www.palantir.com/security-advisories/log4j-vulnerability/) | No impact to Palantir-hosted or Apollo-connected instances, and updates have been deployed for full remediation. Disconnected customer instances may require manual updates. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | +| Palantir | Palantir Gotham | | All | Fixed | [link](https://www.palantir.com/security-advisories/log4j-vulnerability/) | No impact to Palantir-hosted or Apollo-connected instances, and updates have been deployed for full remediation. Disconnected customer instances may require manual updates. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | +| Palo-Alto Networks | Bridgecrew | | | Unknown | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Palo-Alto Networks | CloudGenix | | | Unknown | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Palo-Alto Networks | Cortex Data Lake | | | Unknown | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Palo-Alto Networks | Cortex XDR Agent | | | Unknown | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Palo-Alto Networks | Cortex Xpanse | | | Unknown | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Palo-Alto Networks | Cortex XSOAR | | | Unknown | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Palo-Alto Networks | Expedition | | | Unknown | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Palo-Alto Networks | GlobalProtect App | | | Unknown | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Palo-Alto Networks | IoT Security | | | Unknown | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Palo-Alto Networks | Okyo Grade | | | Unknown | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Palo-Alto Networks | Palo-Alto Networks-OS for Firewall and Wildfire | | | Unknown | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Palo-Alto Networks | Palo-Alto Networks-OS for Panorama | 9.0, 9.1, 10.0 | | Affected | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | Upgrade Panorama to PAN-OS 10.1 to remediate this issue. This advisory will be updated when hot fixes for the affected Panorama versions are available. PAN-OS for Panorama versions 8.1, 10.1 are not affected. | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Palo-Alto Networks | Prisma Access | | | Unknown | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Palo-Alto Networks | Prisma Cloud | | | Unknown | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Palo-Alto Networks | Prisma Cloud Compute | | | Unknown | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Palo-Alto Networks | SaaS Security | | | Unknown | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Palo-Alto Networks | User-ID Agent | | | Unknown | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Palo-Alto Networks | WildFire Appliance | | | Unknown | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Palo-Alto Networks | WildFire Cloud | | | Unknown | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Panopto | | | | Unknown | [link](https://support.panopto.com/s/article/Panopto-Statement-on-the-Log4j2-Zero-Day-Vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| PaperCut | PaperCut MF | 21.0 and later | | Affected | [link](https://www.papercut.com/support/known-issues/?id=PO-684#ng) | Versions 21.0 and later are impacted. Versions 20 and earlier are NOT impacted by this. Workaround manual steps available in reference. Upgrade to PaperCut NG/MF version 21.2.3 Now Available to resolve. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| PaperCut | PaperCut NG | 21.0 and later | | Affected | [link](https://www.papercut.com/support/known-issues/?id=PO-684#ng) | Versions 21.0 and later are impacted. Versions 20 and earlier are NOT impacted by this. Workaround manual steps available in reference. Upgrade to PaperCut NG/MF version 21.2.3 Now Available to resolve. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| Parallels | | | | Unknown | [link](https://kb.parallels.com/en/128696) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Parse.ly | | | | Unknown | [link](https://blog.parse.ly/parse-ly-log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| PBXMonitor | RMM for 3CX PBX | | | Unknown | [link](https://www.pbxmonitor.net/changelog.php) | Mirror Servers were also checked to ensure Log4J was not installed or being used by any of our systems. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| Pega | | | | Unknown | [link](https://docs.pega.com/security-advisory/security-advisory-apache-log4j-zero-day-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Pentaho | | | | Unknown | [link](https://support.pentaho.com/hc/en-us/articles/4416229254541-log4j-2-zero-day-vulnerability-No-impact-to-supported-versions-of-Pentaho-) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Pepperl+Fuchs | | | | Unknown | [link](https://www.pepperl-fuchs.com/global/en/29079.htm) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Percona | | | | Unknown | [link](https://www.percona.com/blog/log4jshell-vulnerability-update/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Pexip | | | | Unknown | [link](https://www.pexip.com/blog1.0/pexip-statement-on-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Phenix Id | | | | Unknown | [link](https://support.phenixid.se/uncategorized/log4j-fix/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Philips | Multiple products | | | Unknown | [link](https://www.philips.com/a-w/security/security-advisories.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| PHOENIX CONTACT | Cloud Services | | | Unknown | [link](https://dam-mdc.phoenixcontact.com/asset/156443151564/1a0f6db6bbc86540bfe4f05fd65877f4/Vulnerability_Statement_Log4J_20211215.pdf) | Partly affected. Remediations are being implemented. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| PHOENIX CONTACT | Physical products containing firmware | | | Unknown | [link](https://dam-mdc.phoenixcontact.com/asset/156443151564/1a0f6db6bbc86540bfe4f05fd65877f4/Vulnerability_Statement_Log4J_20211215.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| PHOENIX CONTACT | Software Products | | | Unknown | [link](https://dam-mdc.phoenixcontact.com/asset/156443151564/1a0f6db6bbc86540bfe4f05fd65877f4/Vulnerability_Statement_Log4J_20211215.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| Ping Identity | PingAccess | 4.0 <= version <= 6.3.2 | | Affected | [link](https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Ping Identity | PingCentral | | | Unknown | [link](https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Ping Identity | PingFederate | 8.0 <= version <= 10.3.4 | | Affected | [link](https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Ping Identity | PingFederate Java Integration Kit | < 2.7.2 | | Affected | [link](https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Ping Identity | PingFederate OAuth Playground | < 4.3.1 | | Affected | [link](https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Ping Identity | PingIntelligence | | | Unknown | [link](https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Pitney Bowes | | | | Unknown | [link](https://www.pitneybowes.com/us/support/apache-log4j-vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Planmeca | | | | Unknown | [link](https://www.planmeca.com/apache-log4j-vulnerability-in-planmeca-products/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Planon Software | | | | Unknown | [link](https://my.planonsoftware.com/uk/news/log4j-impact-on-planon/) | This advisory is available for customers only and has not been reviewed by CISA | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Platform.SH | | | | Unknown | [link](https://platform.sh/blog/2021/platformsh-protects-from-apache-log4j/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Plesk | | | | Unknown | [link](https://support.plesk.com/hc/en-us/articles/4412182812818-CVE-2021-44228-vulnerability-in-log4j-package-of-Apache) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Plex | Plex Industrial IoT | | | Unknown | [link](https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605) | The product has been updated to Log4j version 2.15. An additional patch is being developed to update to 2.16. No user interaction is required. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Polycom | | | | Unknown | [link](https://support.polycom.com/content/dam/polycom-support/global/documentation/plygn-21-08-poly-systems-apache.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Portainer | | | | Unknown | [link](https://www.portainer.io/blog/portainer-statement-re-log4j-cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| PortSwigger | | | | Unknown | [link](https://forum.portswigger.net/thread/are-burp-collaborator-or-burp-enterprise-vulnerable-to-log4j-dc6524e0) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| PostGreSQL | | | | Unknown | [link](https://www.postgresql.org/about/news/postgresql-jdbc-and-the-log4j-cve-2371/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Postman | | | | Unknown | [link](https://support.postman.com/hc/en-us/articles/4415791933335-Is-Postman-impacted-by-the-Log4j-vulnerability-CVE-2021-44228-) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Power Admin LLC | PA File Sight | | | Not Affected | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Power Admin LLC | PA Server Monitor | | | Not Affected | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Power Admin LLC | PA Storage Monitor | | | Not Affected | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Pretix | | | | Unknown | [link](https://pretix.eu/about/de/blog/20211213-log4j/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| PrimeKey | | | | Unknown | [link](https://support.primekey.com/news/posts/information-about-primekey-products-and-log4j-vulnerability-cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Progress / IpSwitch | | | | Unknown | [link](https://www.progress.com/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| ProofPoint | | | | Unknown | [link](https://proofpointcommunities.force.com/community/s/article/Proofpoint-Statement-Regarding-CVE-2021-44228-Java-logging-package-log4j2) | This advisory is available for customers only and has not been reviewed by CISA | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| ProSeS | | | | Unknown | [link](https://www.proses.de/en/2021/12/16/log4shell-cve-2021-44228/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Prosys | | | | Unknown | [link](https://prosysopc.com/news/important-security-release/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Proxmox | | | | Unknown | [link](https://forum.proxmox.com/threads/log4j-exploit-what-to-do.101254/#post-436880) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| PRTG Paessler | | | | Unknown | [link](https://kb.paessler.com/en/topic/90213-is-prtg-affected-by-cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| PTC | Axeda Platform | 6.9.2 | | Affected | [link](https://www.ptc.com/en/support/article/CS358990) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| PTC | ThingsWorx Analytics | 8.5, 9.0, 9.1, 9.2, All supported versions | | Affected | [link](https://www.ptc.com/en/support/article/CS358901) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| PTC | ThingsWorx Platform | 8.5, 9.0, 9.1, 9.2, All supported versions | | Affected | [link](https://www.ptc.com/en/support/article/CS358901) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| PTV Group | | | | Unknown | [link](https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Pulse Secure | Ivanti Connect Secure (ICS) | | | Unknown | [link](https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Pulse Secure | Ivanti Neurons for secure Access | | | Unknown | [link](https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Pulse Secure | Ivanti Neurons for secure Access | | | Unknown | [link](https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Pulse Secure | Ivanti Neurons for ZTA | | | Unknown | [link](https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Pulse Secure | Ivanti Neurons for ZTA | | | Unknown | [link](https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Pulse Secure | Pulse Connect Secure | | | Unknown | [link](https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Pulse Secure | Pulse Desktop Client | | | Unknown | [link](https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Pulse Secure | Pulse Mobile Client | | | Unknown | [link](https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Pulse Secure | Pulse One | | | Unknown | [link](https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Pulse Secure | Pulse Policy Secure | | | Unknown | [link](https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Pulse Secure | Pulse Secure Services Director | | | Unknown | [link](https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Pulse Secure | Pulse Secure Virtual Traffic Manager | | | Unknown | [link](https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Pulse Secure | Pulse Secure Web Application Firewall | | | Unknown | [link](https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Pulse Secure | Pulse ZTA | | | Unknown | [link](https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Puppet | | | | Unknown | [link](https://puppet.com/blog/puppet-response-to-remote-code-execution-vulnerability-cve-2021-44228/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Pure Storage | | | | Unknown | [link](https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_(%22log4j%22)) | This advisory is available for customers only and has not been reviewed by CISA | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Pure Storage | Cloud Blockstore | CBS6.1.x, CBS6.2.x | | Affected | [link](https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j) | Patch expected 12/27/2021 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Pure Storage | Flash Array | 5.3.x, 6.0.x, 6.1.x, 6.2.x | | Affected | [link](https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j) | Patch expected 12/20/2021 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Pure Storage | FlashBlade | 3.1.x, 3.2.x, 3.3.x | | Affected | [link](https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j) | Patch expected 12/24/2021 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Pure Storage | PortWorx | 2.8.0+ | | Affected | [link](https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Pure Storage | Pure1 | | N/A | Fixed | [link](https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Pyramid Analytics | | | | Unknown | [link](https://community.pyramidanalytics.com/t/83hjjt4/log4j-security-vulnerability-pyramid) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | QF-Test | | | | Unknown | [link](https://www.qfs.de/en/blog/article/no-log4j-vulnerability-in-qf-test.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Qlik | | | | Unknown | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | QMATIC | Appointment Booking | 2.4+ | | Affected | [link](https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability) | Update to v. 2.8.2 which contains log4j 2.16 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | @@ -2228,6 +2321,102 @@ NOTE: This file is automatically generated. To submit updates, please refer to | QSC Q-SYS | | | | Unknown | [link](https://qscprod.force.com/selfhelpportal/s/article/Are-Q-SYS-products-affected-by-the-Log4j-vulnerability-CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | QT | | | | Unknown | [link](https://www.qt.io/blog/the-qt-company-products-not-affected-by-cve-2021-44228-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Quest Global | | | | Unknown | [link](https://support.quest.com/fr-fr/search#q=CVE-2021-44228&t=Global) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| R | R | | | Not Affected | [link](https://www.r-project.org/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| R2ediviewer | | | | Unknown | [link](https://r2ediviewer.de/DE/reload.html?Change-log_17858584.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Radware | | | | Unknown | [link](https://support.radware.com/app/answers/answer_view/a_id/1029752) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Rapid7 | AlcidekArt, kAdvisor, and kAudit | | | Not Affected | [link](https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Rapid7 | AppSpider Enterprise | | | Not Affected | [link](https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Rapid7 | AppSpider Pro | | | Not Affected | [link](https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Rapid7 | Insight Agent | | | Not Affected | [link](https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Rapid7 | InsightAppSec Scan Engine | | | Not Affected | [link](https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Rapid7 | InsightAppSec Scan Engine | | | Not Affected | [link](https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Rapid7 | InsightCloudSec/DivvyCloud | | | Not Affected | [link](https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Rapid7 | InsightConnect Orchestrator | | | Not Affected | [link](https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Rapid7 | InsightIDR Network Sensor | | | Not Affected | [link](https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Rapid7 | InsightIDR/InsightOps Collector & Event Sources | | | Not Affected | [link](https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Rapid7 | InsightOps DataHub | InsightOps DataHub <= 2.0 | | Affected | [link](https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8) | Upgrade [DataHub to version 2.0.1](https://rep.logentries.com/datahub/DataHub_2.0.1.deb) using the [following instructions](https://docs.rapid7.com/insightops/setting-up-datahub/). | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Rapid7 | InsightOps non-Java logging libraries | | | Not Affected | [link](https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Rapid7 | InsightOps r7insight_java logging library | <=3.0.8 | | Affected | [link](https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8) | Upgrade [r7insight_java](https://github.com/rapid7/r7insight_java) to 3.0.9 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Rapid7 | InsightVM Kubernetes Monitor | | | Not Affected | [link](https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Rapid7 | InsightVM/Nexpose | | | Not Affected | [link](https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Rapid7 | InsightVM/Nexpose Console | | | Not Affected | [link](https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8) | Installations of the InsightVM/Nexpose have “log4j-over-slf4j-1.7.7.jar” packaged in them. This is a different library than log4j-core and is not vulnerable to Log4Shell. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Rapid7 | InsightVM/Nexpose Engine | | | Not Affected | [link](https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8) | Installations of the InsightVM/Nexpose have “log4j-over-slf4j-1.7.7.jar” packaged in them. This is a different library than log4j-core and is not vulnerable to Log4Shell. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Rapid7 | IntSights virtual appliance | | | Not Affected | [link](https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Rapid7 | Logentries DataHub | Linux version <= 1.2.0.820; Windows version <= 1.2.0.820 | | Affected | [link](https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8) | Linux: Install DataHub_1.2.0.822.deb using the following [instructions](https://docs.logentries.com/docs/datahub-linux). Windows: Run version 1.2.0.822 in a Docker container or as a Java command per these [instructions](https://docs.logentries.com/docs/datahub-windows). You can find more details [here](https://docs.logentries.com/docs/datahub-linux). | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Rapid7 | Logentries le_java logging library | All versions: this is a deprecated component | | Affected | [link](https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8) | Migrate to version 3.0.9 of [r7insight_java](https://github.com/rapid7/r7insight_java) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Rapid7 | Metasploit Framework | | | Not Affected | [link](https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Rapid7 | Metasploit Pro | | | Not Affected | [link](https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8) | Metasploit Pro ships with log4j but has specific configurations applied to it that mitigate Log4Shell. A future update will contain a fully patched version of log4j. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Rapid7 | tCell Java Agent | | | Not Affected | [link](https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Rapid7 | Velociraptor | | | Not Affected | [link](https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Raritan | | | | Unknown | [link](https://www.raritan.com/support) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Ravelin | | | | Unknown | [link](https://syslog.ravelin.com/log4shell-cve-2021-44228-4338bb8da67b) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Real-Time Innovations (RTI) | Distributed Logger | | | Unknown | [link](https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| Real-Time Innovations (RTI) | Recording Console | | | Unknown | [link](https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| Real-Time Innovations (RTI) | RTI Administration Console | | | Unknown | [link](https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| Real-Time Innovations (RTI) | RTI Code Generator | | | Unknown | [link](https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| Real-Time Innovations (RTI) | RTI Code Generator Server | | | Unknown | [link](https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| Real-Time Innovations (RTI) | RTI Micro Application Generator (MAG) | as part of RTI Connext Micro 3.0.0, 3.0.1, 3.0.2, 3.0.3 | | Affected | [link](https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| Real-Time Innovations (RTI) | RTI Micro Application Generator (MAG) | as part of RTI Connext Professional 6.0.0 and 6.0.1 | | Affected | [link](https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| Real-Time Innovations (RTI) | RTI Monitor | | | Unknown | [link](https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| Red Hat | log4j-core | | | Unknown | [link](https://access.redhat.com/security/cve/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Red Hat | Red Hat Integration Camel K | | | Unknown | [link](https://access.redhat.com/security/cve/cve-2021-44228) | [RHSA-2021:5130](https://access.redhat.com/errata/RHSA-2021:5130) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Red Hat | Red Hat build of Quarkus | | | Unknown | [link](https://access.redhat.com/security/cve/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Red Hat | Red Hat CodeReady Studio | | 12.21.0 | Fixed | [link](https://access.redhat.com/security/cve/cve-2021-44228) | [CRS 12.21.1 Patch](https://developers.redhat.com/products/codeready-studio/download?source=sso) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Red Hat | Red Hat Data Grid | | 8 | Fixed | [link](https://access.redhat.com/security/cve/cve-2021-44228) | [RHSA-2021:5132](http://access.redhat.com/errata/RHSA-2021:5132) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Red Hat | Red Hat Decision Manager | | | Not Affected | [link](https://access.redhat.com/security/cve/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Red Hat | Red Hat Enterprise Linux | | | Not Affected | [link](https://access.redhat.com/security/cve/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Red Hat | Red Hat Enterprise Linux | | | Not Affected | [link](https://access.redhat.com/security/cve/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Red Hat | Red Hat Enterprise Linux | | | Not Affected | [link](https://access.redhat.com/security/cve/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Red Hat | Red Hat Integration Camel Quarkus | | | Unknown | [link](https://access.redhat.com/security/cve/cve-2021-44228) | [RHSA-2021:5126](https://access.redhat.com/errata/RHSA-2021:5126) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Red Hat | Red Hat JBoss A-MQ Streaming | | | Unknown | [link](https://access.redhat.com/security/cve/cve-2021-44228) | [RHSA-2021:5138](https://access.redhat.com/errata/RHSA-2021:5138) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Red Hat | Red Hat JBoss Enterprise Application Platform | | 7 | Fixed | [link](https://access.redhat.com/security/cve/cve-2021-44228) | [Maven Patch](https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform&downloadType=securityPatches&version=7.4) - Affects only the Mavenized distribution. Container, Zip and RPM distro aren't affected. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Red Hat | Red Hat JBoss Enterprise Application Platform Expansion Pack | | | Not Affected | [link](https://access.redhat.com/security/cve/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Red Hat | Red Hat JBoss Fuse | | 7 | Fixed | [link](https://access.redhat.com/security/cve/cve-2021-44228) | [RHSA-2021:5134](https://access.redhat.com/errata/RHSA-2021:5134) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Red Hat | Red Hat Process Automation | | 7 | Fixed | [link](https://access.redhat.com/security/cve/cve-2021-44228) | [Maven Patch](https://access.redhat.com/jbossnetwork/restricted/softwareDetail.html?softwareId=103671&product=rhpam&version=7.11.1&downloadType=patches) - Affects only the Mavenized distribution. Container, Zip and RPM distro aren't affected. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Red Hat | Red Hat Single Sign-On | | | Not Affected | [link](https://access.redhat.com/security/cve/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Red Hat | Red Hat Vert.X | | 4 | Fixed | [link](https://access.redhat.com/security/cve/cve-2021-44228) | [RHSA-2021:5093](https://access.redhat.com/errata/RHSA-2021:5093) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Red Hat | Satellite 5 | | | Unknown | [link](https://access.redhat.com/security/cve/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Red Hat | Spacewalk | | | Unknown | [link](https://access.redhat.com/security/cve/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Red Hat OpenShift Container Platform 3.11 | openshift3/ose-logging-elasticsearch5 | | | Unknown | [link](https://access.redhat.com/security/cve/cve-2021-44228) | [RHSA-2021:5094](http://access.redhat.com/errata/RHSA-2021:5094) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Red Hat OpenShift Container Platform 4 | openshift4/ose-logging-elasticsearch6 | | | Unknown | [link](https://access.redhat.com/security/cve/cve-2021-44228) | Please refer to Red Hat Customer Portal to find the right errata for your version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Red Hat OpenShift Container Platform 4 | openshift4/ose-metering-hive | | | Unknown | [link](https://access.redhat.com/security/cve/cve-2021-44228) | Please refer to Red Hat Customer Portal to find the right errata for your version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Red Hat OpenShift Container Platform 4 | openshift4/ose-metering-presto | | | Unknown | [link](https://access.redhat.com/security/cve/cve-2021-44228) | Please refer to Red Hat Customer Portal to find the right errata for your version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Red Hat OpenShift Logging | logging-elasticsearch6-container | | | Unknown | [link](https://access.redhat.com/security/cve/cve-2021-44228) | Please refer to Red Hat Customer Portal to find the right errata for your version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Red Hat OpenStack Platform 13 (Queens) | opendaylight | | | Unknown | [link](https://access.redhat.com/security/cve/cve-2021-44228) | End of Life | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Red Hat Software Collections | rh-java-common-log4j | | | Unknown | [link](https://access.redhat.com/security/cve/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Red Hat Software Collections | rh-maven35-log4j12 | | | Unknown | [link](https://access.redhat.com/security/cve/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Red Hat Software Collections | rh-maven36-log4j12 | | | Unknown | [link](https://access.redhat.com/security/cve/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Red5Pro | | | | Unknown | [link](https://www.red5pro.com/blog/red5-marked-safe-from-log4j-and-log4j2-zero-day/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| RedGate | | | | Unknown | [link](https://www.red-gate.com/privacy-and-security/vulnerabilities/2021-12-15-log4j-statement) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Redis | | | | Unknown | [link](https://redis.com/security/notice-apache-log4j2-cve-2021-44228/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Reiner SCT | | | | Unknown | [link](https://forum.reiner-sct.com/index.php?/topic/5973-timecard-und-log4j-schwachstelle/&do=findComment&comment=14933) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| ReportURI | | | | Unknown | [link](https://scotthelme.co.uk/responding-to-the-log4j-2-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| ResMed | AirView | | | Unknown | [link](https://www.resmed.com/en-us/security/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| ResMed | myAir | | | Unknown | [link](https://www.resmed.com/en-us/security/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Respondus | | | | Unknown | [link](https://support.respondus.com/support/index.php?/News/NewsItem/View/339) | This advisory is available to customers only and has not been reviewed by CISA | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Revenera / Flexera | | | | Unknown | [link](https://community.flexera.com/t5/Revenera-Company-News/Security-Advisory-Log4j-Java-Vulnerability-CVE-2021-44228/ba-p/216905) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Ricoh | | | | Unknown | [link](https://www.ricoh.com/info/2021/1215_1/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| RingCentral | | | | Unknown | [link](https://www.ringcentral.com/trust-center/security-bulletin.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Riverbed | | | | Unknown | [link](https://supportkb.riverbed.com/support/index?page=content&id=S35645) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Rockwell Automation | FactoryTalk Analytics DataFlowML | 4.00.00 | | Affected | [link](https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Rockwell Automation | FactoryTalk Analytics DataView | 3.03.00 | | Affected | [link](https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Rockwell Automation | Industrial Data Center | | Gen 1, Gen 2, Gen 3, Gen 3.5 | Fixed | [link](https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Rockwell Automation | MES EIG | 3.03.00 | | Affected | [link](https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605) | Customers should upgrade to EIG Hub if possible or work with their local representatives about alternative solutions. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Rockwell Automation | VersaVirtual | | Series A | Fixed | [link](https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Rockwell Automation | Warehouse Management | 4.01.00, 4.02.00, 4.02.01, 4.02.02 | | Affected | [link](https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Rollbar | | | | Unknown | [link](https://rollbar.com/blog/log4j-zero-day-2021-log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Rosette.com | | | | Unknown | [link](https://support.rosette.com/hc/en-us/articles/4416216525965-Log4j-Vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| RSA | SecurID Authentication Manager | | | Unknown | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| RSA | SecurID Authentication Manager Prime | | | Unknown | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| RSA | SecurID Authentication Manager WebTier | | | Unknown | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| RSA | SecurID Governance and Lifecycle | | | Unknown | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| RSA | SecurID Governance and Lifecycle Cloud | | | Unknown | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| RSA | SecurID Identity Router | | | Unknown | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| RSA Netwitness | | | | Unknown | [link](https://community.rsa.com/t5/netwitness-platform-product/netwitness-apache-vulnerability-log4j2-cve-2021-44228-nbsp/ta-p/660540) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Rstudioapi | Rstudioapi | | | Not Affected | [link](https://github.com/rstudio/rstudioapi) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Rubrik | | | | Unknown | [link](https://support.rubrik.com/s/announcementdetail?Id=a406f000001PwOcAAK) | This advisory is available to customers only and has not been reviewed by CISA | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Ruckus | Virtual SmartZone (vSZ) | 5.1 to 6.0 | | Affected | [link](https://support.ruckuswireless.com/security_bulletins/313) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | +| RunDeck by PagerDuty | | | | Unknown | [link](https://docs.rundeck.com/docs/history/CVEs/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Runecast | Runecast Analyzer | | 6.0.3 | Fixed | [link](https://www.runecast.com/release-notes) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | SAE-IT | | | | Unknown | [link](https://www.sae-it.com/nc/de/news/sicherheitsmeldungen.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | SAFE FME Server | | | | Unknown | [link](https://community.safe.com/s/article/Is-FME-Server-Affected-by-the-Security-Vulnerability-Reported-Against-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | @@ -2319,6 +2508,8 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Shibboleth | All Products | | | Not Affected | [link](https://shibboleth.net/pipermail/announce/2021-December/000253.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-10 | | Shopify | | | | Unknown | [link](https://community.shopify.com/c/technical-q-a/is-shopify-affected-by-the-log4j-vulnerability/td-p/1417625) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Siebel | | | | Unknown | [link](https://www.siebelhub.com/main/2021/12/log4j-vulnerability-cve-2021-44228-and-siebel-crm.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Siemens | Affected Products | | | Unknown | [link](https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf) | Siemens requests: See pdf for the complete list of affected products, CSAF for automated parsing of data | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| Siemens | Affected Products | | | Unknown | [link](https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf) | Siemens requests: See pdf for the complete list of affected products, CSAF for automated parsing of data | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | | Siemens Energy | Affected Products | | | Unknown | [link](https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf) | Siemens requests: See pdf for the complete list of affected products, CSAF for automated parsing of data | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | Siemens Energy | Affected Products | | | Unknown | [link](https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf) | Siemens requests: See pdf for the complete list of affected products, CSAF for automated parsing of data | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | | Siemens Energy | Affected Products | | | Unknown | [link](https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf) | Siemens requests: See pdf for the complete list of affected products, CSAF for automated parsing of data | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | @@ -2356,8 +2547,6 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Siemens Healthineers | syngo.via WebViewer VA13B / VA20A / VA20B | | | Unknown | [link](https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228) | Workaround: remove the vulnerable class from the .jar file | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | | Siemens Healthineers | X.Ceed Somaris 10 VA40* | | | Unknown | [link](https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228) | Workaround: In the meantime, we recommend preventing access to port 8090 from other devices by configuration of the hospital network. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | | Siemens Healthineers | X.Cite Somaris 10 VA30*/VA40* | | | Unknown | [link](https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228) | Workaround: In the meantime, we recommend preventing access to port 8090 from other devices by configuration of the hospital network. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Siemens | Affected Products | | | Unknown | [link](https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf) | Siemens requests: See pdf for the complete list of affected products, CSAF for automated parsing of data | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Siemens | Affected Products | | | Unknown | [link](https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf) | Siemens requests: See pdf for the complete list of affected products, CSAF for automated parsing of data | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | | Sierra Wireless | | | | Unknown | [link](https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2021-007/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Sierra Wireless | AirVantage and Octave cloud platforms | | | Unknown | [link](https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2021-007/#sthash.iT98k4HP.dpbs) | These systems do not operate with the specific non-standard configuration required for CVE-2021-25046 and hence were not vulnerable to it. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-05 | | Sierra Wireless | AM/AMM servers | | | Unknown | [link](https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2021-007/#sthash.iT98k4HP.dpbs) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-05 | @@ -2458,8 +2647,8 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Splunk | Splunk UBA OVA Software | 5.0.3a, 5.0.0 | | Affected | [link](https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-30 | | Splunk | Splunk VMWare OVA for ITSI [App ID 4760](https://splunkbase.splunk.com/app/4760/) | 1.1.1 and older | | Affected | [link](https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-30 | | Sprecher Automation | | | | Unknown | [link](https://www.sprecher-automation.com/en/it-security/security-alerts) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Spring Boot | | | | Unknown | [link](https://spring.io/blog/2021/12/10/log4j2-vulnerability-and-spring-boot) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Spring | Spring Boot | | | Unknown | [link](https://spring.io/blog/2021/12/10/log4j2-vulnerability-and-spring-boot) | Spring Boot users are only affected by this vulnerability if they have switched the default logging system to Log4J2 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Spring Boot | | | | Unknown | [link](https://spring.io/blog/2021/12/10/log4j2-vulnerability-and-spring-boot) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | StarDog | | | | Unknown | [link](https://community.stardog.com/t/stardog-7-8-1-available/3411) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | STERIS | Advantage | | | Unknown | [link](https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | | STERIS | Advantage Plus | | | Unknown | [link](https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | @@ -2750,7 +2939,14 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Western Digital | | | | Unknown | [link](https://www.westerndigital.com/support/product-security/wdc-21016-apache-log4j-2-remote-code-execution-vulnerability-analysis) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | WIBU Systems | CodeMeter Cloud Lite | 2.2 and prior | | Affected | [link](https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-211213-01.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | | WIBU Systems | CodeMeter Keyring for TIA Portal | 1.30 and prior | | Affected | [link](https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-211213-01.pdf) | Only the Password Manager is affected | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| WindRiver | | | | Unknown | [link](https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Wind River | LTS17 | | | Not Affected | [link](https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-21 | +| Wind River | LTS18 | | | Not Affected | [link](https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-21 | +| Wind River | LTS19 | | | Not Affected | [link](https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-21 | +| Wind River | LTS21 | | | Not Affected | [link](https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Wind River | WRL-6 | | | Not Affected | [link](https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191) | The Wind River Linux Product Versions 8.0 and prior contains the log4j1.2 and JMSAppender components, however, JMSAppender is deactivated in the release package and not affected by CVE-2021-4104 customers are advised to NOT manually activate the JMSAppender component. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-21 | +| Wind River | WRL-7 | | | Not Affected | [link](https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191) | The Wind River Linux Product Versions 8.0 and prior contains the log4j1.2 and JMSAppender components, however, JMSAppender is deactivated in the release package and not affected by CVE-2021-4104 customers are advised to NOT manually activate the JMSAppender component. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-21 | +| Wind River | WRL-8 | | | Not Affected | [link](https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191) | The Wind River Linux Product Versions 8.0 and prior contains the log4j1.2 and JMSAppender components, however, JMSAppender is deactivated in the release package and not affected by CVE-2021-4104 customers are advised to NOT manually activate the JMSAppender component. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-21 | +| Wind River | WRL-9 | | | Not Affected | [link](https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-21 | | WireShark | | | | Unknown | [link](https://gitlab.com/wireshark/wireshark/-/issues/17783) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Wistia | | | | Unknown | [link](https://status.wistia.com/incidents/jtg0dfl5l224) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | WitFoo | | | | Unknown | [link](https://www.witfoo.com/blog/emergency-update-for-cve-2021-44228-log4j/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | diff --git a/config/requirements.txt b/config/requirements.txt index e5b41a2..76c9f9b 100644 --- a/config/requirements.txt +++ b/config/requirements.txt @@ -1 +1 @@ -https://github.com/cisagov/log4j-md-yml/archive/v1.1.0.tar.gz +https://github.com/cisagov/log4j-md-yml/archive/v1.1.1.tar.gz diff --git a/data/cisagov.yml b/data/cisagov.yml index 7633387..371fd39 100644 --- a/data/cisagov.yml +++ b/data/cisagov.yml @@ -6307,8 +6307,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BeyondTrust Bomgar - product: '' + - vendor: BeyondTrust + product: Privilege Management Cloud cves: cve-2021-4104: investigated: false @@ -6316,9 +6316,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - Unknown unaffected_versions: [] cve-2021-45046: investigated: false @@ -6331,13 +6332,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://beyondtrustcorp.service-now.com/kb_view.do?sysparm_article=KB0016542 + - https://www.beyondtrust.com/blog/entry/security-advisory-apache-log4j2-cve-2021-44228-log4shell notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' + last_updated: '2021-12-17T00:00:00' - vendor: BeyondTrust - product: Privilege Management Cloud + product: Privilege Management Reporting in BeyondInsight cves: cve-2021-4104: investigated: false @@ -6348,7 +6349,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - Unknown + - '21.2' unaffected_versions: [] cve-2021-45046: investigated: false @@ -6367,7 +6368,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: BeyondTrust - product: Privilege Management Reporting in BeyondInsight + product: Secure Remote Access appliances cves: cve-2021-4104: investigated: false @@ -6377,9 +6378,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - '21.2' - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - Unknown cve-2021-45046: investigated: false affected_versions: [] @@ -6396,8 +6397,8 @@ software: references: - '' last_updated: '2021-12-17T00:00:00' - - vendor: BeyondTrust - product: Secure Remote Access appliances + - vendor: BeyondTrust Bomgar + product: '' cves: cve-2021-4104: investigated: false @@ -6405,11 +6406,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - Unknown + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -6421,11 +6421,11 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.beyondtrust.com/blog/entry/security-advisory-apache-log4j2-cve-2021-44228-log4shell + - https://beyondtrustcorp.service-now.com/kb_view.do?sysparm_article=KB0016542 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: BioMerieux product: '' cves: @@ -9266,7 +9266,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Broadcom product: Symantec Protection Engine (SPE) cves: @@ -9295,7 +9295,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Broadcom product: Symantec Protection for SharePoint Servers (SPSS) cves: @@ -9324,7 +9324,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Broadcom product: VIP cves: @@ -9353,7 +9353,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Broadcom product: VIP Authentication Hub cves: @@ -9382,7 +9382,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Broadcom product: Web Isolation (WI) cves: @@ -9411,7 +9411,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Broadcom product: Web Security Service (WSS) cves: @@ -9440,7 +9440,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Broadcom product: WebPulse cves: @@ -9469,7 +9469,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: C4b XPHONE product: '' cves: @@ -9498,7 +9498,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Campbell Scientific product: All cves: @@ -9556,7 +9556,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Canary Labs product: All cves: @@ -9874,7 +9874,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Carestream product: '' cves: @@ -9932,7 +9932,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: CAS genesisWorld product: '' cves: @@ -9961,7 +9961,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cato Networks product: '' cves: @@ -9990,7 +9990,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cepheid product: C360 cves: @@ -10077,7 +10077,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Chaser Systems product: discrimiNAT Firewall cves: @@ -10107,7 +10107,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Check Point product: CloudGuard cves: @@ -10137,7 +10137,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Check Point product: Harmony Endpoint & Harmony Mobile cves: @@ -10167,7 +10167,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Check Point product: Infinity Portal cves: @@ -10196,7 +10196,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Check Point product: Quantum Security Gateway cves: @@ -10226,7 +10226,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Check Point product: Quantum Security Management cves: @@ -10257,7 +10257,7 @@ software: this attack by default. references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Check Point product: SMB cves: @@ -10287,7 +10287,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Check Point product: ThreatCloud cves: @@ -10316,7 +10316,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: CheckMK product: '' cves: @@ -10345,7 +10345,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Ciphermail product: '' cves: @@ -10374,7 +10374,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: CircleCI product: CircleCI cves: @@ -10432,7 +10432,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: AppDynamics cves: @@ -10461,7 +10461,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco ACI Multi-Site Orchestrator cves: @@ -10490,7 +10490,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco ACI Virtual Edge cves: @@ -10519,7 +10519,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Adaptive Security Appliance (ASA) Software cves: @@ -10548,7 +10548,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Advanced Web Security Reporting Application cves: @@ -10577,7 +10577,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco AMP Virtual Private Cloud Appliance cves: @@ -10606,7 +10606,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco AnyConnect Secure Mobility Client cves: @@ -10635,7 +10635,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Application Policy Infrastructure Controller (APIC) cves: @@ -10664,7 +10664,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco ASR 5000 Series Routers cves: @@ -10693,7 +10693,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Broadcloud Calling cves: @@ -10722,7 +10722,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco BroadWorks cves: @@ -10751,7 +10751,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Catalyst 9800 Series Wireless Controllers cves: @@ -10780,7 +10780,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco CloudCenter Suite Admin cves: @@ -10809,7 +10809,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco CloudCenter Workload Manager cves: @@ -10838,7 +10838,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Cognitive Intelligence cves: @@ -10867,7 +10867,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Common Services Platform Collector cves: @@ -10896,7 +10896,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Computer Telephony Integration Object Server (CTIOS) cves: @@ -10925,7 +10925,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Connected Grid Device Manager cves: @@ -10954,7 +10954,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Connected Mobile Experiences cves: @@ -10983,7 +10983,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Connectivity cves: @@ -11012,7 +11012,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Contact Center Domain Manager (CCDM) cves: @@ -11041,7 +11041,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Contact Center Management Portal (CCMP) cves: @@ -11070,7 +11070,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Crosswork Change Automation cves: @@ -11099,7 +11099,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco CX Cloud Agent Software cves: @@ -11128,7 +11128,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Data Center Network Manager (DCNM) cves: @@ -11157,7 +11157,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Defense Orchestrator cves: @@ -11186,7 +11186,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco DNA Assurance cves: @@ -11215,7 +11215,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco DNA Center cves: @@ -11244,7 +11244,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco DNA Spaces cves: @@ -11273,7 +11273,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Elastic Services Controller (ESC) cves: @@ -11302,7 +11302,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Emergency Responder cves: @@ -11331,7 +11331,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Enterprise Chat and Email cves: @@ -11360,7 +11360,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Enterprise NFV Infrastructure Software (NFVIS) cves: @@ -11389,7 +11389,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Evolved Programmable Network Manager cves: @@ -11418,7 +11418,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Extensible Network Controller (XNC) cves: @@ -11447,7 +11447,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Finesse cves: @@ -11476,7 +11476,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Firepower Management Center cves: @@ -11505,7 +11505,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Firepower Threat Defense (FTD) cves: @@ -11534,7 +11534,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco GGSN Gateway GPRS Support Node cves: @@ -11563,7 +11563,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco HyperFlex System cves: @@ -11592,7 +11592,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Identity Services Engine (ISE) cves: @@ -11621,7 +11621,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Integrated Management Controller (IMC) Supervisor cves: @@ -11650,7 +11650,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Intersight cves: @@ -11679,7 +11679,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Intersight Virtual Appliance cves: @@ -11708,7 +11708,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco IOS and IOS XE Software cves: @@ -11737,7 +11737,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco IoT Field Network Director (formerly Cisco Connected Grid Network Management System) @@ -11767,7 +11767,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco IoT Operations Dashboard cves: @@ -11796,7 +11796,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco IOx Fog Director cves: @@ -11825,7 +11825,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco IP Services Gateway (IPSG) cves: @@ -11854,7 +11854,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Kinetic for Cities cves: @@ -11883,7 +11883,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco MDS 9000 Series Multilayer Switches cves: @@ -11912,7 +11912,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Meeting Server cves: @@ -11941,7 +11941,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco MME Mobility Management Entity cves: @@ -11970,7 +11970,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Modeling Labs cves: @@ -11999,7 +11999,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Network Assessment (CNA) Tool cves: @@ -12028,7 +12028,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Network Assurance Engine cves: @@ -12057,7 +12057,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Network Convergence System 2000 Series cves: @@ -12086,7 +12086,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Network Planner cves: @@ -12115,7 +12115,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Network Services Orchestrator (NSO) cves: @@ -12144,7 +12144,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Nexus 5500 Platform Switches cves: @@ -12173,7 +12173,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Nexus 5600 Platform Switches cves: @@ -12202,7 +12202,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Nexus 6000 Series Switches cves: @@ -12231,7 +12231,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Nexus 7000 Series Switches cves: @@ -12260,7 +12260,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode @@ -12290,7 +12290,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Nexus Dashboard (formerly Cisco Application Services Engine) cves: @@ -12319,7 +12319,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Nexus Data Broker cves: @@ -12348,7 +12348,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Nexus Insights cves: @@ -12377,7 +12377,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Optical Network Planner cves: @@ -12406,7 +12406,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Packaged Contact Center Enterprise cves: @@ -12435,7 +12435,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Paging Server cves: @@ -12464,7 +12464,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Paging Server (InformaCast) cves: @@ -12493,7 +12493,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco PDSN/HA Packet Data Serving Node and Home Agent cves: @@ -12522,7 +12522,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco PGW Packet Data Network Gateway cves: @@ -12551,7 +12551,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Policy Suite cves: @@ -12580,7 +12580,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Prime Central for Service Providers cves: @@ -12609,7 +12609,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Prime Collaboration Manager cves: @@ -12638,7 +12638,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Prime Collaboration Provisioning cves: @@ -12667,7 +12667,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Prime Infrastructure cves: @@ -12696,7 +12696,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Prime License Manager cves: @@ -12725,7 +12725,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Prime Network cves: @@ -12754,7 +12754,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Prime Optical for Service Providers cves: @@ -12783,7 +12783,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Prime Provisioning cves: @@ -12812,7 +12812,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Prime Service Catalog cves: @@ -12841,7 +12841,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Registered Envelope Service cves: @@ -12870,7 +12870,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco SD-WAN vEdge 1000 Series Routers cves: @@ -12899,7 +12899,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco SD-WAN vEdge 2000 Series Routers cves: @@ -12928,7 +12928,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco SD-WAN vEdge 5000 Series Routers cves: @@ -12957,7 +12957,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco SD-WAN vEdge Cloud Router Platform cves: @@ -12986,7 +12986,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco SD-WAN vManage cves: @@ -13015,7 +13015,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Secure Network Analytics (SNA), formerly Stealthwatch cves: @@ -13044,7 +13044,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco SocialMiner cves: @@ -13073,7 +13073,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco System Architecture Evolution Gateway (SAEGW) cves: @@ -13102,7 +13102,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco TelePresence Management Suite cves: @@ -13131,7 +13131,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco UCS Director cves: @@ -13160,7 +13160,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco UCS Performance Manager cves: @@ -13189,7 +13189,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Umbrella cves: @@ -13218,7 +13218,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Unified Attendant Console Advanced cves: @@ -13247,7 +13247,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Unified Attendant Console Business Edition cves: @@ -13276,7 +13276,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Unified Attendant Console Department Edition cves: @@ -13305,7 +13305,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Unified Attendant Console Enterprise Edition cves: @@ -13334,7 +13334,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Unified Attendant Console Premium Edition cves: @@ -13363,7 +13363,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Unified Communications Manager Cloud cves: @@ -13392,7 +13392,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Unified Contact Center Enterprise cves: @@ -13421,7 +13421,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Unified Contact Center Enterprise - Live Data server cves: @@ -13450,7 +13450,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Unified Contact Center Express cves: @@ -13479,7 +13479,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Unified Intelligent Contact Management Enterprise cves: @@ -13508,7 +13508,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Unified SIP Proxy Software cves: @@ -13537,7 +13537,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Video Surveillance Operations Manager cves: @@ -13566,7 +13566,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Virtual Topology System - Virtual Topology Controller (VTC) VM cves: @@ -13595,7 +13595,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Virtualized Voice Browser cves: @@ -13624,7 +13624,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Vision Dynamic Signage Director cves: @@ -13653,7 +13653,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco WAN Automation Engine (WAE) cves: @@ -13682,7 +13682,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Web Security Appliance (WSA) cves: @@ -13711,7 +13711,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Webex Cloud-Connected UC (CCUC) cves: @@ -13740,7 +13740,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Webex Meetings Server cves: @@ -13769,7 +13769,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Webex Teams cves: @@ -13798,7 +13798,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Wide Area Application Services (WAAS) cves: @@ -13827,7 +13827,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Duo cves: @@ -13856,7 +13856,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: DUO network gateway (on-prem/self-hosted) cves: @@ -13884,7 +13884,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: duo network gateway (on-prem/self-hosted) cves: @@ -13912,7 +13912,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Exony Virtualized Interaction Manager (VIM) cves: @@ -13941,7 +13941,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Managed Services Accelerator (MSX) Network Access Control Service cves: @@ -13970,7 +13970,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Citrix product: Citrix ADC (NetScaler ADC) and Citrix Gateway (NetScaler Gateway) cves: @@ -14407,7 +14407,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: AM2CM Tool cves: @@ -14436,7 +14436,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Ambari cves: @@ -14467,7 +14467,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Arcadia Enterprise cves: @@ -14497,7 +14497,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: CDH, HDP, and HDF cves: @@ -14527,7 +14527,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: CDP Operational Database (COD) cves: @@ -14556,7 +14556,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: CDP Private Cloud Base cves: @@ -14586,7 +14586,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: CDS 3 Powered by Apache Spark cves: @@ -14616,7 +14616,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: CDS 3.2 for GPUs cves: @@ -14646,7 +14646,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Cloudera Cybersecurity Platform cves: @@ -14676,7 +14676,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Cloudera Data Engineering (CDE) cves: @@ -14705,7 +14705,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Cloudera Data Engineering (CDE) cves: @@ -14735,7 +14735,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Cloudera Data Flow (CFM) cves: @@ -14764,7 +14764,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Cloudera Data Science Workbench (CDSW) cves: @@ -14795,7 +14795,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Cloudera Data Visualization (CDV) cves: @@ -14824,7 +14824,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Cloudera Data Warehouse (CDW) cves: @@ -14853,7 +14853,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Cloudera Data Warehouse (CDW) cves: @@ -14883,7 +14883,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Cloudera DataFlow (CDF) cves: @@ -14912,7 +14912,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Cloudera Edge Management (CEM) cves: @@ -14942,7 +14942,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Cloudera Enterprise cves: @@ -14972,7 +14972,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Cloudera Flow Management (CFM) cves: @@ -15002,7 +15002,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Cloudera Machine Learning (CML) cves: @@ -15031,7 +15031,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Cloudera Machine Learning (CML) cves: @@ -15061,7 +15061,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Cloudera Manager (Including Backup Disaster Recovery (BDR) and Replication Manager) @@ -15092,7 +15092,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Cloudera Manager (Including Backup Disaster Recovery (BDR) and Replication Manager) @@ -15125,7 +15125,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Cloudera Manager (Including Backup Disaster Recovery (BDR)) cves: @@ -15154,7 +15154,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Cloudera Runtime (including Cloudera Data Hub and all Data Hub templates) cves: @@ -15186,7 +15186,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Cloudera Stream Processing (CSP) cves: @@ -15216,7 +15216,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Cloudera Streaming Analytics (CSA) cves: @@ -15245,7 +15245,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Cloudera Streaming Analytics (CSA) cves: @@ -15274,7 +15274,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Data Analytics Studio (DAS) cves: @@ -15303,7 +15303,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Data Catalog cves: @@ -15332,7 +15332,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Data Lifecycle Manager (DLM) cves: @@ -15361,7 +15361,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Data Steward Studio (DSS) cves: @@ -15391,7 +15391,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Hortonworks Data Flow (HDF) cves: @@ -15420,7 +15420,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Hortonworks Data Platform (HDP) cves: @@ -15452,7 +15452,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Hortonworks DataPlane Platform cves: @@ -15481,7 +15481,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Management Console cves: @@ -15511,7 +15511,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Management Console for CDP Public Cloud cves: @@ -15540,7 +15540,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Replication Manager cves: @@ -15569,7 +15569,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: SmartSense cves: @@ -15598,7 +15598,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Workload Manager cves: @@ -15627,7 +15627,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Workload XM cves: @@ -15657,7 +15657,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Workload XM (SaaS) cves: @@ -15686,7 +15686,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: CloudFlare product: '' cves: @@ -15715,7 +15715,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudian HyperStore product: '' cves: @@ -15744,7 +15744,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudogu product: Ecosystem cves: @@ -15774,7 +15774,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudogu product: SCM-Manager cves: @@ -15803,7 +15803,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudron product: '' cves: @@ -15832,7 +15832,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Clover product: '' cves: @@ -15861,7 +15861,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Code42 product: Code42 App cves: @@ -15952,7 +15952,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Codesys product: '' cves: @@ -15981,7 +15981,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cohesity product: '' cves: @@ -16010,7 +16010,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: CommVault product: '' cves: @@ -16039,7 +16039,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Concourse product: Concourse cves: @@ -16068,7 +16068,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: ConcreteCMS.com product: '' cves: @@ -16097,7 +16097,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Confluent product: Confluent Cloud cves: @@ -16426,7 +16426,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: ConnectWise product: '' cves: @@ -16455,7 +16455,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: ContrastSecurity product: '' cves: @@ -16484,7 +16484,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: ControlUp product: '' cves: @@ -16513,7 +16513,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: COPADATA product: All cves: @@ -16571,7 +16571,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: CPanel product: '' cves: @@ -16600,7 +16600,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cradlepoint product: '' cves: @@ -16629,7 +16629,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Crestron product: '' cves: @@ -16687,7 +16687,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: CryptShare product: '' cves: @@ -16716,7 +16716,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: CyberArk product: Privileged Threat Analytics (PTA) cves: @@ -16776,7 +16776,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: CyberRes product: '' cves: @@ -16805,7 +16805,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Daktronics product: All Sport Pro cves: @@ -17417,7 +17417,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Dassault Systèmes product: '' cves: @@ -17446,7 +17446,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Databricks product: '' cves: @@ -17475,7 +17475,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Datadog product: Datadog Agent cves: @@ -17508,7 +17508,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Dataminer product: '' cves: @@ -17537,7 +17537,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Datev product: '' cves: @@ -17566,7 +17566,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Datto product: '' cves: @@ -17595,7 +17595,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: dCache.org product: '' cves: @@ -17624,7 +17624,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Debian product: '' cves: @@ -17653,7 +17653,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Deepinstinct product: '' cves: @@ -17682,7 +17682,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Dell product: '"Dell EMC PowerMax VMAX VMAX3 and VMAX AFA"' cves: @@ -25107,7 +25107,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Device42 product: '' cves: @@ -25136,7 +25136,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Devolutions product: All products cves: @@ -25165,7 +25165,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Diebold Nixdorf product: '' cves: @@ -25194,7 +25194,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Digi International product: AnywhereUSB Manager cves: @@ -26354,7 +26354,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Digital AI product: '' cves: @@ -26383,7 +26383,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Digital Alert Systems product: All cves: @@ -26441,7 +26441,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Docker product: '' cves: @@ -26470,7 +26470,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Docusign product: '' cves: @@ -26499,7 +26499,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: DrayTek product: Vigor Routers, Access Points, Switches, VigorACS Central Management Software, MyVigor Platform @@ -26558,7 +26558,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Dynatrace product: ActiveGate cves: @@ -26819,7 +26819,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Eaton product: Undisclosed cves: @@ -26851,7 +26851,7 @@ software: wall. references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: EclecticIQ product: '' cves: @@ -26880,7 +26880,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Eclipse Foundation product: '' cves: @@ -26909,7 +26909,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Edwards product: '' cves: @@ -26967,7 +26967,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: EGroupware product: '' cves: @@ -26996,7 +26996,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Elastic product: APM Java Agent cves: @@ -27524,8 +27524,8 @@ software: references: - '' last_updated: '2021-12-15T00:00:00' - - vendor: ElasticSearch - product: all products + - vendor: Elastic + product: Swiftype cves: cve-2021-4104: investigated: false @@ -27547,13 +27547,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: Elastic - product: Swiftype + last_updated: '2021-12-15T00:00:00' + - vendor: ElasticSearch + product: all products cves: cve-2021-4104: investigated: false @@ -27575,12 +27576,11 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 + vendor_links: [] notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Ellucian product: Admin cves: @@ -31036,7 +31036,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: ESET product: '' cves: @@ -31065,7 +31065,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: ESRI product: ArcGIS Data Store cves: @@ -31280,7 +31280,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Evolveum Midpoint product: '' cves: @@ -31309,7 +31309,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Ewon product: '' cves: @@ -31338,7 +31338,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Exabeam product: '' cves: @@ -31368,7 +31368,7 @@ software: by CISA references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Exact product: '' cves: @@ -31397,7 +31397,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Exivity product: '' cves: @@ -31426,7 +31426,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: ExtraHop product: Reveal(x) cves: @@ -31487,7 +31487,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Extreme Networks product: '' cves: @@ -31516,7 +31516,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Extron product: '' cves: @@ -31545,7 +31545,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: F-Secure product: Elements Connector cves: @@ -31574,7 +31574,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: F-Secure product: Endpoint Proxy cves: @@ -31604,7 +31604,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: F-Secure product: Messaging Security Gateway cves: @@ -31633,7 +31633,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: F-Secure product: Policy Manager cves: @@ -31663,7 +31663,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: F-Secure product: Policy Manager Proxy cves: @@ -31693,7 +31693,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: F5 product: BIG-IP (all modules) cves: @@ -31723,7 +31723,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: F5 product: BIG-IQ Centralized Management cves: @@ -31753,7 +31753,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: F5 product: F5OS cves: @@ -31783,7 +31783,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: F5 product: NGINX App Protect cves: @@ -31813,7 +31813,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: F5 product: NGINX Controller cves: @@ -31843,7 +31843,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: F5 product: NGINX Ingress Controller cves: @@ -31873,7 +31873,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: F5 product: NGINX Instance Manager cves: @@ -31903,7 +31903,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: F5 product: NGINX Open Source cves: @@ -31933,7 +31933,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: F5 product: NGINX Plus cves: @@ -31963,7 +31963,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: F5 product: NGINX Service Mesh cves: @@ -31993,7 +31993,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: F5 product: NGINX Unit cves: @@ -32023,7 +32023,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: F5 product: Traffix SDC cves: @@ -32055,7 +32055,7 @@ software: Kibana), Element Management System' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: FAST LTA product: '' cves: @@ -32084,7 +32084,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fastly product: '' cves: @@ -32113,7 +32113,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: FedEx product: Ship Manager Software cves: @@ -32210,7 +32210,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: FileCatalyst product: '' cves: @@ -32239,7 +32239,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: FileCloud product: '' cves: @@ -32268,7 +32268,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: FileWave product: '' cves: @@ -32297,7 +32297,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: FINVI product: '' cves: @@ -32326,7 +32326,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: FireDaemon product: '' cves: @@ -32355,7 +32355,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fisher & Paykel Healthcare product: '' cves: @@ -32413,7 +32413,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Flexera product: '' cves: @@ -32442,7 +32442,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Forcepoint product: DLP Manager cves: @@ -32471,7 +32471,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Forcepoint product: Forcepoint Cloud Security Gateway (CSG) cves: @@ -32500,7 +32500,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Forcepoint product: Next Generation Firewall (NGFW) cves: @@ -32529,7 +32529,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Forcepoint product: Next Generation Firewall, NGFW VPN Client, Forcepoint User ID service and Sidewinder @@ -32559,7 +32559,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Forcepoint product: One Endpoint cves: @@ -32588,7 +32588,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Forcepoint product: Security Manager (Web, Email and DLP) cves: @@ -32617,7 +32617,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Forescout product: '' cves: @@ -32646,7 +32646,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: ForgeRock product: Autonomous Identity cves: @@ -32675,7 +32675,7 @@ software: notes: all other ForgeRock products Not vulnerable references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiAIOps cves: @@ -32704,7 +32704,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiAnalyzer cves: @@ -32733,7 +32733,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiAnalyzer Cloud cves: @@ -32762,7 +32762,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiAP cves: @@ -32791,7 +32791,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiAuthenticator cves: @@ -32820,7 +32820,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiCASB cves: @@ -32849,7 +32849,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiConvertor cves: @@ -32878,7 +32878,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiDeceptor cves: @@ -32907,7 +32907,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiEDR Agent cves: @@ -32936,7 +32936,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiEDR Cloud cves: @@ -32965,7 +32965,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiGate Cloud cves: @@ -32994,7 +32994,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiGSLB Cloud cves: @@ -33023,7 +33023,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiMail cves: @@ -33052,7 +33052,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiManager cves: @@ -33081,7 +33081,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiManager Cloud cves: @@ -33110,7 +33110,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiNAC cves: @@ -33139,7 +33139,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiNAC cves: @@ -33168,7 +33168,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiOS (includes FortiGate & FortiWiFi) cves: @@ -33197,7 +33197,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiPhish Cloud cves: @@ -33226,7 +33226,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiPolicy cves: @@ -33255,7 +33255,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiPortal cves: @@ -33284,7 +33284,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiRecorder cves: @@ -33313,7 +33313,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiSIEM cves: @@ -33342,7 +33342,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiSOAR cves: @@ -33371,7 +33371,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiSwicth Cloud in FortiLANCloud cves: @@ -33400,7 +33400,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiSwitch & FortiSwitchManager cves: @@ -33429,7 +33429,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiToken Cloud cves: @@ -33458,7 +33458,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiVoice cves: @@ -33487,7 +33487,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiWeb Cloud cves: @@ -33516,7 +33516,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: ShieldX cves: @@ -33545,7 +33545,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: FTAPI product: '' cves: @@ -33574,7 +33574,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fujitsu product: '' cves: @@ -33603,7 +33603,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: FusionAuth product: FusionAuth cves: @@ -33633,7 +33633,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: GE Digital product: '' cves: @@ -33900,7 +33900,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Genesys product: '' cves: @@ -33929,7 +33929,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: GeoServer product: '' cves: @@ -33958,7 +33958,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Gerrit code review product: '' cves: @@ -33987,7 +33987,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: GFI product: '' cves: @@ -34016,7 +34016,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Ghidra product: '' cves: @@ -34045,7 +34045,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Gigamon product: Fabric Manager cves: @@ -34135,7 +34135,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Globus product: '' cves: @@ -34164,7 +34164,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: GoAnywhere product: Gateway cves: @@ -34284,6 +34284,36 @@ software: references: - '' last_updated: '2022-01-12T07:18:52+00:00' + - vendor: Google + product: Chrome + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security.googleblog.com/2021/12/apache-log4j-vulnerability.html + notes: Chrome Browser releases, infrastructure and admin console are not using + versions of Log4j affected by the vulnerability. + references: + - '' + last_updated: '2022-01-14' - vendor: Google Cloud product: Access Transparency cves: @@ -38229,36 +38259,6 @@ software: references: - '' last_updated: '2021-12-21T00:00:00' - - vendor: Google - product: Chrome - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://security.googleblog.com/2021/12/apache-log4j-vulnerability.html - notes: Chrome Browser releases, infrastructure and admin console are not using - versions of Log4j affected by the vulnerability. - references: - - '' - last_updated: '2022-01-14' - vendor: Gradle product: Gradle cves: @@ -38287,7 +38287,7 @@ software: notes: Gradle Scala Compiler Plugin depends upon log4j-core but it is not used. references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Gradle product: Gradle Enterprise cves: @@ -38317,7 +38317,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Gradle product: Gradle Enterprise Build Cache Node cves: @@ -38347,7 +38347,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Gradle product: Gradle Enterprise Test Distribution Agent cves: @@ -38377,7 +38377,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Grafana product: '' cves: @@ -38406,7 +38406,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Grandstream product: '' cves: @@ -38435,9 +38435,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' - - vendor: Gravitee.io - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Gravitee + product: Access Management cves: cve-2021-4104: investigated: false @@ -38445,10 +38445,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 3.10.x cve-2021-45046: investigated: false affected_versions: [] @@ -38464,7 +38465,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Gravitee product: Access Management cves: @@ -38478,7 +38479,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 3.10.x + - 3.5.x cve-2021-45046: investigated: false affected_versions: [] @@ -38494,9 +38495,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Gravitee - product: Access Management + product: Alert Engine cves: cve-2021-4104: investigated: false @@ -38508,7 +38509,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 3.5.x + - 1.5.x cve-2021-45046: investigated: false affected_versions: [] @@ -38524,7 +38525,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Gravitee product: Alert Engine cves: @@ -38538,7 +38539,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 1.5.x + - 1.4.x cve-2021-45046: investigated: false affected_versions: [] @@ -38554,9 +38555,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Gravitee - product: Alert Engine + product: API Management cves: cve-2021-4104: investigated: false @@ -38568,7 +38569,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 1.4.x + - 3.10.x cve-2021-45046: investigated: false affected_versions: [] @@ -38584,7 +38585,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Gravitee product: API Management cves: @@ -38598,7 +38599,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 3.10.x + - 3.5.x cve-2021-45046: investigated: false affected_versions: [] @@ -38614,9 +38615,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Gravitee - product: API Management + product: Cockpit cves: cve-2021-4104: investigated: false @@ -38628,7 +38629,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 3.5.x + - 1.4.x cve-2021-45046: investigated: false affected_versions: [] @@ -38644,9 +38645,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' - - vendor: Gravitee - product: Cockpit + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Gravitee.io + product: '' cves: cve-2021-4104: investigated: false @@ -38654,11 +38655,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - 1.4.x + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -38674,7 +38674,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Gravwell product: '' cves: @@ -38703,7 +38703,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Graylog product: Graylog Server cves: @@ -38733,7 +38733,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: GreenShot product: '' cves: @@ -38762,7 +38762,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: GSA product: Cloud.gov cves: @@ -38820,7 +38820,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: HAProxy product: '' cves: @@ -38849,7 +38849,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: HarmanPro AMX product: '' cves: @@ -38878,7 +38878,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: HashiCorp product: Boundary cves: @@ -38907,7 +38907,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: HashiCorp product: Consul cves: @@ -38936,7 +38936,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: HashiCorp product: Consul Enterprise cves: @@ -38965,7 +38965,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: HashiCorp product: Nomad cves: @@ -38994,7 +38994,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: HashiCorp product: Nomad Enterprise cves: @@ -39023,7 +39023,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: HashiCorp product: Packer cves: @@ -39052,7 +39052,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: HashiCorp product: Terraform cves: @@ -39081,7 +39081,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: HashiCorp product: Terraform Enterprise cves: @@ -39110,7 +39110,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: HashiCorp product: Vagrant cves: @@ -39139,7 +39139,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: HashiCorp product: Vault cves: @@ -39168,7 +39168,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: HashiCorp product: Vault Enterprise cves: @@ -39197,7 +39197,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: HashiCorp product: Waypoint cves: @@ -39226,7 +39226,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: HCL Software product: BigFix Compliance cves: @@ -39465,7 +39465,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: HENIX product: Squash TM cves: @@ -39526,7 +39526,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Hikvision product: '' cves: @@ -39555,7 +39555,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Hitachi Energy product: 3rd party - Elastic Search, Kibana cves: @@ -39742,7 +39742,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Hitachi Energy product: FOXMAN-UN cves: @@ -40149,7 +40149,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: HMS Industrial Networks AB product: Cosy, Flexy and Ewon CD cves: @@ -40823,9 +40823,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' - - vendor: HPE/Micro Focus - product: Data Protector + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: HP + product: Teradici Cloud Access Controller cves: cve-2021-4104: investigated: false @@ -40836,7 +40836,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '9.09' + - < v113 unaffected_versions: [] cve-2021-45046: investigated: false @@ -40849,13 +40849,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://portal.microfocus.com/s/article/KM000003243 + - https://support.hp.com/us-en/document/ish_5268006-5268030-16 notes: '' references: - - '[https://portal.microfocus.com/s/article/KM000003050](https://portal.microfocus.com/s/article/KM000003050)' + - '' last_updated: '2021-12-17T00:00:00' - - vendor: HPE - product: 3PAR StoreServ Arrays + - vendor: HP + product: Teradici EMSDK cves: cve-2021-4104: investigated: false @@ -40863,9 +40863,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - < 1.0.6 unaffected_versions: [] cve-2021-45046: investigated: false @@ -40878,13 +40879,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://support.hp.com/us-en/document/ish_5268006-5268030-16 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: AirWave Management Platform + last_updated: '2021-12-17T00:00:00' + - vendor: HP + product: Teradici Management Console cves: cve-2021-4104: investigated: false @@ -40892,10 +40893,42 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - < 21.10.3 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hp.com/us-en/document/ish_5268006-5268030-16 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: HP + product: Teradici PCoIP Connection Manager + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - < 21.03.6 + - < 20.07.4 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -40907,13 +40940,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://support.hp.com/us-en/document/ish_5268006-5268030-16 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Alletra 6000 + last_updated: '2021-12-17T00:00:00' + - vendor: HP + product: Teradici PCoIP License Server cves: cve-2021-4104: investigated: false @@ -40936,13 +40969,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://support.hp.com/us-en/document/ish_5268006-5268030-16 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' + last_updated: '2021-12-17T00:00:00' - vendor: HPE - product: Alletra 9k + product: 3PAR StoreServ Arrays cves: cve-2021-4104: investigated: false @@ -40971,7 +41004,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Aruba Central + product: AirWave Management Platform cves: cve-2021-4104: investigated: false @@ -41000,7 +41033,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Aruba ClearPass Policy Manager + product: Alletra 6000 cves: cve-2021-4104: investigated: false @@ -41029,7 +41062,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Aruba ClearPass Policy Manager + product: Alletra 9k cves: cve-2021-4104: investigated: false @@ -41058,7 +41091,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Aruba Instant (IAP) + product: Aruba Central cves: cve-2021-4104: investigated: false @@ -41087,7 +41120,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Aruba Location Services + product: Aruba ClearPass Policy Manager cves: cve-2021-4104: investigated: false @@ -41116,7 +41149,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Aruba NetEdit + product: Aruba ClearPass Policy Manager cves: cve-2021-4104: investigated: false @@ -41145,7 +41178,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Aruba PVOS Switches + product: Aruba Instant (IAP) cves: cve-2021-4104: investigated: false @@ -41174,7 +41207,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Aruba SDN VAN Controller + product: Aruba Location Services cves: cve-2021-4104: investigated: false @@ -41203,7 +41236,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Aruba User Experience Insight (UXI) + product: Aruba NetEdit cves: cve-2021-4104: investigated: false @@ -41232,7 +41265,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Aruba VIA Client + product: Aruba PVOS Switches cves: cve-2021-4104: investigated: false @@ -41261,7 +41294,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: ArubaOS SD-WAN Controllers and Gateways + product: Aruba SDN VAN Controller cves: cve-2021-4104: investigated: false @@ -41290,7 +41323,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: ArubaOS Wi-Fi Controllers and Gateways + product: Aruba User Experience Insight (UXI) cves: cve-2021-4104: investigated: false @@ -41319,7 +41352,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: ArubaOS-CX switches + product: Aruba VIA Client cves: cve-2021-4104: investigated: false @@ -41348,7 +41381,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: ArubaOS-S switches + product: ArubaOS SD-WAN Controllers and Gateways cves: cve-2021-4104: investigated: false @@ -41377,7 +41410,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: BladeSystem Onboard Administrator + product: ArubaOS Wi-Fi Controllers and Gateways cves: cve-2021-4104: investigated: false @@ -41406,7 +41439,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Brocade 16Gb Fibre Channel SAN Switch for HPE Synergy + product: ArubaOS-CX switches cves: cve-2021-4104: investigated: false @@ -41435,7 +41468,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Brocade 16Gb SAN Switch for HPE BladeSystem c-Class + product: ArubaOS-S switches cves: cve-2021-4104: investigated: false @@ -41464,7 +41497,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Brocade 32Gb Fibre Channel SAN Switch for HPE Synergy + product: BladeSystem Onboard Administrator cves: cve-2021-4104: investigated: false @@ -41493,7 +41526,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Brocade Network Advisor + product: Brocade 16Gb Fibre Channel SAN Switch for HPE Synergy cves: cve-2021-4104: investigated: false @@ -41522,7 +41555,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: CloudAuth + product: Brocade 16Gb SAN Switch for HPE BladeSystem c-Class cves: cve-2021-4104: investigated: false @@ -41551,7 +41584,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: CloudPhysics + product: Brocade 32Gb Fibre Channel SAN Switch for HPE Synergy cves: cve-2021-4104: investigated: false @@ -41580,7 +41613,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Compute Cloud Console + product: Brocade Network Advisor cves: cve-2021-4104: investigated: false @@ -41609,7 +41642,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Compute operations manager- FW UPDATE SERVICE + product: CloudAuth cves: cve-2021-4104: investigated: false @@ -41638,7 +41671,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: COS (Cray Operating System) + product: CloudPhysics cves: cve-2021-4104: investigated: false @@ -41667,7 +41700,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Cray Systems Management (CSM) + product: Compute Cloud Console cves: cve-2021-4104: investigated: false @@ -41696,7 +41729,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Custom SPP Portal [Link](https://spp.hpe.com/custom) + product: Compute operations manager- FW UPDATE SERVICE cves: cve-2021-4104: investigated: false @@ -41725,7 +41758,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Data Services Cloud Console + product: COS (Cray Operating System) cves: cve-2021-4104: investigated: false @@ -41754,7 +41787,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Harmony Data Platform + product: Cray Systems Management (CSM) cves: cve-2021-4104: investigated: false @@ -41783,7 +41816,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HOP public services (grafana, vault, rancher, Jenkins) + product: Custom SPP Portal [Link](https://spp.hpe.com/custom) cves: cve-2021-4104: investigated: false @@ -41812,7 +41845,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE B-series SN2600B SAN Extension Switch + product: Data Services Cloud Console cves: cve-2021-4104: investigated: false @@ -41841,7 +41874,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE B-series SN4000B SAN Extension Switch + product: Harmony Data Platform cves: cve-2021-4104: investigated: false @@ -41870,7 +41903,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE B-series SN6000B Fibre Channel Switch + product: HOP public services (grafana, vault, rancher, Jenkins) cves: cve-2021-4104: investigated: false @@ -41899,7 +41932,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE B-series SN6500B Fibre Channel Switch + product: HPE B-series SN2600B SAN Extension Switch cves: cve-2021-4104: investigated: false @@ -41928,7 +41961,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE B-series SN6600B Fibre Channel Switch + product: HPE B-series SN4000B SAN Extension Switch cves: cve-2021-4104: investigated: false @@ -41957,7 +41990,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE B-series SN6650B Fibre Channel Switch + product: HPE B-series SN6000B Fibre Channel Switch cves: cve-2021-4104: investigated: false @@ -41986,7 +42019,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE B-series SN6700B Fibre Channel Switch + product: HPE B-series SN6500B Fibre Channel Switch cves: cve-2021-4104: investigated: false @@ -42015,7 +42048,94 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE Customer Experience Assurance (CEA) + product: HPE B-series SN6600B Fibre Channel Switch + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: HPE B-series SN6650B Fibre Channel Switch + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: HPE B-series SN6700B Fibre Channel Switch + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: HPE Customer Experience Assurance (CEA) cves: cve-2021-4104: investigated: false @@ -44084,7 +44204,7 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -44597,8 +44717,8 @@ software: references: - '' last_updated: '2021-12-12T00:00:00' - - vendor: HP - product: Teradici Cloud Access Controller + - vendor: HPE/Micro Focus + product: Data Protector cves: cve-2021-4104: investigated: false @@ -44609,7 +44729,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - < v113 + - '9.09' unaffected_versions: [] cve-2021-45046: investigated: false @@ -44622,13 +44742,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hp.com/us-en/document/ish_5268006-5268030-16 + - https://portal.microfocus.com/s/article/KM000003243 notes: '' references: - - '' + - '[https://portal.microfocus.com/s/article/KM000003050](https://portal.microfocus.com/s/article/KM000003050)' last_updated: '2021-12-17T00:00:00' - - vendor: HP - product: Teradici EMSDK + - vendor: Huawei + product: '' cves: cve-2021-4104: investigated: false @@ -44636,10 +44756,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - < 1.0.6 + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -44652,13 +44771,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hp.com/us-en/document/ish_5268006-5268030-16 + - https://www.huawei.com/en/psirt/security-notices/huawei-sn-20211210-01-log4j2-en notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: HP - product: Teradici Management Console + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Hubspot + product: '' cves: cve-2021-4104: investigated: false @@ -44666,10 +44785,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - < 21.10.3 + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -44682,13 +44800,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hp.com/us-en/document/ish_5268006-5268030-16 + - https://community.hubspot.com/t5/APIs-Integrations/Log4J-day-zero-exploit-CVE-2021-44228/td-p/541949 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: HP - product: Teradici PCoIP Connection Manager + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: I-Net software + product: '' cves: cve-2021-4104: investigated: false @@ -44696,11 +44814,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - < 21.03.6 - - < 20.07.4 + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -44713,13 +44829,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hp.com/us-en/document/ish_5268006-5268030-16 + - https://faq.inetsoftware.de/t/statement-about-cve-2021-44228-log4j-vulnerability-concerning-i-net-software-products/269/3 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: HP - product: Teradici PCoIP License Server + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: I2P + product: '' cves: cve-2021-4104: investigated: false @@ -44742,12 +44858,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hp.com/us-en/document/ish_5268006-5268030-16 + - https://geti2p.net/en/blog/post/2021/12/11/i2p-unaffected-cve-2021-44228 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Huawei + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: IBA-AG product: '' cves: cve-2021-4104: @@ -44771,12 +44887,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.huawei.com/en/psirt/security-notices/huawei-sn-20211210-01-log4j2-en + - https://www.iba-ag.com/en/security notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' - - vendor: Hubspot + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Ibexa product: '' cves: cve-2021-4104: @@ -44800,13 +44916,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.hubspot.com/t5/APIs-Integrations/Log4J-day-zero-exploit-CVE-2021-44228/td-p/541949 + - https://developers.ibexa.co/security-advisories/cve-2021-44228-log4j-vulnerability notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' - - vendor: I-Net software - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: IBM + product: Analytics Engine cves: cve-2021-4104: investigated: false @@ -44829,13 +44945,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://faq.inetsoftware.de/t/statement-about-cve-2021-44228-log4j-vulnerability-concerning-i-net-software-products/269/3 + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' - - vendor: I2P - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: App Configuration cves: cve-2021-4104: investigated: false @@ -44858,13 +44974,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://geti2p.net/en/blog/post/2021/12/11/i2p-unaffected-cve-2021-44228 + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' - - vendor: IBA-AG - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: App Connect cves: cve-2021-4104: investigated: false @@ -44887,13 +45003,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.iba-ag.com/en/security + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' - - vendor: Ibexa - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: App ID cves: cve-2021-4104: investigated: false @@ -44916,13 +45032,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://developers.ibexa.co/security-advisories/cve-2021-44228-log4j-vulnerability + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Analytics Engine + product: Application Gateway cves: cve-2021-4104: investigated: false @@ -44951,7 +45067,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: App Configuration + product: Aspera cves: cve-2021-4104: investigated: false @@ -44980,7 +45096,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: App Connect + product: Aspera Endpoint cves: cve-2021-4104: investigated: false @@ -45009,7 +45125,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: App ID + product: Aspera Enterprise cves: cve-2021-4104: investigated: false @@ -45038,7 +45154,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Application Gateway + product: Aspera fasp.io cves: cve-2021-4104: investigated: false @@ -45067,7 +45183,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Aspera + product: Bare Metal Servers cves: cve-2021-4104: investigated: false @@ -45096,7 +45212,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Aspera Endpoint + product: BigFix Compliance cves: cve-2021-4104: investigated: false @@ -45118,14 +45234,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + vendor_links: [] notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: IBM - product: Aspera Enterprise + product: BigFix Inventory cves: cve-2021-4104: investigated: false @@ -45133,8 +45248,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - VM Manager Tool & SAP Tool fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -45147,14 +45263,15 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + vendor_links: [] + notes: To verify if your instance is affected, go to the lib subdirectory of the + tool (BESClient/LMT/SAPTOOL and BESClient/LMT/VMMAN) and check what version + of log4j is included. Version is included in the name of the library. references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: IBM - product: Aspera fasp.io + product: Block Storage cves: cve-2021-4104: investigated: false @@ -45183,7 +45300,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Bare Metal Servers + product: Block Storage for VPC cves: cve-2021-4104: investigated: false @@ -45212,7 +45329,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: BigFix Compliance + product: Block Storage Snapshots for VPC cves: cve-2021-4104: investigated: false @@ -45234,13 +45351,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: BigFix Inventory + product: Case Manager cves: cve-2021-4104: investigated: false @@ -45248,9 +45366,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - VM Manager Tool & SAP Tool + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -45263,15 +45380,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] - notes: To verify if your instance is affected, go to the lib subdirectory of the - tool (BESClient/LMT/SAPTOOL and BESClient/LMT/VMMAN) and check what version - of log4j is included. Version is included in the name of the library. + vendor_links: + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Block Storage + product: Certificate Manager cves: cve-2021-4104: investigated: false @@ -45300,7 +45416,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Block Storage for VPC + product: Client VPN for VPC cves: cve-2021-4104: investigated: false @@ -45329,7 +45445,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Block Storage Snapshots for VPC + product: Cloud Activity Tracker cves: cve-2021-4104: investigated: false @@ -45358,7 +45474,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Case Manager + product: Cloud Backup cves: cve-2021-4104: investigated: false @@ -45387,7 +45503,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Certificate Manager + product: Cloud Monitoring cves: cve-2021-4104: investigated: false @@ -45416,123 +45532,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Client VPN for VPC - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' - references: - - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Cloud Activity Tracker - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' - references: - - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Cloud Backup - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' - references: - - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Cloud Monitoring - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' - references: - - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Cloud Object Storage + product: Cloud Object Storage cves: cve-2021-4104: investigated: false @@ -47999,7 +47999,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: IBM product: Mass Data Migration cves: @@ -48609,7 +48609,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: IBM product: Robotic Process Automation cves: @@ -48811,7 +48811,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: IBM product: Spectrum Archive Library Edition cves: @@ -50464,7 +50464,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: IGEL product: '' cves: @@ -50493,7 +50493,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Ignite Realtime product: '' cves: @@ -50522,7 +50522,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: iGrafx product: '' cves: @@ -50551,7 +50551,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Illuminated Cloud product: '' cves: @@ -50580,7 +50580,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Illumio product: C-VEN cves: @@ -50986,7 +50986,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Imperva product: '' cves: @@ -51015,7 +51015,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Inductive Automation product: Ignition cves: @@ -51075,7 +51075,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: infinidat product: '' cves: @@ -51104,7 +51104,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: InfluxData product: '' cves: @@ -51133,7 +51133,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Infoblox product: '' cves: @@ -51162,7 +51162,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Informatica product: '' cves: @@ -51191,7 +51191,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Instana product: '' cves: @@ -51220,7 +51220,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Instructure product: '' cves: @@ -51249,7 +51249,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Intel product: Audio Development Kit cves: @@ -51629,7 +51629,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Intland product: codebeamer cves: @@ -51661,7 +51661,7 @@ software: and [21.09](https://codebeamer.com/cb/wiki/19418497), but not yet for [21.04](https://codebeamer.com/cb/wiki/16937839) references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: IPRO product: Netgovern cves: @@ -51689,7 +51689,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: iRedMail product: '' cves: @@ -51718,7 +51718,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Ironnet product: '' cves: @@ -51747,7 +51747,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: ISLONLINE product: '' cves: @@ -51776,7 +51776,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Ivanti product: Application Control for Linux cves: @@ -53977,7 +53977,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Jamf product: Jamf Pro cves: @@ -54007,7 +54007,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Janitza product: GridVis cves: @@ -54066,7 +54066,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Jedox product: '' cves: @@ -54095,7 +54095,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Jenkins product: CI/CD Core cves: @@ -54123,7 +54123,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Jenkins product: Plugins cves: @@ -54183,7 +54183,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Jetbrains product: Code With Me cves: @@ -54213,7 +54213,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: JetBrains product: Datalore cves: @@ -54243,7 +54243,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: JetBrains product: Floating license server cves: @@ -54273,7 +54273,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: JetBrains product: Gateway cves: @@ -54303,7 +54303,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: JetBrains product: Hub cves: @@ -54333,7 +54333,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: JetBrains product: IntelliJ platform based IDEs (AppCode, CLion, DataGrip, DataSpell, GoLand, IntelliJ IDEA Ultimate/Community/Edu, PhpStorm, PyCharm Professional/Community/Edu, @@ -54365,7 +54365,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: JetBrains product: Kotlin cves: @@ -54395,7 +54395,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: JetBrains product: Ktor cves: @@ -54425,7 +54425,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: JetBrains product: MPS cves: @@ -54455,7 +54455,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: JetBrains product: Space cves: @@ -54485,7 +54485,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: JetBrains product: TeamCity cves: @@ -54515,7 +54515,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: JetBrains product: ToolBox cves: @@ -54545,7 +54545,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: JetBrains product: UpSource cves: @@ -54575,7 +54575,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: JetBrains product: YouTrack InCloud cves: @@ -54605,7 +54605,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: JetBrains product: YouTrack Standalone cves: @@ -54635,7 +54635,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: JFROG product: '' cves: @@ -54664,7 +54664,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Jitsi product: '' cves: @@ -54693,7 +54693,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Jitterbit product: '' cves: @@ -54722,7 +54722,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Johnson Controls product: BCPro cves: @@ -55591,7 +55591,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: jPOS product: (ISO-8583) bridge cves: @@ -55621,7 +55621,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Jump Desktop product: '' cves: @@ -55650,7 +55650,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Juniper Networks product: '' cves: @@ -55679,7 +55679,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Justice Systems product: '' cves: @@ -55708,7 +55708,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: K15t product: '' cves: @@ -55737,7 +55737,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: K6 product: '' cves: @@ -55766,7 +55766,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Karakun product: '' cves: @@ -55795,7 +55795,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Kaseya product: '' cves: @@ -55824,7 +55824,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Keeper Security product: '' cves: @@ -55853,7 +55853,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: KEMP product: '' cves: @@ -55882,7 +55882,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: KEMP 2 product: '' cves: @@ -55911,7 +55911,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Kofax product: '' cves: @@ -55940,7 +55940,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Konica Minolta product: '' cves: @@ -55969,7 +55969,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Kronos UKG product: '' cves: @@ -55998,7 +55998,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Kyberna product: '' cves: @@ -56027,7 +56027,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: L-Soft product: '' cves: @@ -56056,7 +56056,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: L3Harris Geospatial product: '' cves: @@ -56085,7 +56085,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Lancom Systems product: '' cves: @@ -56114,7 +56114,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Lansweeper product: '' cves: @@ -56143,7 +56143,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Laserfiche product: '' cves: @@ -56172,7 +56172,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: LastPass product: '' cves: @@ -56201,7 +56201,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: LaunchDarkly product: '' cves: @@ -56230,7 +56230,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Leanix product: '' cves: @@ -56259,7 +56259,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Leica BIOSYSTEMS product: Aperio AT2 cves: @@ -58439,7 +58439,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Let's Encrypt product: '' cves: @@ -58468,7 +58468,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: LibreNMS product: '' cves: @@ -58497,7 +58497,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: LifeRay product: '' cves: @@ -58526,7 +58526,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: LifeSize product: '' cves: @@ -58555,7 +58555,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Lightbend product: '' cves: @@ -58584,7 +58584,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Lime CRM product: '' cves: @@ -58613,7 +58613,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: LIONGARD product: '' cves: @@ -58642,7 +58642,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: LiquidFiles product: '' cves: @@ -58671,7 +58671,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: LiveAction product: '' cves: @@ -58700,7 +58700,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Loftware product: '' cves: @@ -58729,7 +58729,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: LOGalyze product: SIEM & log analyzer tool cves: @@ -58790,7 +58790,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: LogicMonitor product: LogicMonitor Platform cves: @@ -58819,7 +58819,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: LogMeIn product: '' cves: @@ -58848,7 +58848,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: LogRhythm product: '' cves: @@ -58877,7 +58877,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Looker product: Looker cves: @@ -58912,7 +58912,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: LucaNet product: '' cves: @@ -58941,7 +58941,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Lucee product: '' cves: @@ -58970,7 +58970,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Lyrasis product: Fedora Repository cves: @@ -59033,7 +59033,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Maltego product: '' cves: @@ -59062,9 +59062,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: ManageEngine Zoho - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: ManageEngine + product: AD SelfService Plus cves: cve-2021-4104: investigated: false @@ -59072,10 +59072,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - Build 6.1 build 6114 cve-2021-45046: investigated: false affected_versions: [] @@ -59086,14 +59087,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://pitstop.manageengine.com/portal/en/community/topic/log4j-ad-manager-plus + vendor_links: [] notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: ManageEngine Zoho - product: ADAudit Plus + last_updated: '2021-12-27T00:00:00' + - vendor: ManageEngine + product: Servicedesk Plus cves: cve-2021-4104: investigated: false @@ -59101,8 +59101,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 11305 and below fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -59116,13 +59117,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1 + - https://www.manageengine.com/products/service-desk/security-response-plan.html notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' + last_updated: '2021-12-15T00:00:00' - vendor: ManageEngine Zoho - product: ADManager Plus + product: '' cves: cve-2021-4104: investigated: false @@ -59145,13 +59146,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1 + - https://pitstop.manageengine.com/portal/en/community/topic/log4j-ad-manager-plus notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: ManageEngine Zoho - product: Analytics Plus + product: ADAudit Plus cves: cve-2021-4104: investigated: false @@ -59180,7 +59181,7 @@ software: - '' last_updated: '2021-12-16T00:00:00' - vendor: ManageEngine Zoho - product: Cloud Security Plus + product: ADManager Plus cves: cve-2021-4104: investigated: false @@ -59209,7 +59210,7 @@ software: - '' last_updated: '2021-12-16T00:00:00' - vendor: ManageEngine Zoho - product: DataSecurity Plus + product: Analytics Plus cves: cve-2021-4104: investigated: false @@ -59238,7 +59239,7 @@ software: - '' last_updated: '2021-12-16T00:00:00' - vendor: ManageEngine Zoho - product: EventLog Analyzer + product: Cloud Security Plus cves: cve-2021-4104: investigated: false @@ -59267,7 +59268,7 @@ software: - '' last_updated: '2021-12-16T00:00:00' - vendor: ManageEngine Zoho - product: Exchange Reporter Plus + product: DataSecurity Plus cves: cve-2021-4104: investigated: false @@ -59296,7 +59297,7 @@ software: - '' last_updated: '2021-12-16T00:00:00' - vendor: ManageEngine Zoho - product: Log360 + product: EventLog Analyzer cves: cve-2021-4104: investigated: false @@ -59325,7 +59326,7 @@ software: - '' last_updated: '2021-12-16T00:00:00' - vendor: ManageEngine Zoho - product: Log360 UEBA + product: Exchange Reporter Plus cves: cve-2021-4104: investigated: false @@ -59354,7 +59355,7 @@ software: - '' last_updated: '2021-12-16T00:00:00' - vendor: ManageEngine Zoho - product: M365 Manager Plus + product: Log360 cves: cve-2021-4104: investigated: false @@ -59383,7 +59384,7 @@ software: - '' last_updated: '2021-12-16T00:00:00' - vendor: ManageEngine Zoho - product: M365 Security Plus + product: Log360 UEBA cves: cve-2021-4104: investigated: false @@ -59412,7 +59413,7 @@ software: - '' last_updated: '2021-12-16T00:00:00' - vendor: ManageEngine Zoho - product: RecoveryManager Plus + product: M365 Manager Plus cves: cve-2021-4104: investigated: false @@ -59440,185 +59441,8 @@ software: references: - '' last_updated: '2021-12-16T00:00:00' - - vendor: ManageEngine - product: AD SelfService Plus - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - Build 6.1 build 6114 - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: [] - notes: '' - references: - - '' - last_updated: '2021-12-27T00:00:00' - - vendor: ManageEngine - product: Servicedesk Plus - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: - - 11305 and below - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.manageengine.com/products/service-desk/security-response-plan.html - notes: '' - references: - - '' - last_updated: '2021-12-15T00:00:00' - - vendor: MariaDB - product: '' - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://mariadb.com/resources/blog/log4shell-and-mariadb-cve-2021-44228/ - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: MathWorks - product: All MathWorks general release desktop or server products - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.mathworks.com/matlabcentral/answers/1610640-apache-log4j-vulnerability-cve-2021-44228-how-does-it-affect-matlab-run-time - notes: '' - references: - - '' - last_updated: '2022-01-18T00:00:00' - - vendor: MathWorks - product: MATLAB - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.mathworks.com/content/dam/mathworks/policies/mathworks-response-to-cve-2021-44228-log4j-vulnerability.pdf - notes: '' - references: - - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Matillion - product: Matillion ETL - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - 1.59.10+ - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://documentation.matillion.com/docs/security-advisory-14th-december-2021 - notes: '' - references: - - '' - last_updated: '2022-11-01T00:00:00' - - vendor: Matomo - product: '' + - vendor: ManageEngine Zoho + product: M365 Security Plus cves: cve-2021-4104: investigated: false @@ -59641,12 +59465,41 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forum.matomo.org/t/matomo-is-not-concerned-by-the-log4j-security-breach-cve-2021-44228-discovered-on-december-2021-the-9th/44089 + - https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1 notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Mattermost FocalBoard + last_updated: '2021-12-16T00:00:00' + - vendor: ManageEngine Zoho + product: RecoveryManager Plus + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1 + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: MariaDB product: '' cves: cve-2021-4104: @@ -59670,13 +59523,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forum.mattermost.org/t/log4j-vulnerability-concern/12676 + - https://mariadb.com/resources/blog/log4shell-and-mariadb-cve-2021-44228/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: McAfee - product: Data Exchange Layer (DXL) Client + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: MathWorks + product: All MathWorks general release desktop or server products cves: cve-2021-4104: investigated: false @@ -59684,10 +59537,40 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + vendor_links: + - https://www.mathworks.com/matlabcentral/answers/1610640-apache-log4j-vulnerability-cve-2021-44228-how-does-it-affect-matlab-run-time + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: MathWorks + product: MATLAB + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -59698,13 +59581,44 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://www.mathworks.com/content/dam/mathworks/policies/mathworks-response-to-cve-2021-44228-log4j-vulnerability.pdf notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: Data Loss Prevention (DLP) Discover + last_updated: '2022-01-18T00:00:00' + - vendor: Matillion + product: Matillion ETL + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 1.59.10+ + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://documentation.matillion.com/docs/security-advisory-14th-december-2021 + notes: '' + references: + - '' + last_updated: '2022-11-01T00:00:00' + - vendor: Matomo + product: '' cves: cve-2021-4104: investigated: false @@ -59726,13 +59640,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://forum.matomo.org/t/matomo-is-not-concerned-by-the-log4j-security-breach-cve-2021-44228-discovered-on-december-2021-the-9th/44089 notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: Data Loss Prevention (DLP) Endpoint for Mac + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Mattermost FocalBoard + product: '' cves: cve-2021-4104: investigated: false @@ -59754,13 +59669,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://forum.mattermost.org/t/log4j-vulnerability-concern/12676 notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: McAfee - product: Data Loss Prevention (DLP) Endpoint for Windows + product: Data Exchange Layer (DXL) Client cves: cve-2021-4104: investigated: false @@ -59788,7 +59704,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: McAfee - product: Data Loss Prevention (DLP) Monitor + product: Data Loss Prevention (DLP) Discover cves: cve-2021-4104: investigated: false @@ -59816,7 +59732,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: McAfee - product: Data Loss Prevention (DLP) Prevent + product: Data Loss Prevention (DLP) Endpoint for Mac cves: cve-2021-4104: investigated: false @@ -59844,7 +59760,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: McAfee - product: Endpoint Security (ENS) for Linux + product: Data Loss Prevention (DLP) Endpoint for Windows cves: cve-2021-4104: investigated: false @@ -59872,7 +59788,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: McAfee - product: Endpoint Security (ENS) for Mac + product: Data Loss Prevention (DLP) Monitor cves: cve-2021-4104: investigated: false @@ -59900,7 +59816,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: McAfee - product: Endpoint Security (ENS) for Windows + product: Data Loss Prevention (DLP) Prevent cves: cve-2021-4104: investigated: false @@ -59928,7 +59844,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: McAfee - product: Enterprise Security Manager (ESM) + product: Endpoint Security (ENS) for Linux cves: cve-2021-4104: investigated: false @@ -59936,10 +59852,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - 11.5.3 + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -59951,14 +59866,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://kc.mcafee.com/agent/index?page=content&id=SB10377 + vendor_links: [] notes: '' references: - '' last_updated: '2021-12-20T00:00:00' - vendor: McAfee - product: ePolicy Orchestrator Agent Handlers (ePO-AH) + product: Endpoint Security (ENS) for Mac cves: cve-2021-4104: investigated: false @@ -59986,7 +59900,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: McAfee - product: ePolicy Orchestrator Application Server (ePO) + product: Endpoint Security (ENS) for Windows cves: cve-2021-4104: investigated: false @@ -59994,10 +59908,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - 5.10 CU11 + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -60009,14 +59922,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://kc.mcafee.com/agent/index?page=content&id=SB10377 + vendor_links: [] notes: '' references: - '' last_updated: '2021-12-20T00:00:00' - vendor: McAfee - product: Host Intrusion Prevention (Host IPS) + product: Enterprise Security Manager (ESM) cves: cve-2021-4104: investigated: false @@ -60024,9 +59936,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 11.5.3 unaffected_versions: [] cve-2021-45046: investigated: false @@ -60038,13 +59951,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://kc.mcafee.com/agent/index?page=content&id=SB10377 notes: '' references: - '' last_updated: '2021-12-20T00:00:00' - vendor: McAfee - product: Management of Native Encryption (MNE) + product: ePolicy Orchestrator Agent Handlers (ePO-AH) cves: cve-2021-4104: investigated: false @@ -60072,7 +59986,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: McAfee - product: McAfee Active Response (MAR) + product: ePolicy Orchestrator Application Server (ePO) cves: cve-2021-4104: investigated: false @@ -60080,9 +59994,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 5.10 CU11 unaffected_versions: [] cve-2021-45046: investigated: false @@ -60094,13 +60009,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://kc.mcafee.com/agent/index?page=content&id=SB10377 notes: '' references: - '' last_updated: '2021-12-20T00:00:00' - vendor: McAfee - product: McAfee Agent (MA) + product: Host Intrusion Prevention (Host IPS) cves: cve-2021-4104: investigated: false @@ -60128,7 +60044,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: McAfee - product: McAfee Application and Change Control (MACC) for Linux + product: Management of Native Encryption (MNE) cves: cve-2021-4104: investigated: false @@ -60156,7 +60072,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: McAfee - product: McAfee Application and Change Control (MACC) for Windows + product: McAfee Active Response (MAR) cves: cve-2021-4104: investigated: false @@ -60184,7 +60100,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: McAfee - product: McAfee Client Proxy (MCP) for Mac + product: McAfee Agent (MA) cves: cve-2021-4104: investigated: false @@ -60212,7 +60128,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: McAfee - product: McAfee Client Proxy (MCP) for Windows + product: McAfee Application and Change Control (MACC) for Linux cves: cve-2021-4104: investigated: false @@ -60240,7 +60156,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: McAfee - product: McAfee Drive Encryption (MDE) + product: McAfee Application and Change Control (MACC) for Windows cves: cve-2021-4104: investigated: false @@ -60268,7 +60184,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: McAfee - product: McAfee Security for Microsoft Exchange (MSME) + product: McAfee Client Proxy (MCP) for Mac cves: cve-2021-4104: investigated: false @@ -60296,7 +60212,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: McAfee - product: McAfee Security for Microsoft Exchange (MSME) + product: McAfee Client Proxy (MCP) for Windows cves: cve-2021-4104: investigated: false @@ -60324,7 +60240,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: McAfee - product: McAfee Security for Microsoft SharePoint (MSMS) + product: McAfee Drive Encryption (MDE) cves: cve-2021-4104: investigated: false @@ -60352,7 +60268,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: McAfee - product: Network Security Manager (NSM) + product: McAfee Security for Microsoft Exchange (MSME) cves: cve-2021-4104: investigated: false @@ -60380,7 +60296,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: McAfee - product: Network Security Platform (NSP) + product: McAfee Security for Microsoft Exchange (MSME) cves: cve-2021-4104: investigated: false @@ -60408,7 +60324,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: McAfee - product: Policy Auditor + product: McAfee Security for Microsoft SharePoint (MSMS) cves: cve-2021-4104: investigated: false @@ -60436,7 +60352,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: McAfee - product: Threat Intelligence Exchange (TIE) + product: Network Security Manager (NSM) cves: cve-2021-4104: investigated: false @@ -60458,14 +60374,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://kc.mcafee.com/agent/index?page=content&id=SB10377 - notes: Latest status in linked Security Bulletin + vendor_links: [] + notes: '' references: - '' last_updated: '2021-12-20T00:00:00' - vendor: McAfee - product: Web Gateway (MWG) + product: Network Security Platform (NSP) cves: cve-2021-4104: investigated: false @@ -60487,14 +60402,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://kc.mcafee.com/agent/index?page=content&id=SB10377 + vendor_links: [] notes: '' references: - '' last_updated: '2021-12-20T00:00:00' - - vendor: Medtronic - product: '' + - vendor: McAfee + product: Policy Auditor cves: cve-2021-4104: investigated: false @@ -60516,14 +60430,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://global.medtronic.com/xg-en/product-security/security-bulletins/log4j-vulnerabilities.html + vendor_links: [] notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: MEINBERG - product: '' + last_updated: '2021-12-20T00:00:00' + - vendor: McAfee + product: Threat Intelligence Exchange (TIE) cves: cve-2021-4104: investigated: false @@ -60546,13 +60459,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.meinbergglobal.com/english/news/meinberg-lantime-and-microsync-systems-not-at-risk-from-log4j-security-exploit.htm - notes: '' + - https://kc.mcafee.com/agent/index?page=content&id=SB10377 + notes: Latest status in linked Security Bulletin references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: MEINBERG - product: LANTIME and microSync + last_updated: '2021-12-20T00:00:00' + - vendor: McAfee + product: Web Gateway (MWG) cves: cve-2021-4104: investigated: false @@ -60575,13 +60488,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.meinbergglobal.com/english/news/meinberg-lantime-and-microsync-systems-not-at-risk-from-log4j-security-exploit.htm + - https://kc.mcafee.com/agent/index?page=content&id=SB10377 notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Meltano - product: Meltano + last_updated: '2021-12-20T00:00:00' + - vendor: Medtronic + product: '' cves: cve-2021-4104: investigated: false @@ -60604,12 +60517,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://github.com/meltano/meltano - notes: Project is written in Python + - https://global.medtronic.com/xg-en/product-security/security-bulletins/log4j-vulnerabilities.html + notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Memurai + last_updated: '2021-12-21T00:00:00' + - vendor: MEINBERG product: '' cves: cve-2021-4104: @@ -60633,52 +60546,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.memurai.com/blog/apache-log4j2-cve-2021-44228 + - https://www.meinbergglobal.com/english/news/meinberg-lantime-and-microsync-systems-not-at-risk-from-log4j-security-exploit.htm notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Micro Focus - product: Data Protector - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - '10.20' - - '10.30' - - '10.40' - - '10.50' - - '10.60' - - '10.70' - - '10.80' - - '10.90' - - '10.91' - - '11.00' - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://portal.microfocus.com/s/article/KM000003052 - notes: '' - references: - - '[https://portal.microfocus.com/s/article/KM000003050](https://portal.microfocus.com/s/article/KM000003050)' - last_updated: '2021-12-13T00:00:00' - - vendor: Microsoft - product: Azure API Gateway + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: MEINBERG + product: LANTIME and microSync cves: cve-2021-4104: investigated: false @@ -60701,13 +60575,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/ + - https://www.meinbergglobal.com/english/news/meinberg-lantime-and-microsync-systems-not-at-risk-from-log4j-security-exploit.htm notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Microsoft - product: Azure Application Gateway + last_updated: '2022-01-05T00:00:00' + - vendor: Meltano + product: Meltano cves: cve-2021-4104: investigated: false @@ -60730,13 +60604,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/ - notes: '' + - https://github.com/meltano/meltano + notes: Project is written in Python references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Microsoft - product: Azure Data lake store java + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Memurai + product: '' cves: cve-2021-4104: investigated: false @@ -60744,41 +60618,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - < 2.3.10 - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://github.com/Azure/azure-data-lake-store-java/blob/ed5d6304783286c3cfff0a1dee457a922e23ad48/CHANGES.md#version-2310 - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Microsoft - product: Azure Data lake store java - cves: - cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: - - < 2.3.10 - fixed_versions: [] - unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -60790,13 +60633,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://github.com/Azure/azure-data-lake-store-java/blob/ed5d6304783286c3cfff0a1dee457a922e23ad48/CHANGES.md#version-2310 + - https://www.memurai.com/blog/apache-log4j2-cve-2021-44228 notes: '' references: - '' last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Microsoft - product: Azure DevOps + - vendor: Micro Focus + product: Data Protector cves: cve-2021-4104: investigated: false @@ -60804,9 +60647,19 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '10.20' + - '10.30' + - '10.40' + - '10.50' + - '10.60' + - '10.70' + - '10.80' + - '10.90' + - '10.91' + - '11.00' unaffected_versions: [] cve-2021-45046: investigated: false @@ -60819,13 +60672,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://devblogs.microsoft.com/devops/azure-devops-and-azure-devops-server-and-the-log4j-vulnerability/?WT.mc_id=DOP-MVP-5001511 + - https://portal.microfocus.com/s/article/KM000003052 notes: '' references: - - '' - last_updated: '2022-01-12T07:18:54+00:00' + - '[https://portal.microfocus.com/s/article/KM000003050](https://portal.microfocus.com/s/article/KM000003050)' + last_updated: '2021-12-13T00:00:00' - vendor: Microsoft - product: Azure DevOps Server + product: Azure API Gateway cves: cve-2021-4104: investigated: false @@ -60833,9 +60686,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 2019.0 - 2020.1 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -60849,13 +60701,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://devblogs.microsoft.com/devops/azure-devops-and-azure-devops-server-and-the-log4j-vulnerability/?WT.mc_id=DOP-MVP-5001511 + - https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Microsoft - product: Azure Traffic Manager + product: Azure Application Gateway cves: cve-2021-4104: investigated: false @@ -60882,9 +60734,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Microsoft - product: Team Foundation Server + product: Azure Data lake store java cves: cve-2021-4104: investigated: false @@ -60894,7 +60746,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 2018.2+ + - < 2.3.10 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -60908,13 +60760,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://devblogs.microsoft.com/devops/azure-devops-and-azure-devops-server-and-the-log4j-vulnerability/?WT.mc_id=DOP-MVP-5001511 + - https://github.com/Azure/azure-data-lake-store-java/blob/ed5d6304783286c3cfff0a1dee457a922e23ad48/CHANGES.md#version-2310 notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Microstrategy - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Microsoft + product: Azure Data lake store java cves: cve-2021-4104: investigated: false @@ -60922,8 +60774,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - < 2.3.10 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -60937,13 +60790,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.microstrategy.com/s/article/MicroStrategy-s-response-to-CVE-2021-44228-The-Log4j-0-Day-Vulnerability?language=en_US + - https://github.com/Azure/azure-data-lake-store-java/blob/ed5d6304783286c3cfff0a1dee457a922e23ad48/CHANGES.md#version-2310 notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Midori Global - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Microsoft + product: Azure DevOps cves: cve-2021-4104: investigated: false @@ -60966,13 +60819,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.midori-global.com/blog/2021/12/15/cve-2021-44228-log4shell-midori-apps-are-not-affected + - https://devblogs.microsoft.com/devops/azure-devops-and-azure-devops-server-and-the-log4j-vulnerability/?WT.mc_id=DOP-MVP-5001511 notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Mikrotik - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Microsoft + product: Azure DevOps Server cves: cve-2021-4104: investigated: false @@ -60980,8 +60833,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 2019.0 - 2020.1 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -60995,13 +60849,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forum.mikrotik.com/viewtopic.php?p=897938 + - https://devblogs.microsoft.com/devops/azure-devops-and-azure-devops-server-and-the-log4j-vulnerability/?WT.mc_id=DOP-MVP-5001511 notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Milestone sys - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Microsoft + product: Azure Traffic Manager cves: cve-2021-4104: investigated: false @@ -61024,13 +60878,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportcommunity.milestonesys.com/s/article/Log4J-vulnerability-faq?language=en_US + - https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Mimecast - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Microsoft + product: Team Foundation Server cves: cve-2021-4104: investigated: false @@ -61038,8 +60892,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 2018.2+ fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -61053,12 +60908,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.mimecast.com/s/article/Mimecast-Information-for-Customers-on-the-Log4Shell-Vulnerability + - https://devblogs.microsoft.com/devops/azure-devops-and-azure-devops-server-and-the-log4j-vulnerability/?WT.mc_id=DOP-MVP-5001511 notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Minecraft + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Microstrategy product: '' cves: cve-2021-4104: @@ -61082,12 +60937,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.minecraft.net/en-us/article/important-message--security-vulnerability-java-edition + - https://community.microstrategy.com/s/article/MicroStrategy-s-response-to-CVE-2021-44228-The-Log4j-0-Day-Vulnerability?language=en_US notes: '' references: - '' last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Mirantis + - vendor: Midori Global product: '' cves: cve-2021-4104: @@ -61111,12 +60966,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://github.com/Mirantis/security/blob/main/news/cve-2021-44288.md + - https://www.midori-global.com/blog/2021/12/15/cve-2021-44228-log4shell-midori-apps-are-not-affected notes: '' references: - '' last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Miro + - vendor: Mikrotik product: '' cves: cve-2021-4104: @@ -61140,12 +60995,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://miro.com/trust/updates/log4j/ + - https://forum.mikrotik.com/viewtopic.php?p=897938 notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Mitel + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Milestone sys product: '' cves: cve-2021-4104: @@ -61169,13 +61024,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-21-0010 + - https://supportcommunity.milestonesys.com/s/article/Log4J-vulnerability-faq?language=en_US notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: MMM Group - product: Control software of all MMM series + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Mimecast + product: '' cves: cve-2021-4104: investigated: false @@ -61198,13 +61053,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.mmmgroup.com/en/news/cybersecurity-vulnerability-log4shell-java-library-log4j + - https://community.mimecast.com/s/article/Mimecast-Information-for-Customers-on-the-Log4Shell-Vulnerability notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: MMM Group - product: RUMED360 Cycles, RUMED360 Cycles View, RUMED360 Sicon, RUMED360 ISA-Server + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Minecraft + product: '' cves: cve-2021-4104: investigated: false @@ -61227,14 +61082,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.mmmgroup.com/en/news/cybersecurity-vulnerability-log4shell-java-library-log4j + - https://www.minecraft.net/en-us/article/important-message--security-vulnerability-java-edition notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: MongoDB - product: All other components of MongoDB Atlas (including Atlas Database, Data - Lake, Charts) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Mirantis + product: '' cves: cve-2021-4104: investigated: false @@ -61257,13 +61111,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb + - https://github.com/Mirantis/security/blob/main/news/cve-2021-44288.md notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: MongoDB - product: MongoDB Atlas Search + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Miro + product: '' cves: cve-2021-4104: investigated: false @@ -61286,14 +61140,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb + - https://miro.com/trust/updates/log4j/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: MongoDB - product: MongoDB Community Edition (including Community Server, Cloud Manager, - Community Kubernetes Operators) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Mitel + product: '' cves: cve-2021-4104: investigated: false @@ -61316,13 +61169,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb + - https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-21-0010 notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: MongoDB - product: MongoDB Drivers + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: MMM Group + product: Control software of all MMM series cves: cve-2021-4104: investigated: false @@ -61345,14 +61198,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb + - https://www.mmmgroup.com/en/news/cybersecurity-vulnerability-log4shell-java-library-log4j notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: MongoDB - product: MongoDB Enterprise Advanced (including Enterprise Server, Ops Manager, - Enterprise Kubernetes Operators) + last_updated: '2022-01-05T00:00:00' + - vendor: MMM Group + product: RUMED360 Cycles, RUMED360 Cycles View, RUMED360 Sicon, RUMED360 ISA-Server cves: cve-2021-4104: investigated: false @@ -61375,13 +61227,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb + - https://www.mmmgroup.com/en/news/cybersecurity-vulnerability-log4shell-java-library-log4j notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-05T00:00:00' - vendor: MongoDB - product: MongoDB Realm (including Realm Database, Sync, Functions, APIs) + product: All other components of MongoDB Atlas (including Atlas Database, Data + Lake, Charts) cves: cve-2021-4104: investigated: false @@ -61408,10 +61261,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: MongoDB - product: MongoDB Tools (including Compass, Database Shell, VS Code Plugin, Atlas - CLI, Database Connectors) + product: MongoDB Atlas Search cves: cve-2021-4104: investigated: false @@ -61438,9 +61290,10 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Moodle - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: MongoDB + product: MongoDB Community Edition (including Community Server, Cloud Manager, + Community Kubernetes Operators) cves: cve-2021-4104: investigated: false @@ -61463,13 +61316,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://moodle.org/mod/forum/discuss.php?d=429966 + - https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: MoogSoft - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: MongoDB + product: MongoDB Drivers cves: cve-2021-4104: investigated: false @@ -61492,13 +61345,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://servicedesk.moogsoft.com/hc/en-us/articles/4412463233811?input_string=log4j+vulnerability+%7C%7C+cve-2021-44228 + - https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Motorola Avigilon - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: MongoDB + product: MongoDB Enterprise Advanced (including Enterprise Server, Ops Manager, + Enterprise Kubernetes Operators) cves: cve-2021-4104: investigated: false @@ -61521,45 +61375,43 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.avigilon.com/s/article/Technical-Notification-Apache-Log4j2-vulnerability-impact-on-Avigilon-products-CVE-2021-44228?language=en_US + - https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Moxa - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: MongoDB + product: MongoDB Realm (including Realm Database, Sync, Functions, APIs) cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.moxa.com/en/support/product-support/security-advisory/moxa-s-response-regarding-the-apache-log4j-vulnerability - notes: Moxa is investigating to determine if any of our products are affected - by this vulnerability. At the time of publication, none of Moxa's products are - affected. + - https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb + notes: '' references: - '' - last_updated: '2022-01-19T00:00:00' - - vendor: Mulesoft - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: MongoDB + product: MongoDB Tools (including Compass, Database Shell, VS Code Plugin, Atlas + CLI, Database Connectors) cves: cve-2021-4104: investigated: false @@ -61582,14 +61434,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.mulesoft.com/s/article/Apache-Log4j2-vulnerability-December-2021 - notes: This advisory is available to customers only and has not been reviewed - by CISA + - https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb + notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Mulesoft - product: Anypoint Studio + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Moodle + product: '' cves: cve-2021-4104: investigated: false @@ -61597,9 +61448,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 7.x + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -61613,14 +61463,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.mulesoft.com/s/article/Apache-Log4j2-vulnerability-December-2021 - notes: This advisory is available to account holders only and has not been reviewed - by CISA. + - https://moodle.org/mod/forum/discuss.php?d=429966 + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Mulesoft - product: Cloudhub + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: MoogSoft + product: '' cves: cve-2021-4104: investigated: false @@ -61643,14 +61492,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.mulesoft.com/s/article/Apache-Log4j2-vulnerability-December-2021 - notes: This advisory is available to account holders only and has not been reviewed - by CISA. + - https://servicedesk.moogsoft.com/hc/en-us/articles/4412463233811?input_string=log4j+vulnerability+%7C%7C+cve-2021-44228 + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Mulesoft - product: Mule Agent + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Motorola Avigilon + product: '' cves: cve-2021-4104: investigated: false @@ -61658,9 +61506,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 6.x + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -61674,45 +61521,44 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.mulesoft.com/s/article/Apache-Log4j2-vulnerability-December-2021 - notes: This advisory is available to account holders only and has not been reviewed - by CISA. + - https://support.avigilon.com/s/article/Technical-Notification-Apache-Log4j2-vulnerability-impact-on-Avigilon-products-CVE-2021-44228?language=en_US + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Mulesoft - product: Mule Runtime + last_updated: '2022-01-12T07:18:54+00:00' + - vendor: Moxa + product: '' cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 3.x - - 4.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.mulesoft.com/s/article/Apache-Log4j2-vulnerability-December-2021 - notes: This advisory is available to account holders only and has not been reviewed - by CISA. + - https://www.moxa.com/en/support/product-support/security-advisory/moxa-s-response-regarding-the-apache-log4j-vulnerability + notes: Moxa is investigating to determine if any of our products are affected + by this vulnerability. At the time of publication, none of Moxa's products are + affected. references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: N-able + last_updated: '2022-01-19T00:00:00' + - vendor: Mulesoft product: '' cves: cve-2021-4104: @@ -61736,13 +61582,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.n-able.com/security-and-privacy/apache-log4j-vulnerability - notes: '' + - https://help.mulesoft.com/s/article/Apache-Log4j2-vulnerability-December-2021 + notes: This advisory is available to customers only and has not been reviewed + by CISA references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Nagios - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Mulesoft + product: Anypoint Studio cves: cve-2021-4104: investigated: false @@ -61750,8 +61597,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 7.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -61765,13 +61613,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.nagios.com/news/2021/12/update-on-apache-log4j-vulnerability/ - notes: '' + - https://help.mulesoft.com/s/article/Apache-Log4j2-vulnerability-December-2021 + notes: This advisory is available to account holders only and has not been reviewed + by CISA. references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: NAKIVO - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: Mulesoft + product: Cloudhub cves: cve-2021-4104: investigated: false @@ -61794,46 +61643,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forum.nakivo.com/index.php?/topic/7574-log4j-cve-2021-44228/&do=findComment&comment=9145 - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: National Instruments - product: OptimalPlus - cves: - cve-2021-4104: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: - - Vertica - - Cloudera - - Logstash - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.ni.com/en-us/support/documentation/supplemental/21/ni-response-to-apache-log4j-vulnerability-.html - notes: (Limited to deployments running Vertica, Cloudera, or Logstash) Contact - Technical Support + - https://help.mulesoft.com/s/article/Apache-Log4j2-vulnerability-December-2021 + notes: This advisory is available to account holders only and has not been reviewed + by CISA. references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Neo4j - product: Neo4j Graph Database + last_updated: '2021-12-15T00:00:00' + - vendor: Mulesoft + product: Mule Agent cves: cve-2021-4104: investigated: false @@ -61843,8 +61660,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '>4.2' - - <4..2.12 + - 6.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -61857,13 +61673,15 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] - notes: '' + vendor_links: + - https://help.mulesoft.com/s/article/Apache-Log4j2-vulnerability-December-2021 + notes: This advisory is available to account holders only and has not been reviewed + by CISA. references: - '' - last_updated: '2021-12-13T00:00:00' - - vendor: Netapp - product: Multiple NetApp products + last_updated: '2021-12-15T00:00:00' + - vendor: Mulesoft + product: Mule Runtime cves: cve-2021-4104: investigated: false @@ -61871,8 +61689,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 3.x + - 4.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -61886,12 +61706,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://security.netapp.com/advisory/ntap-20211210-0007/ - notes: '' + - https://help.mulesoft.com/s/article/Apache-Log4j2-vulnerability-December-2021 + notes: This advisory is available to account holders only and has not been reviewed + by CISA. references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Netcup + last_updated: '2021-12-15T00:00:00' + - vendor: N-able product: '' cves: cve-2021-4104: @@ -61915,12 +61736,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.netcup-news.de/2021/12/14/pruefung-log4j-sicherheitsluecken-abgeschlossen/ + - https://www.n-able.com/security-and-privacy/apache-log4j-vulnerability notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: NetGate PFSense + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Nagios product: '' cves: cve-2021-4104: @@ -61944,12 +61765,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forum.netgate.com/topic/168417/java-log4j-vulnerability-is-pfsense-affected/35 + - https://www.nagios.com/news/2021/12/update-on-apache-log4j-vulnerability/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Netwrix + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: NAKIVO product: '' cves: cve-2021-4104: @@ -61973,44 +61794,46 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.netwrix.com/netwrix_statement_on_cve_2021_44228_the_apache_log4j_vulnerability.html + - https://forum.nakivo.com/index.php?/topic/7574-log4j-cve-2021-44228/&do=findComment&comment=9145 notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: New Relic - product: Containerized Private Minion (CPM) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: National Instruments + product: OptimalPlus cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: - - 3.0.57 + affected_versions: + - Vertica + - Cloudera + - Logstash + fixed_versions: [] unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.newrelic.com/docs/security/new-relic-security/security-bulletins/security-bulletin-nr21-04/ - notes: New Relic is in the process of revising guidance/documentation, however - the fix version remains sufficient. + - https://www.ni.com/en-us/support/documentation/supplemental/21/ni-response-to-apache-log4j-vulnerability-.html + notes: (Limited to deployments running Vertica, Cloudera, or Logstash) Contact + Technical Support references: - - '[Security Bulletin NR21-04](https://docs.newrelic.com/docs/security/new-relic-security/security-bulletins/security-bulletin-nr21-04/)' - last_updated: '2021-12-18T00:00:00' - - vendor: New Relic - product: New Relic Java Agent + - '' + last_updated: '2022-01-05T00:00:00' + - vendor: Neo4j + product: Neo4j Graph Database cves: cve-2021-4104: investigated: false @@ -62020,7 +61843,8 @@ software: cve-2021-44228: investigated: true affected_versions: - - <7.4.3 + - '>4.2' + - <4..2.12 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -62033,15 +61857,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://docs.newrelic.com/docs/release-notes/agent-release-notes/java-release-notes/java-agent-743/ - notes: Initially fixed in 7.4.2, but additional vulnerability found + vendor_links: [] + notes: '' references: - - '[New Relic tracking](https://github.com/newrelic/newrelic-java-agent/issues/605), - covers CVE-2021-44228, CVE-2021-45046' - last_updated: '2021-12-20T00:00:00' - - vendor: NextCloud - product: '' + - '' + last_updated: '2021-12-13T00:00:00' + - vendor: Netapp + product: Multiple NetApp products cves: cve-2021-4104: investigated: false @@ -62064,13 +61886,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.nextcloud.com/t/apache-log4j-does-not-affect-nextcloud/129244 + - https://security.netapp.com/advisory/ntap-20211210-0007/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Nextflow - product: Nextflow + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Netcup + product: '' cves: cve-2021-4104: investigated: false @@ -62078,11 +61900,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - 21.04.0.5552 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -62094,12 +61915,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.nextflow.io/docs/latest/index.html + - https://www.netcup-news.de/2021/12/14/pruefung-log4j-sicherheitsluecken-abgeschlossen/ notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Nexus Group + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: NetGate PFSense product: '' cves: cve-2021-4104: @@ -62123,12 +61944,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://doc.nexusgroup.com/pages/viewpage.action?pageId=83133294 + - https://forum.netgate.com/topic/168417/java-log4j-vulnerability-is-pfsense-affected/35 notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Nice Software (AWS) EnginFRAME + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Netwrix product: '' cves: cve-2021-4104: @@ -62152,13 +61973,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.enginframe.com/ + - https://www.netwrix.com/netwrix_statement_on_cve_2021_44228_the_apache_log4j_vulnerability.html notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: NinjaRMM - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: New Relic + product: Containerized Private Minion (CPM) cves: cve-2021-4104: investigated: false @@ -62166,9 +61987,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 3.0.57 unaffected_versions: [] cve-2021-45046: investigated: false @@ -62181,14 +62003,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://ninjarmm.zendesk.com/hc/en-us/articles/4416226194189-12-10-21-Security-Declaration-NinjaOne-not-affected-by-CVE-2021-44228-log4j- - notes: This advisory is available to customers only and has not been reviewed - by CISA + - https://docs.newrelic.com/docs/security/new-relic-security/security-bulletins/security-bulletin-nr21-04/ + notes: New Relic is in the process of revising guidance/documentation, however + the fix version remains sufficient. references: - - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Nomachine - product: '' + - '[Security Bulletin NR21-04](https://docs.newrelic.com/docs/security/new-relic-security/security-bulletins/security-bulletin-nr21-04/)' + last_updated: '2021-12-18T00:00:00' + - vendor: New Relic + product: New Relic Java Agent cves: cve-2021-4104: investigated: false @@ -62196,8 +62018,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - <7.4.3 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -62211,12 +62034,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.nomachine.com/topic/apache-log4j-notification - notes: '' + - https://docs.newrelic.com/docs/release-notes/agent-release-notes/java-release-notes/java-agent-743/ + notes: Initially fixed in 7.4.2, but additional vulnerability found references: - - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: NoviFlow + - '[New Relic tracking](https://github.com/newrelic/newrelic-java-agent/issues/605), + covers CVE-2021-44228, CVE-2021-45046' + last_updated: '2021-12-20T00:00:00' + - vendor: NextCloud product: '' cves: cve-2021-4104: @@ -62240,13 +62064,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://noviflow.com/noviflow-products-and-the-log4shell-exploit-cve-2021-44228/ + - https://help.nextcloud.com/t/apache-log4j-does-not-affect-nextcloud/129244 notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Nulab - product: Backlog + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Nextflow + product: Nextflow cves: cve-2021-4104: investigated: false @@ -62256,9 +62080,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - N/A (SaaS) - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - 21.04.0.5552 cve-2021-45046: investigated: false affected_versions: [] @@ -62270,13 +62094,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://nulab.com/blog/company-news/log4shell/ + - https://www.nextflow.io/docs/latest/index.html notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Nulab - product: Backlog Enterprise (On-premises) + last_updated: '2021-12-21T00:00:00' + - vendor: Nexus Group + product: '' cves: cve-2021-4104: investigated: false @@ -62284,10 +62108,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - < 1.11.7 + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -62300,13 +62123,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://nulab.com/blog/company-news/log4shell/ + - https://doc.nexusgroup.com/pages/viewpage.action?pageId=83133294 notes: '' references: - '' last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Nulab - product: Cacoo + - vendor: Nice Software (AWS) EnginFRAME + product: '' cves: cve-2021-4104: investigated: false @@ -62314,10 +62137,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - N/A (SaaS) + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -62330,13 +62152,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://nulab.com/blog/company-news/log4shell/ + - https://download.enginframe.com/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Nulab - product: Cacoo Enterprise (On-premises) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: NinjaRMM + product: '' cves: cve-2021-4104: investigated: false @@ -62344,10 +62166,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - < 4.0.4 + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -62360,13 +62181,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://nulab.com/blog/company-news/log4shell/ - notes: '' + - https://ninjarmm.zendesk.com/hc/en-us/articles/4416226194189-12-10-21-Security-Declaration-NinjaOne-not-affected-by-CVE-2021-44228-log4j- + notes: This advisory is available to customers only and has not been reviewed + by CISA references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Nulab - product: Typetalk + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Nomachine + product: '' cves: cve-2021-4104: investigated: false @@ -62374,10 +62196,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - N/A (SaaS) + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -62390,13 +62211,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://nulab.com/blog/company-news/log4shell/ + - https://forums.nomachine.com/topic/apache-log4j-notification notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Nutanix - product: AHV + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: NoviFlow + product: '' cves: cve-2021-4104: investigated: false @@ -62404,11 +62225,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -62420,13 +62240,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + - https://noviflow.com/noviflow-products-and-the-log4shell-exploit-cve-2021-44228/ notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: AOS + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Nulab + product: Backlog cves: cve-2021-4104: investigated: false @@ -62436,10 +62256,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - LTS (including Prism Element) - - Community Edition + fixed_versions: + - N/A (SaaS) + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -62451,13 +62270,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + - https://nulab.com/blog/company-news/log4shell/ notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: AOS + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Nulab + product: Backlog Enterprise (On-premises) cves: cve-2021-4104: investigated: false @@ -62468,7 +62287,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - STS (including Prism Element) + - < 1.11.7 unaffected_versions: [] cve-2021-45046: investigated: false @@ -62481,13 +62300,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf - notes: Patched in 6.0.2.4, available on the Portal for download. + - https://nulab.com/blog/company-news/log4shell/ + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: Beam + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Nulab + product: Cacoo cves: cve-2021-4104: investigated: false @@ -62495,9 +62314,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - N/A (SaaS) unaffected_versions: [] cve-2021-45046: investigated: false @@ -62510,13 +62330,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf - notes: Saas-Based Procuct. See Advisory. + - https://nulab.com/blog/company-news/log4shell/ + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: BeamGov + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Nulab + product: Cacoo Enterprise (On-premises) cves: cve-2021-4104: investigated: false @@ -62524,9 +62344,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - < 4.0.4 unaffected_versions: [] cve-2021-45046: investigated: false @@ -62539,13 +62360,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf - notes: Saas-Based Procuct. See Advisory. + - https://nulab.com/blog/company-news/log4shell/ + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: Calm + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Nulab + product: Typetalk cves: cve-2021-4104: investigated: false @@ -62555,9 +62376,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All + fixed_versions: + - N/A (SaaS) + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -62569,13 +62390,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + - https://nulab.com/blog/company-news/log4shell/ notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Nutanix - product: Calm Tunnel VM + product: AHV cves: cve-2021-4104: investigated: false @@ -62605,7 +62426,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: Nutanix - product: Collector + product: AOS cves: cve-2021-4104: investigated: false @@ -62617,7 +62438,8 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - LTS (including Prism Element) + - Community Edition cve-2021-45046: investigated: false affected_versions: [] @@ -62635,7 +62457,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: Nutanix - product: Collector Portal + product: AOS cves: cve-2021-4104: investigated: false @@ -62643,9 +62465,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - STS (including Prism Element) unaffected_versions: [] cve-2021-45046: investigated: false @@ -62659,12 +62482,12 @@ software: unaffected_versions: [] vendor_links: - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf - notes: Saas-Based Procuct. See Advisory. + notes: Patched in 6.0.2.4, available on the Portal for download. references: - '' last_updated: '2021-12-20T00:00:00' - vendor: Nutanix - product: Data Lens + product: Beam cves: cve-2021-4104: investigated: false @@ -62693,7 +62516,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: Nutanix - product: Era + product: BeamGov cves: cve-2021-4104: investigated: false @@ -62701,43 +62524,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: File Analytics - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: - - 2.1.x - - 2.2.x - - 3.0+ - fixed_versions: [] - unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -62750,13 +62540,12 @@ software: unaffected_versions: [] vendor_links: - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf - notes: Mitigated in version 3.0.1 which is available on the Portal for download. - Mitigation is available [here](https://portal.nutanix.com/kb/12499) + notes: Saas-Based Procuct. See Advisory. references: - '' last_updated: '2021-12-20T00:00:00' - vendor: Nutanix - product: Files + product: Calm cves: cve-2021-4104: investigated: false @@ -62786,7 +62575,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: Nutanix - product: Flow + product: Calm Tunnel VM cves: cve-2021-4104: investigated: false @@ -62816,36 +62605,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: Nutanix - product: Flow Security Cental - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf - notes: Saas-Based Procuct. See Advisory. - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: Foundation + product: Collector cves: cve-2021-4104: investigated: false @@ -62875,7 +62635,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: Nutanix - product: Frame + product: Collector Portal cves: cve-2021-4104: investigated: false @@ -62904,7 +62664,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: Nutanix - product: FrameGov + product: Data Lens cves: cve-2021-4104: investigated: false @@ -62933,7 +62693,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: Nutanix - product: FSCVM + product: Era cves: cve-2021-4104: investigated: false @@ -62963,36 +62723,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: Nutanix - product: Insights - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf - notes: Saas-Based Procuct. See Advisory. - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: Karbon + product: File Analytics cves: cve-2021-4104: investigated: false @@ -63002,7 +62733,9 @@ software: cve-2021-44228: investigated: true affected_versions: - - All + - 2.1.x + - 2.2.x + - 3.0+ fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -63017,12 +62750,13 @@ software: unaffected_versions: [] vendor_links: - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf - notes: Mitigation is available [here](https://portal.nutanix.com/kb/12483) + notes: Mitigated in version 3.0.1 which is available on the Portal for download. + Mitigation is available [here](https://portal.nutanix.com/kb/12499) references: - '' last_updated: '2021-12-20T00:00:00' - vendor: Nutanix - product: Karbon Platform Service + product: Files cves: cve-2021-4104: investigated: false @@ -63030,10 +62764,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -63046,12 +62781,12 @@ software: unaffected_versions: [] vendor_links: - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf - notes: Saas-Based Procuct. See Advisory. + notes: '' references: - '' last_updated: '2021-12-20T00:00:00' - vendor: Nutanix - product: LCM + product: Flow cves: cve-2021-4104: investigated: false @@ -63081,7 +62816,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: Nutanix - product: Leap + product: Flow Security Cental cves: cve-2021-4104: investigated: false @@ -63110,37 +62845,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: Nutanix - product: Mine - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: - - All - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf - notes: Mitigation is available [here](https://portal.nutanix.com/kb/12484) - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: Move + product: Foundation cves: cve-2021-4104: investigated: false @@ -63170,7 +62875,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: Nutanix - product: MSP + product: Frame cves: cve-2021-4104: investigated: false @@ -63178,41 +62883,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - All - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf - notes: Mitigation is available [here](https://portal.nutanix.com/kb/12482) - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: NCC - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All cve-2021-45046: investigated: false affected_versions: [] @@ -63225,12 +62899,12 @@ software: unaffected_versions: [] vendor_links: - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf - notes: '' + notes: Saas-Based Procuct. See Advisory. references: - '' last_updated: '2021-12-20T00:00:00' - vendor: Nutanix - product: NGT + product: FrameGov cves: cve-2021-4104: investigated: false @@ -63238,41 +62912,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: Objects - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: - - All - fixed_versions: [] - unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -63285,12 +62928,12 @@ software: unaffected_versions: [] vendor_links: - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf - notes: Mitigation is available [here](https://portal.nutanix.com/kb/12482) + notes: Saas-Based Procuct. See Advisory. references: - '' last_updated: '2021-12-20T00:00:00' - vendor: Nutanix - product: Prism Central + product: FSCVM cves: cve-2021-4104: investigated: false @@ -63300,9 +62943,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: + fixed_versions: [] + unaffected_versions: - All - unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -63315,12 +62958,369 @@ software: unaffected_versions: [] vendor_links: - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf - notes: Patched in 2021-9.0.3, available on the Portal for download. + notes: '' references: - '' last_updated: '2021-12-20T00:00:00' - vendor: Nutanix - product: Sizer + product: Insights + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + notes: Saas-Based Procuct. See Advisory. + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: Karbon + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - All + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + notes: Mitigation is available [here](https://portal.nutanix.com/kb/12483) + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: Karbon Platform Service + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + notes: Saas-Based Procuct. See Advisory. + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: LCM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: Leap + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + notes: Saas-Based Procuct. See Advisory. + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: Mine + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - All + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + notes: Mitigation is available [here](https://portal.nutanix.com/kb/12484) + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: Move + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: MSP + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - All + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + notes: Mitigation is available [here](https://portal.nutanix.com/kb/12482) + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: NCC + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: NGT + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: Objects + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - All + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + notes: Mitigation is available [here](https://portal.nutanix.com/kb/12482) + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: Prism Central + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - All + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + notes: Patched in 2021-9.0.3, available on the Portal for download. + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: Sizer cves: cve-2021-4104: investigated: false @@ -63462,13 +63462,5665 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://nvidia.custhelp.com/app/answers/detail/a_id/5294 - notes: '' + - https://nvidia.custhelp.com/app/answers/detail/a_id/5294 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: NXLog + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://nxlog.co/news/apache-log4j-vulnerability-cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Objectif Lune + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://learn.objectiflune.com/blog/security/statement-on-log4j-vulnerability-cve-2021-4428/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: OCLC + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://oclc.service-now.com/status + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Octopus + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://advisories.octopus.com/adv/December.2306508680.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Okta + product: Advanced Server Access + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://sec.okta.com/articles/2021/12/log4shell + notes: '' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: Okta + product: Okta Access Gateway + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://sec.okta.com/articles/2021/12/log4shell + notes: '' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: Okta + product: Okta AD Agent + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://sec.okta.com/articles/2021/12/log4shell + notes: '' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: Okta + product: Okta Browser Plugin + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://sec.okta.com/articles/2021/12/log4shell + notes: '' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: Okta + product: Okta IWA Web Agent + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://sec.okta.com/articles/2021/12/log4shell + notes: '' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: Okta + product: Okta LDAP Agent + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://sec.okta.com/articles/2021/12/log4shell + notes: '' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: Okta + product: Okta Mobile + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://sec.okta.com/articles/2021/12/log4shell + notes: '' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: Okta + product: Okta On-Prem MFA Agent + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - < 1.4.6 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://trust.okta.com/security-advisories/okta-on-prem-mfa-agent-cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: Okta + product: Okta RADIUS Server Agent + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - < 2.17.0 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://trust.okta.com/security-advisories/okta-radius-server-agent-cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: Okta + product: Okta Verify + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://sec.okta.com/articles/2021/12/log4shell + notes: '' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: Okta + product: Okta Workflows + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://sec.okta.com/articles/2021/12/log4shell + notes: '' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: Onespan + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.onespan.com/remote-code-execution-vulnerability-in-log4j2-cve-2018-11776 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Opengear + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://opengear.zendesk.com/hc/en-us/articles/4412713339419-CVE-2021-44228-aka-Log4Shell-Opengear-products-are-not-affected + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: OpenMRS TALK + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://talk.openmrs.org/t/urgent-security-advisory-2021-12-11-re-apache-log4j-2/35341 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: OpenNMS + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.opennms.com/en/blog/2021-12-10-opennms-products-affected-by-apache-log4j-vulnerability-cve-2021-44228/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: OpenSearch + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://discuss.opendistrocommunity.dev/t/log4j-patch-for-cve-2021-44228/7950 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: OpenText + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.opentext.com/support/log4j-remote-code-execution-advisory + notes: '' + references: + - '' + last_updated: '2021-12-23T00:00:00' + - vendor: Opto 22 + product: GROOV-AR1, GROOV-AR1-BASE, GROOV-AR1-SNAP + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - < 4.3g + fixed_versions: + - 4.3g + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blog.opto22.com/optoblog/new-update-to-address-log4shell/log4j-exploit + notes: The Log4j vulnerability affects all products running groov View software + references: + - '' + last_updated: '2022-01-13T00:00:00' + - vendor: Opto 22 + product: GROOV-AT1, GROOV-AT1-SNAP + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - < 4.3g + fixed_versions: + - 4.3g + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blog.opto22.com/optoblog/new-update-to-address-log4shell/log4j-exploit + notes: The Log4j vulnerability affects all products running groov View software + references: + - '' + last_updated: '2022-01-13T00:00:00' + - vendor: Opto 22 + product: GROOV-SVR-WIN, GROOV-SVR-WIN-BASE, GROOV-SVR-WIN-SNAP + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - < 4.3g + fixed_versions: + - 4.3g + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blog.opto22.com/optoblog/new-update-to-address-log4shell/log4j-exploit + notes: The Log4j vulnerability affects all products running groov View software + references: + - '' + last_updated: '2022-01-13T00:00:00' + - vendor: Opto 22 + product: GRV-EPIC-PR1, GRV-EPIC-PR2 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - < 3.3.2 + fixed_versions: + - 3.3.2 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blog.opto22.com/optoblog/new-update-to-address-log4shell/log4j-exploit + notes: The Log4j vulnerability affects all products running groov View software + references: + - '' + last_updated: '2022-01-13T00:00:00' + - vendor: Oracle + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.oracle.com/security-alerts/alert-cve-2021-44228.html + notes: The support document is available to customers only and has not been reviewed + by CISA + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Oracle + product: Enterprise Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '13.5' + - 13.4 & 13.3.2 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.oracle.com/security-alerts/alert-cve-2021-44228.html + notes: Patch status and other security guidance is restricted to Oracle account/support + members. The support document is available to customers only and has not been + reviewed by CISA. + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Oracle + product: Exadata + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - <21.3.4 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.oracle.com/security-alerts/alert-cve-2021-44228.html + notes: Patch status and other security guidance is restricted to Oracle account/support + members. The support document is available to customers only and has not been + reviewed by CISA. + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Orgavision + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.orgavision.com/neuigkeiten/sicherheitsluecke-java-library-log4j + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Osirium + product: PAM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.osirium.com/blog/apache-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Osirium + product: PEM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.osirium.com/blog/apache-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Osirium + product: PPA + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.osirium.com/blog/apache-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: OTRS + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://portal.otrs.com/external + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: OVHCloud + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blog.ovhcloud.com/log4shell-how-to-protect-my-cloud-workloads/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: OwnCloud + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://central.owncloud.org/t/owncloud-not-directly-affected-by-log4j-vulnerability/35493 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: OxygenXML + product: Author + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: [] + notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: OxygenXML + product: Developer + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: [] + notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: OxygenXML + product: Editor + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: [] + notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: OxygenXML + product: Oxygen Content Fusion + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '2.0' + - '3.0' + - '4.1' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: [] + notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: OxygenXML + product: Oxygen Feedback Enterprise + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 1.4.4 & older + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: [] + notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: OxygenXML + product: Oxygen License Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - v22.1 to v24.0 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: [] + notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: OxygenXML + product: Oxygen PDF Chemistry + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - v22.1 + - '23.0' + - '23.1' + - '24.0' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: [] + notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: OxygenXML + product: Oxygen SDK + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: [] + notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: OxygenXML + product: Plugins (see advisory link) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: [] + notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: OxygenXML + product: Publishing Engine + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: [] + notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: OxygenXML + product: Web Author + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: [] + notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: OxygenXML + product: WebHelp + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: [] + notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PagerDuty + product: PagerDuty SaaS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.pagerduty.com/docs/pagerduty-log4j-zero-day-vulnerability + notes: We currently see no evidence of compromises on our platform. Our teams + continue to monitor for new developments and for impacts on sub-processors and + dependent systems. PagerDuty SaaS customers do not need to take any additional + action for their PagerDuty SaaS environment + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Palantir + product: Palantir AI Inference Platform (AIP) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - All + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.palantir.com/security-advisories/log4j-vulnerability/ + notes: Fully remediated as of 1.97.0. Disconnected customer instances may require + manual updates. + references: + - '' + last_updated: '2021-12-19T00:00:00' + - vendor: Palantir + product: Palantir Apollo + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.palantir.com/security-advisories/log4j-vulnerability/ + notes: No impact, and updates have been deployed for full remediation. + references: + - '' + last_updated: '2021-12-19T00:00:00' + - vendor: Palantir + product: Palantir Foundry + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - All + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.palantir.com/security-advisories/log4j-vulnerability/ + notes: No impact to Palantir-hosted or Apollo-connected instances, and updates + have been deployed for full remediation. Disconnected customer instances may + require manual updates. + references: + - '' + last_updated: '2021-12-19T00:00:00' + - vendor: Palantir + product: Palantir Gotham + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - All + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.palantir.com/security-advisories/log4j-vulnerability/ + notes: No impact to Palantir-hosted or Apollo-connected instances, and updates + have been deployed for full remediation. Disconnected customer instances may + require manual updates. + references: + - '' + last_updated: '2021-12-19T00:00:00' + - vendor: Palo-Alto Networks + product: Bridgecrew + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security.paloaltonetworks.com/CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: CloudGenix + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security.paloaltonetworks.com/CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: Cortex Data Lake + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security.paloaltonetworks.com/CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: Cortex XDR Agent + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security.paloaltonetworks.com/CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: Cortex Xpanse + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security.paloaltonetworks.com/CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: Cortex XSOAR + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security.paloaltonetworks.com/CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: Expedition + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security.paloaltonetworks.com/CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: GlobalProtect App + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security.paloaltonetworks.com/CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: IoT Security + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security.paloaltonetworks.com/CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: Okyo Grade + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security.paloaltonetworks.com/CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: Palo-Alto Networks-OS for Firewall and Wildfire + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security.paloaltonetworks.com/CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: Palo-Alto Networks-OS for Panorama + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '9.0' + - '9.1' + - '10.0' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security.paloaltonetworks.com/CVE-2021-44228 + notes: '' + references: + - Upgrade Panorama to PAN-OS 10.1 to remediate this issue. This advisory will + be updated when hot fixes for the affected Panorama versions are available. + PAN-OS for Panorama versions 8.1, 10.1 are not affected. + last_updated: '2021-12-15T00:00:00' + - vendor: Palo-Alto Networks + product: Prisma Access + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security.paloaltonetworks.com/CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: Prisma Cloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security.paloaltonetworks.com/CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: Prisma Cloud Compute + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security.paloaltonetworks.com/CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: SaaS Security + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security.paloaltonetworks.com/CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: User-ID Agent + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security.paloaltonetworks.com/CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: WildFire Appliance + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security.paloaltonetworks.com/CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: WildFire Cloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security.paloaltonetworks.com/CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Panopto + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.panopto.com/s/article/Panopto-Statement-on-the-Log4j2-Zero-Day-Vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PaperCut + product: PaperCut MF + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 21.0 and later + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.papercut.com/support/known-issues/?id=PO-684#ng + notes: Versions 21.0 and later are impacted. Versions 20 and earlier are NOT impacted + by this. Workaround manual steps available in reference. Upgrade to PaperCut + NG/MF version 21.2.3 Now Available to resolve. + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: PaperCut + product: PaperCut NG + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 21.0 and later + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.papercut.com/support/known-issues/?id=PO-684#ng + notes: Versions 21.0 and later are impacted. Versions 20 and earlier are NOT impacted + by this. Workaround manual steps available in reference. Upgrade to PaperCut + NG/MF version 21.2.3 Now Available to resolve. + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Parallels + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.parallels.com/en/128696 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Parse.ly + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blog.parse.ly/parse-ly-log4shell/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PBXMonitor + product: RMM for 3CX PBX + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.pbxmonitor.net/changelog.php + notes: Mirror Servers were also checked to ensure Log4J was not installed or being + used by any of our systems. + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: Pega + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.pega.com/security-advisory/security-advisory-apache-log4j-zero-day-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pentaho + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.pentaho.com/hc/en-us/articles/4416229254541-log4j-2-zero-day-vulnerability-No-impact-to-supported-versions-of-Pentaho- + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pepperl+Fuchs + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.pepperl-fuchs.com/global/en/29079.htm + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Percona + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.percona.com/blog/log4jshell-vulnerability-update/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pexip + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.pexip.com/blog1.0/pexip-statement-on-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Phenix Id + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.phenixid.se/uncategorized/log4j-fix/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Philips + product: Multiple products + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.philips.com/a-w/security/security-advisories.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PHOENIX CONTACT + product: Cloud Services + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://dam-mdc.phoenixcontact.com/asset/156443151564/1a0f6db6bbc86540bfe4f05fd65877f4/Vulnerability_Statement_Log4J_20211215.pdf + notes: Partly affected. Remediations are being implemented. + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: PHOENIX CONTACT + product: Physical products containing firmware + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://dam-mdc.phoenixcontact.com/asset/156443151564/1a0f6db6bbc86540bfe4f05fd65877f4/Vulnerability_Statement_Log4J_20211215.pdf + notes: '' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: PHOENIX CONTACT + product: Software Products + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://dam-mdc.phoenixcontact.com/asset/156443151564/1a0f6db6bbc86540bfe4f05fd65877f4/Vulnerability_Statement_Log4J_20211215.pdf + notes: '' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: Ping Identity + product: PingAccess + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 4.0 <= version <= 6.3.2 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Ping Identity + product: PingCentral + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Ping Identity + product: PingFederate + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 8.0 <= version <= 10.3.4 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Ping Identity + product: PingFederate Java Integration Kit + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - < 2.7.2 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Ping Identity + product: PingFederate OAuth Playground + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - < 4.3.1 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Ping Identity + product: PingIntelligence + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Pitney Bowes + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.pitneybowes.com/us/support/apache-log4j-vulnerability.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Planmeca + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.planmeca.com/apache-log4j-vulnerability-in-planmeca-products/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Planon Software + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://my.planonsoftware.com/uk/news/log4j-impact-on-planon/ + notes: This advisory is available for customers only and has not been reviewed + by CISA + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Platform.SH + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://platform.sh/blog/2021/platformsh-protects-from-apache-log4j/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Plesk + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.plesk.com/hc/en-us/articles/4412182812818-CVE-2021-44228-vulnerability-in-log4j-package-of-Apache + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Plex + product: Plex Industrial IoT + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605 + notes: The product has been updated to Log4j version 2.15. An additional patch + is being developed to update to 2.16. No user interaction is required. + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Polycom + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.polycom.com/content/dam/polycom-support/global/documentation/plygn-21-08-poly-systems-apache.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Portainer + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.portainer.io/blog/portainer-statement-re-log4j-cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PortSwigger + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forum.portswigger.net/thread/are-burp-collaborator-or-burp-enterprise-vulnerable-to-log4j-dc6524e0 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PostGreSQL + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.postgresql.org/about/news/postgresql-jdbc-and-the-log4j-cve-2371/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Postman + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.postman.com/hc/en-us/articles/4415791933335-Is-Postman-impacted-by-the-Log4j-vulnerability-CVE-2021-44228- + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Power Admin LLC + product: PA File Sight + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - NONE + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: [] + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Power Admin LLC + product: PA Server Monitor + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - NONE + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: [] + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Power Admin LLC + product: PA Storage Monitor + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - NONE + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: [] + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Pretix + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://pretix.eu/about/de/blog/20211213-log4j/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PrimeKey + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.primekey.com/news/posts/information-about-primekey-products-and-log4j-vulnerability-cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Progress / IpSwitch + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.progress.com/security + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: ProofPoint + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://proofpointcommunities.force.com/community/s/article/Proofpoint-Statement-Regarding-CVE-2021-44228-Java-logging-package-log4j2 + notes: This advisory is available for customers only and has not been reviewed + by CISA + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: ProSeS + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proses.de/en/2021/12/16/log4shell-cve-2021-44228/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Prosys + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://prosysopc.com/news/important-security-release/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Proxmox + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forum.proxmox.com/threads/log4j-exploit-what-to-do.101254/#post-436880 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PRTG Paessler + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.paessler.com/en/topic/90213-is-prtg-affected-by-cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTC + product: Axeda Platform + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 6.9.2 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358990 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: ThingsWorx Analytics + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '8.5' + - '9.0' + - '9.1' + - '9.2' + - All supported versions + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358901 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: ThingsWorx Platform + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '8.5' + - '9.0' + - '9.1' + - '9.2' + - All supported versions + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358901 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTV Group + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pulse Secure + product: Ivanti Connect Secure (ICS) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pulse Secure + product: Ivanti Neurons for secure Access + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pulse Secure + product: Ivanti Neurons for secure Access + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pulse Secure + product: Ivanti Neurons for ZTA + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pulse Secure + product: Ivanti Neurons for ZTA + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pulse Secure + product: Pulse Connect Secure + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pulse Secure + product: Pulse Desktop Client + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pulse Secure + product: Pulse Mobile Client + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pulse Secure + product: Pulse One + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pulse Secure + product: Pulse Policy Secure + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pulse Secure + product: Pulse Secure Services Director + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pulse Secure + product: Pulse Secure Virtual Traffic Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pulse Secure + product: Pulse Secure Web Application Firewall + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pulse Secure + product: Pulse ZTA + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Puppet + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://puppet.com/blog/puppet-response-to-remote-code-execution-vulnerability-cve-2021-44228/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pure Storage + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_(%22log4j%22) + notes: This advisory is available for customers only and has not been reviewed + by CISA + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pure Storage + product: Cloud Blockstore + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - CBS6.1.x + - CBS6.2.x + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j + notes: Patch expected 12/27/2021 + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Pure Storage + product: Flash Array + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 5.3.x + - 6.0.x + - 6.1.x + - 6.2.x + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j + notes: Patch expected 12/20/2021 + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Pure Storage + product: FlashBlade + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 3.1.x + - 3.2.x + - 3.3.x + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j + notes: Patch expected 12/24/2021 + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Pure Storage + product: PortWorx + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 2.8.0+ + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Pure Storage + product: Pure1 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - N/A + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Pyramid Analytics + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.pyramidanalytics.com/t/83hjjt4/log4j-security-vulnerability-pyramid + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: QF-Test + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.qfs.de/en/blog/article/no-log4j-vulnerability-in-qf-test.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Qlik + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: QMATIC + product: Appointment Booking + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 2.4+ + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability + notes: Update to v. 2.8.2 which contains log4j 2.16 + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: QMATIC + product: Appointment Booking + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - Cloud/Managed Service + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability + notes: log4j 2.16 applied 2021-12-15 + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: QMATIC + product: Insights + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - Cloud + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability + notes: log4j 2.16 applied 2021-12-16 + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: QMATIC + product: Orchestra Central + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 6.0+ + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: QNAP + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.qnap.com/en-uk/security-advisory/qsa-21-58 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: QOPPA + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kbdeveloper.qoppa.com/cve-2021-44228-apache-log4j-vulnerability/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: QSC Q-SYS + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://qscprod.force.com/selfhelpportal/s/article/Are-Q-SYS-products-affected-by-the-Log4j-vulnerability-CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: QT + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.qt.io/blog/the-qt-company-products-not-affected-by-cve-2021-44228-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Quest Global + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.quest.com/fr-fr/search#q=CVE-2021-44228&t=Global + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: R + product: R + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 4.1.1 + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.r-project.org/ + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: R2ediviewer + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://r2ediviewer.de/DE/reload.html?Change-log_17858584.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Radware + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.radware.com/app/answers/answer_view/a_id/1029752 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Rapid7 + product: AlcidekArt, kAdvisor, and kAudit + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - on-prem + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: AppSpider Enterprise + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - on-prem + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: AppSpider Pro + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - on-prem + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: Insight Agent + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - on-prem + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: InsightAppSec Scan Engine + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - on-prem + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: InsightAppSec Scan Engine + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - on-prem + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: InsightCloudSec/DivvyCloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - on-prem + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: InsightConnect Orchestrator + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - on-prem + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: InsightIDR Network Sensor + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - on-prem + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: InsightIDR/InsightOps Collector & Event Sources + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - on-prem + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: InsightOps DataHub + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - InsightOps DataHub <= 2.0 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: Upgrade [DataHub to version 2.0.1](https://rep.logentries.com/datahub/DataHub_2.0.1.deb) + using the [following instructions](https://docs.rapid7.com/insightops/setting-up-datahub/). + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: InsightOps non-Java logging libraries + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - on-prem + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: InsightOps r7insight_java logging library + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - <=3.0.8 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: Upgrade [r7insight_java](https://github.com/rapid7/r7insight_java) to 3.0.9 + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: InsightVM Kubernetes Monitor + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - on-prem + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: InsightVM/Nexpose + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - on-prem + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: InsightVM/Nexpose Console + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - on-prem + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: Installations of the InsightVM/Nexpose have “log4j-over-slf4j-1.7.7.jar” + packaged in them. This is a different library than log4j-core and is not vulnerable + to Log4Shell. + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: InsightVM/Nexpose Engine + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - on-prem + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: Installations of the InsightVM/Nexpose have “log4j-over-slf4j-1.7.7.jar” + packaged in them. This is a different library than log4j-core and is not vulnerable + to Log4Shell. + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: IntSights virtual appliance + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - on-prem + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: Logentries DataHub + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - Linux version <= 1.2.0.820; Windows version <= 1.2.0.820 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: 'Linux: Install DataHub_1.2.0.822.deb using the following [instructions](https://docs.logentries.com/docs/datahub-linux). + Windows: Run version 1.2.0.822 in a Docker container or as a Java command per + these [instructions](https://docs.logentries.com/docs/datahub-windows). You + can find more details [here](https://docs.logentries.com/docs/datahub-linux).' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: Logentries le_java logging library + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 'All versions: this is a deprecated component' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: Migrate to version 3.0.9 of [r7insight_java](https://github.com/rapid7/r7insight_java) + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: Metasploit Framework + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - on-prem + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: Metasploit Pro + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - on-prem + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: Metasploit Pro ships with log4j but has specific configurations applied + to it that mitigate Log4Shell. A future update will contain a fully patched + version of log4j. + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: tCell Java Agent + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - on-prem + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: Velociraptor + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - on-prem + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Raritan + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.raritan.com/support + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Ravelin + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://syslog.ravelin.com/log4shell-cve-2021-44228-4338bb8da67b + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Real-Time Innovations (RTI) + product: Distributed Logger + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Real-Time Innovations (RTI) + product: Recording Console + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Real-Time Innovations (RTI) + product: RTI Administration Console + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Real-Time Innovations (RTI) + product: RTI Code Generator + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Real-Time Innovations (RTI) + product: RTI Code Generator Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Real-Time Innovations (RTI) + product: RTI Micro Application Generator (MAG) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - as part of RTI Connext Micro 3.0.0 + - 3.0.1 + - 3.0.2 + - 3.0.3 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Real-Time Innovations (RTI) + product: RTI Micro Application Generator (MAG) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - as part of RTI Connext Professional 6.0.0 and 6.0.1 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Real-Time Innovations (RTI) + product: RTI Monitor + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Red Hat + product: log4j-core + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat + product: Red Hat Integration Camel K + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '[RHSA-2021:5130](https://access.redhat.com/errata/RHSA-2021:5130)' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: NXLog - product: '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat + product: Red Hat build of Quarkus cves: cve-2021-4104: investigated: false @@ -63491,13 +69143,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://nxlog.co/news/apache-log4j-vulnerability-cve-2021-44228 + - https://access.redhat.com/security/cve/cve-2021-44228 notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Objectif Lune - product: '' + last_updated: '2021-12-20T00:00:00' + - vendor: Red Hat + product: Red Hat CodeReady Studio cves: cve-2021-4104: investigated: false @@ -63505,9 +69157,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 12.21.0 unaffected_versions: [] cve-2021-45046: investigated: false @@ -63520,13 +69173,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://learn.objectiflune.com/blog/security/statement-on-log4j-vulnerability-cve-2021-4428/ - notes: '' + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '[CRS 12.21.1 Patch](https://developers.redhat.com/products/codeready-studio/download?source=sso)' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: OCLC - product: '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat + product: Red Hat Data Grid cves: cve-2021-4104: investigated: false @@ -63534,10 +69187,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '8' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '[RHSA-2021:5132](http://access.redhat.com/errata/RHSA-2021:5132)' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat + product: Red Hat Decision Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '7' cve-2021-45046: investigated: false affected_versions: [] @@ -63549,13 +69233,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://oclc.service-now.com/status + - https://access.redhat.com/security/cve/cve-2021-44228 notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Octopus - product: '' + last_updated: '2021-12-20T00:00:00' + - vendor: Red Hat + product: Red Hat Enterprise Linux cves: cve-2021-4104: investigated: false @@ -63563,10 +69247,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '6' cve-2021-45046: investigated: false affected_versions: [] @@ -63578,13 +69263,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://advisories.octopus.com/adv/December.2306508680.html + - https://access.redhat.com/security/cve/cve-2021-44228 notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Okta - product: Advanced Server Access + last_updated: '2021-12-20T00:00:00' + - vendor: Red Hat + product: Red Hat Enterprise Linux cves: cve-2021-4104: investigated: false @@ -63592,10 +69277,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '7' cve-2021-45046: investigated: false affected_versions: [] @@ -63607,13 +69293,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://sec.okta.com/articles/2021/12/log4shell + - https://access.redhat.com/security/cve/cve-2021-44228 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: Okta - product: Okta Access Gateway + last_updated: '2021-12-20T00:00:00' + - vendor: Red Hat + product: Red Hat Enterprise Linux cves: cve-2021-4104: investigated: false @@ -63621,10 +69307,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '8' cve-2021-45046: investigated: false affected_versions: [] @@ -63636,13 +69323,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://sec.okta.com/articles/2021/12/log4shell + - https://access.redhat.com/security/cve/cve-2021-44228 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: Okta - product: Okta AD Agent + last_updated: '2021-12-20T00:00:00' + - vendor: Red Hat + product: Red Hat Integration Camel Quarkus cves: cve-2021-4104: investigated: false @@ -63665,13 +69352,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://sec.okta.com/articles/2021/12/log4shell - notes: '' + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '[RHSA-2021:5126](https://access.redhat.com/errata/RHSA-2021:5126)' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: Okta - product: Okta Browser Plugin + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat + product: Red Hat JBoss A-MQ Streaming cves: cve-2021-4104: investigated: false @@ -63694,13 +69381,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://sec.okta.com/articles/2021/12/log4shell - notes: '' + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '[RHSA-2021:5138](https://access.redhat.com/errata/RHSA-2021:5138)' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: Okta - product: Okta IWA Web Agent + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat + product: Red Hat JBoss Enterprise Application Platform cves: cve-2021-4104: investigated: false @@ -63708,10 +69395,43 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '7' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: "[Maven Patch](https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform&downloadType=securityPatches&version=7.4)\ + \ - Affects only the Mavenized distribution. Container, Zip and RPM distro aren't\ + \ affected." + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat + product: Red Hat JBoss Enterprise Application Platform Expansion Pack + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '7' cve-2021-45046: investigated: false affected_versions: [] @@ -63723,13 +69443,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://sec.okta.com/articles/2021/12/log4shell + - https://access.redhat.com/security/cve/cve-2021-44228 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: Okta - product: Okta LDAP Agent + last_updated: '2021-12-20T00:00:00' + - vendor: Red Hat + product: Red Hat JBoss Fuse cves: cve-2021-4104: investigated: false @@ -63737,9 +69457,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '7' unaffected_versions: [] cve-2021-45046: investigated: false @@ -63752,13 +69473,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://sec.okta.com/articles/2021/12/log4shell - notes: '' + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '[RHSA-2021:5134](https://access.redhat.com/errata/RHSA-2021:5134)' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: Okta - product: Okta Mobile + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat + product: Red Hat Process Automation cves: cve-2021-4104: investigated: false @@ -63766,10 +69487,43 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '7' + unaffected_versions: [] + cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: "[Maven Patch](https://access.redhat.com/jbossnetwork/restricted/softwareDetail.html?softwareId=103671&product=rhpam&version=7.11.1&downloadType=patches)\ + \ - Affects only the Mavenized distribution. Container, Zip and RPM distro aren't\ + \ affected." + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat + product: Red Hat Single Sign-On + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '7' cve-2021-45046: investigated: false affected_versions: [] @@ -63781,13 +69535,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://sec.okta.com/articles/2021/12/log4shell + - https://access.redhat.com/security/cve/cve-2021-44228 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: Okta - product: Okta On-Prem MFA Agent + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat + product: Red Hat Vert.X cves: cve-2021-4104: investigated: false @@ -63796,8 +69550,37 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - < 1.4.6 + affected_versions: [] + fixed_versions: + - '4' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '[RHSA-2021:5093](https://access.redhat.com/errata/RHSA-2021:5093)' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat + product: Satellite 5 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -63811,13 +69594,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://trust.okta.com/security-advisories/okta-on-prem-mfa-agent-cve-2021-44228 + - https://access.redhat.com/security/cve/cve-2021-44228 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: Okta - product: Okta RADIUS Server Agent + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat + product: Spacewalk cves: cve-2021-4104: investigated: false @@ -63825,9 +69608,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - < 2.17.0 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -63841,13 +69623,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://trust.okta.com/security-advisories/okta-radius-server-agent-cve-2021-44228 + - https://access.redhat.com/security/cve/cve-2021-44228 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: Okta - product: Okta Verify + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat OpenShift Container Platform 3.11 + product: openshift3/ose-logging-elasticsearch5 cves: cve-2021-4104: investigated: false @@ -63870,13 +69652,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://sec.okta.com/articles/2021/12/log4shell - notes: '' + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '[RHSA-2021:5094](http://access.redhat.com/errata/RHSA-2021:5094)' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: Okta - product: Okta Workflows + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat OpenShift Container Platform 4 + product: openshift4/ose-logging-elasticsearch6 cves: cve-2021-4104: investigated: false @@ -63899,13 +69681,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://sec.okta.com/articles/2021/12/log4shell - notes: '' + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: Please refer to Red Hat Customer Portal to find the right errata for your + version. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: Onespan - product: '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat OpenShift Container Platform 4 + product: openshift4/ose-metering-hive cves: cve-2021-4104: investigated: false @@ -63928,13 +69711,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.onespan.com/remote-code-execution-vulnerability-in-log4j2-cve-2018-11776 - notes: '' + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: Please refer to Red Hat Customer Portal to find the right errata for your + version. references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Opengear - product: '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat OpenShift Container Platform 4 + product: openshift4/ose-metering-presto cves: cve-2021-4104: investigated: false @@ -63957,13 +69741,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://opengear.zendesk.com/hc/en-us/articles/4412713339419-CVE-2021-44228-aka-Log4Shell-Opengear-products-are-not-affected - notes: '' + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: Please refer to Red Hat Customer Portal to find the right errata for your + version. references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: OpenMRS TALK - product: '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat OpenShift Logging + product: logging-elasticsearch6-container cves: cve-2021-4104: investigated: false @@ -63986,13 +69771,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://talk.openmrs.org/t/urgent-security-advisory-2021-12-11-re-apache-log4j-2/35341 - notes: '' + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: Please refer to Red Hat Customer Portal to find the right errata for your + version. references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: OpenNMS - product: '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat OpenStack Platform 13 (Queens) + product: opendaylight cves: cve-2021-4104: investigated: false @@ -64015,13 +69801,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.opennms.com/en/blog/2021-12-10-opennms-products-affected-by-apache-log4j-vulnerability-cve-2021-44228/ - notes: '' + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: End of Life references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: OpenSearch - product: '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat Software Collections + product: rh-java-common-log4j cves: cve-2021-4104: investigated: false @@ -64044,13 +69830,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.opendistrocommunity.dev/t/log4j-patch-for-cve-2021-44228/7950 + - https://access.redhat.com/security/cve/cve-2021-44228 notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: OpenText - product: '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat Software Collections + product: rh-maven35-log4j12 cves: cve-2021-4104: investigated: false @@ -64073,13 +69859,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.opentext.com/support/log4j-remote-code-execution-advisory + - https://access.redhat.com/security/cve/cve-2021-44228 notes: '' references: - '' - last_updated: '2021-12-23T00:00:00' - - vendor: Opto 22 - product: GROOV-AR1, GROOV-AR1-BASE, GROOV-AR1-SNAP + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat Software Collections + product: rh-maven36-log4j12 cves: cve-2021-4104: investigated: false @@ -64087,43 +69873,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - < 4.3g - fixed_versions: - - 4.3g - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://blog.opto22.com/optoblog/new-update-to-address-log4shell/log4j-exploit - notes: The Log4j vulnerability affects all products running groov View software - references: - - '' - last_updated: '2022-01-13T00:00:00' - - vendor: Opto 22 - product: GROOV-AT1, GROOV-AT1-SNAP - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: - - < 4.3g - fixed_versions: - - 4.3g - unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -64135,13 +69888,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.opto22.com/optoblog/new-update-to-address-log4shell/log4j-exploit - notes: The Log4j vulnerability affects all products running groov View software + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '' references: - '' - last_updated: '2022-01-13T00:00:00' - - vendor: Opto 22 - product: GROOV-SVR-WIN, GROOV-SVR-WIN-BASE, GROOV-SVR-WIN-SNAP + last_updated: '2021-12-21T00:00:00' + - vendor: Red5Pro + product: '' cves: cve-2021-4104: investigated: false @@ -64149,11 +69902,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - < 4.3g - fixed_versions: - - 4.3g + investigated: false + affected_versions: [] + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -64166,13 +69917,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.opto22.com/optoblog/new-update-to-address-log4shell/log4j-exploit - notes: The Log4j vulnerability affects all products running groov View software + - https://www.red5pro.com/blog/red5-marked-safe-from-log4j-and-log4j2-zero-day/ + notes: '' references: - '' - last_updated: '2022-01-13T00:00:00' - - vendor: Opto 22 - product: GRV-EPIC-PR1, GRV-EPIC-PR2 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: RedGate + product: '' cves: cve-2021-4104: investigated: false @@ -64180,11 +69931,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - < 3.3.2 - fixed_versions: - - 3.3.2 + investigated: false + affected_versions: [] + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -64197,12 +69946,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.opto22.com/optoblog/new-update-to-address-log4shell/log4j-exploit - notes: The Log4j vulnerability affects all products running groov View software + - https://www.red-gate.com/privacy-and-security/vulnerabilities/2021-12-15-log4j-statement + notes: '' references: - '' - last_updated: '2022-01-13T00:00:00' - - vendor: Oracle + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Redis product: '' cves: cve-2021-4104: @@ -64226,14 +69975,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.oracle.com/security-alerts/alert-cve-2021-44228.html - notes: The support document is available to customers only and has not been reviewed - by CISA + - https://redis.com/security/notice-apache-log4j2-cve-2021-44228/ + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Oracle - product: Enterprise Manager + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Reiner SCT + product: '' cves: cve-2021-4104: investigated: false @@ -64241,10 +69989,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - '13.5' - - 13.4 & 13.3.2 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -64258,15 +70004,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.oracle.com/security-alerts/alert-cve-2021-44228.html - notes: Patch status and other security guidance is restricted to Oracle account/support - members. The support document is available to customers only and has not been - reviewed by CISA. + - https://forum.reiner-sct.com/index.php?/topic/5973-timecard-und-log4j-schwachstelle/&do=findComment&comment=14933 + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Oracle - product: Exadata + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: ReportURI + product: '' cves: cve-2021-4104: investigated: false @@ -64274,9 +70018,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - <21.3.4 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -64290,15 +70033,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.oracle.com/security-alerts/alert-cve-2021-44228.html - notes: Patch status and other security guidance is restricted to Oracle account/support - members. The support document is available to customers only and has not been - reviewed by CISA. + - https://scotthelme.co.uk/responding-to-the-log4j-2-vulnerability/ + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Orgavision - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: ResMed + product: AirView cves: cve-2021-4104: investigated: false @@ -64321,13 +70062,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.orgavision.com/neuigkeiten/sicherheitsluecke-java-library-log4j + - https://www.resmed.com/en-us/security/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Osirium - product: PAM + last_updated: '2021-12-21T00:00:00' + - vendor: ResMed + product: myAir cves: cve-2021-4104: investigated: false @@ -64350,13 +70091,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.osirium.com/blog/apache-log4j-vulnerability + - https://www.resmed.com/en-us/security/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Osirium - product: PEM + last_updated: '2021-12-21T00:00:00' + - vendor: Respondus + product: '' cves: cve-2021-4104: investigated: false @@ -64379,13 +70120,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.osirium.com/blog/apache-log4j-vulnerability - notes: '' + - https://support.respondus.com/support/index.php?/News/NewsItem/View/339 + notes: This advisory is available to customers only and has not been reviewed + by CISA references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Osirium - product: PPA + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Revenera / Flexera + product: '' cves: cve-2021-4104: investigated: false @@ -64408,12 +70150,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.osirium.com/blog/apache-log4j-vulnerability + - https://community.flexera.com/t5/Revenera-Company-News/Security-Advisory-Log4j-Java-Vulnerability-CVE-2021-44228/ba-p/216905 notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: OTRS + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Ricoh product: '' cves: cve-2021-4104: @@ -64437,12 +70179,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://portal.otrs.com/external + - https://www.ricoh.com/info/2021/1215_1/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: OVHCloud + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: RingCentral product: '' cves: cve-2021-4104: @@ -64466,12 +70208,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.ovhcloud.com/log4shell-how-to-protect-my-cloud-workloads/ + - https://www.ringcentral.com/trust-center/security-bulletin.html notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: OwnCloud + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Riverbed product: '' cves: cve-2021-4104: @@ -64495,13 +70237,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://central.owncloud.org/t/owncloud-not-directly-affected-by-log4j-vulnerability/35493 + - https://supportkb.riverbed.com/support/index?page=content&id=S35645 notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: OxygenXML - product: Author + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Rockwell Automation + product: FactoryTalk Analytics DataFlowML cves: cve-2021-4104: investigated: false @@ -64509,8 +70251,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 4.00.00 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -64523,13 +70266,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] - notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' + vendor_links: + - https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605 + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: OxygenXML - product: Developer + last_updated: '2021-12-15T00:00:00' + - vendor: Rockwell Automation + product: FactoryTalk Analytics DataView cves: cve-2021-4104: investigated: false @@ -64537,8 +70281,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 3.03.00 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -64551,13 +70296,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] - notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' + vendor_links: + - https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605 + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: OxygenXML - product: Editor + last_updated: '2021-12-15T00:00:00' + - vendor: Rockwell Automation + product: Industrial Data Center cves: cve-2021-4104: investigated: false @@ -64565,9 +70311,13 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - Gen 1 + - Gen 2 + - Gen 3 + - Gen 3.5 unaffected_versions: [] cve-2021-45046: investigated: false @@ -64579,13 +70329,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] - notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' + vendor_links: + - https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605 + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: OxygenXML - product: Oxygen Content Fusion + last_updated: '2021-12-15T00:00:00' + - vendor: Rockwell Automation + product: MES EIG cves: cve-2021-4104: investigated: false @@ -64595,9 +70346,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '2.0' - - '3.0' - - '4.1' + - 3.03.00 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -64610,13 +70359,15 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] - notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' + vendor_links: + - https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605 + notes: Customers should upgrade to EIG Hub if possible or work with their local + representatives about alternative solutions. references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: OxygenXML - product: Oxygen Feedback Enterprise + last_updated: '2021-12-15T00:00:00' + - vendor: Rockwell Automation + product: VersaVirtual cves: cve-2021-4104: investigated: false @@ -64625,9 +70376,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 1.4.4 & older - fixed_versions: [] + affected_versions: [] + fixed_versions: + - Series A unaffected_versions: [] cve-2021-45046: investigated: false @@ -64639,13 +70390,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] - notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' + vendor_links: + - https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605 + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: OxygenXML - product: Oxygen License Server + last_updated: '2021-12-15T00:00:00' + - vendor: Rockwell Automation + product: Warehouse Management cves: cve-2021-4104: investigated: false @@ -64655,7 +70407,10 @@ software: cve-2021-44228: investigated: true affected_versions: - - v22.1 to v24.0 + - 4.01.00 + - 4.02.00 + - 4.02.01 + - 4.02.02 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -64668,13 +70423,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] - notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' + vendor_links: + - https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605 + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: OxygenXML - product: Oxygen PDF Chemistry + last_updated: '2021-12-15T00:00:00' + - vendor: Rollbar + product: '' cves: cve-2021-4104: investigated: false @@ -64682,12 +70438,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - v22.1 - - '23.0' - - '23.1' - - '24.0' + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -64700,13 +70452,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] - notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' + vendor_links: + - https://rollbar.com/blog/log4j-zero-day-2021-log4shell/ + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: OxygenXML - product: Oxygen SDK + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Rosette.com + product: '' cves: cve-2021-4104: investigated: false @@ -64728,13 +70481,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] - notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' + vendor_links: + - https://support.rosette.com/hc/en-us/articles/4416216525965-Log4j-Vulnerability + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: OxygenXML - product: Plugins (see advisory link) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: RSA + product: SecurID Authentication Manager cves: cve-2021-4104: investigated: false @@ -64757,12 +70511,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: [] - notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: OxygenXML - product: Publishing Engine + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: RSA + product: SecurID Authentication Manager Prime cves: cve-2021-4104: investigated: false @@ -64785,12 +70539,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: [] - notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: OxygenXML - product: Web Author + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: RSA + product: SecurID Authentication Manager WebTier cves: cve-2021-4104: investigated: false @@ -64813,12 +70567,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: [] - notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: OxygenXML - product: WebHelp + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: RSA + product: SecurID Governance and Lifecycle cves: cve-2021-4104: investigated: false @@ -64841,12 +70595,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: [] - notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: PagerDuty - product: PagerDuty SaaS + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: RSA + product: SecurID Governance and Lifecycle Cloud cves: cve-2021-4104: investigated: false @@ -64868,17 +70622,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://support.pagerduty.com/docs/pagerduty-log4j-zero-day-vulnerability - notes: We currently see no evidence of compromises on our platform. Our teams - continue to monitor for new developments and for impacts on sub-processors and - dependent systems. PagerDuty SaaS customers do not need to take any additional - action for their PagerDuty SaaS environment + vendor_links: [] + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: QF-Test - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: RSA + product: SecurID Identity Router cves: cve-2021-4104: investigated: false @@ -64900,13 +70650,12 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.qfs.de/en/blog/article/no-log4j-vulnerability-in-qf-test.html + vendor_links: [] notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: Qlik + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: RSA Netwitness product: '' cves: cve-2021-4104: @@ -64930,103 +70679,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + - https://community.rsa.com/t5/netwitness-platform-product/netwitness-apache-vulnerability-log4j2-cve-2021-44228-nbsp/ta-p/660540 notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: QMATIC - product: Appointment Booking - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: - - 2.4+ - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability - notes: Update to v. 2.8.2 which contains log4j 2.16 - references: - - '' - last_updated: '2021-12-21T00:00:00' - - vendor: QMATIC - product: Appointment Booking - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: - - Cloud/Managed Service - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability - notes: log4j 2.16 applied 2021-12-15 - references: - - '' - last_updated: '2021-12-21T00:00:00' - - vendor: QMATIC - product: Insights - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: - - Cloud - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability - notes: log4j 2.16 applied 2021-12-16 - references: - - '' - last_updated: '2021-12-21T00:00:00' - - vendor: QMATIC - product: Orchestra Central + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Rstudioapi + product: Rstudioapi cves: cve-2021-4104: investigated: false @@ -65038,7 +70697,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 6.0+ + - '0.13' cve-2021-45046: investigated: false affected_versions: [] @@ -65050,70 +70709,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability + - https://github.com/rstudio/rstudioapi notes: '' references: - '' last_updated: '2021-12-21T00:00:00' - - vendor: QNAP - product: '' - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.qnap.com/en-uk/security-advisory/qsa-21-58 - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: QOPPA - product: '' - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://kbdeveloper.qoppa.com/cve-2021-44228-apache-log4j-vulnerability/ - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: QSC Q-SYS + - vendor: Rubrik product: '' cves: cve-2021-4104: @@ -65137,13 +70738,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://qscprod.force.com/selfhelpportal/s/article/Are-Q-SYS-products-affected-by-the-Log4j-vulnerability-CVE-2021-44228 - notes: '' + - https://support.rubrik.com/s/announcementdetail?Id=a406f000001PwOcAAK + notes: This advisory is available to customers only and has not been reviewed + by CISA references: - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: QT - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Ruckus + product: Virtual SmartZone (vSZ) cves: cve-2021-4104: investigated: false @@ -65151,8 +70753,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 5.1 to 6.0 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -65166,12 +70769,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.qt.io/blog/the-qt-company-products-not-affected-by-cve-2021-44228-log4j-vulnerability + - https://support.ruckuswireless.com/security_bulletins/313 notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: Quest Global + last_updated: '2021-12-13T00:00:00' + - vendor: RunDeck by PagerDuty product: '' cves: cve-2021-4104: @@ -65195,11 +70798,11 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.quest.com/fr-fr/search#q=CVE-2021-44228&t=Global + - https://docs.rundeck.com/docs/history/CVEs/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Runecast product: Runecast Analyzer cves: @@ -65229,7 +70832,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: SAE-IT product: '' cves: @@ -65258,7 +70861,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: SAFE FME Server product: '' cves: @@ -65287,7 +70890,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: SAGE product: '' cves: @@ -65316,7 +70919,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: SailPoint product: '' cves: @@ -65346,7 +70949,7 @@ software: by CISA references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Salesforce product: Analytics Cloud cves: @@ -66319,7 +71922,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: SAP product: '' cves: @@ -66438,7 +72041,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: SASSAFRAS product: '' cves: @@ -66467,7 +72070,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Savignano software solutions product: '' cves: @@ -66496,7 +72099,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: SBT product: SBT cves: @@ -66556,7 +72159,7 @@ software: by CISA references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: ScaleFusion MobileLock Pro product: '' cves: @@ -66585,7 +72188,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Schneider Electric product: EASYFIT cves: @@ -67331,7 +72934,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: ScreenBeam product: '' cves: @@ -67360,7 +72963,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: SDL worldServer product: '' cves: @@ -67389,7 +72992,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Seagull Scientific product: '' cves: @@ -67418,7 +73021,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: SecurePoint product: '' cves: @@ -67447,7 +73050,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Security Onion product: '' cves: @@ -67476,7 +73079,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Securonix product: Extended Detection and Response (XDR) cves: @@ -67655,7 +73258,7 @@ software: by CISA. references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: SentinelOne product: '' cves: @@ -67684,7 +73287,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Sentry product: '' cves: @@ -67713,7 +73316,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: SEP product: '' cves: @@ -67742,7 +73345,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Server Eye product: '' cves: @@ -67771,7 +73374,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: ServiceNow product: '' cves: @@ -67800,7 +73403,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Shibboleth product: '' cves: @@ -67829,7 +73432,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Shibboleth product: All Products cves: @@ -67885,13 +73488,42 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.shopify.com/c/technical-q-a/is-shopify-affected-by-the-log4j-vulnerability/td-p/1417625 + - https://community.shopify.com/c/technical-q-a/is-shopify-affected-by-the-log4j-vulnerability/td-p/1417625 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Siebel + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.siebelhub.com/main/2021/12/log4j-vulnerability-cve-2021-44228-and-siebel-crm.html notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: Siebel - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Siemens + product: Affected Products cves: cve-2021-4104: investigated: false @@ -67914,11 +73546,42 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siebelhub.com/main/2021/12/log4j-vulnerability-cve-2021-44228-and-siebel-crm.html - notes: '' + - https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf + notes: 'Siemens requests: See pdf for the complete list of affected products, + CSAF for automated parsing of data' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens + product: Affected Products + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf + notes: 'Siemens requests: See pdf for the complete list of affected products, + CSAF for automated parsing of data' + references: + - '' + last_updated: '2021-12-19T00:00:00' - vendor: Siemens Energy product: Affected Products cves: @@ -69037,66 +74700,6 @@ software: references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Siemens - product: Affected Products - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf - notes: 'Siemens requests: See pdf for the complete list of affected products, - CSAF for automated parsing of data' - references: - - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Siemens - product: Affected Products - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf - notes: 'Siemens requests: See pdf for the complete list of affected products, - CSAF for automated parsing of data' - references: - - '' - last_updated: '2021-12-19T00:00:00' - vendor: Sierra Wireless product: '' cves: @@ -69125,7 +74728,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Sierra Wireless product: AirVantage and Octave cloud platforms cves: @@ -69213,7 +74816,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Silver Peak product: Orchestrator, Silver Peak GMS cves: @@ -69275,7 +74878,7 @@ software: by CISA references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: SISCO product: '' cves: @@ -69333,7 +74936,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Skillable product: '' cves: @@ -69362,7 +74965,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: SLF4J product: '' cves: @@ -69391,7 +74994,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Slurm product: Slurm cves: @@ -69479,7 +75082,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: SmileCDR product: '' cves: @@ -69508,7 +75111,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Sn0m product: '' cves: @@ -69537,7 +75140,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Snakemake product: Snakemake cves: @@ -69597,7 +75200,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Snow Software product: VM Access Proxy cves: @@ -69627,7 +75230,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Snowflake product: '' cves: @@ -69656,7 +75259,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Snyk product: Cloud Platform cves: @@ -69685,7 +75288,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Software AG product: '' cves: @@ -69714,7 +75317,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: SolarWinds product: Database Performance Analyzer (DPA) cves: @@ -69835,7 +75438,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Sonatype product: All Products cves: @@ -70777,7 +76380,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Spacelabs Healthcare product: ABP cves: @@ -71375,7 +76978,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Spigot product: '' cves: @@ -71404,7 +77007,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Splunk product: Data Stream Processor cves: @@ -72076,9 +77679,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: Spring Boot - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Spring + product: Spring Boot cves: cve-2021-4104: investigated: false @@ -72102,12 +77705,13 @@ software: unaffected_versions: [] vendor_links: - https://spring.io/blog/2021/12/10/log4j2-vulnerability-and-spring-boot - notes: '' + notes: Spring Boot users are only affected by this vulnerability if they have + switched the default logging system to Log4J2 references: - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: Spring - product: Spring Boot + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Spring Boot + product: '' cves: cve-2021-4104: investigated: false @@ -72131,11 +77735,10 @@ software: unaffected_versions: [] vendor_links: - https://spring.io/blog/2021/12/10/log4j2-vulnerability-and-spring-boot - notes: Spring Boot users are only affected by this vulnerability if they have - switched the default logging system to Log4J2 + notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: StarDog product: '' cves: @@ -72164,7 +77767,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: STERIS product: Advantage cves: @@ -73701,7 +79304,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Storagement product: '' cves: @@ -73730,7 +79333,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: StormShield product: '' cves: @@ -73759,7 +79362,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: StrangeBee TheHive & Cortex product: '' cves: @@ -73788,7 +79391,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Stratodesk product: '' cves: @@ -73817,7 +79420,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Strimzi product: '' cves: @@ -73846,7 +79449,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Stripe product: '' cves: @@ -73875,7 +79478,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Styra product: '' cves: @@ -73904,7 +79507,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Sumologic product: '' cves: @@ -73933,7 +79536,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: SumoLogic product: '' cves: @@ -73962,7 +79565,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Superna EYEGLASS product: '' cves: @@ -73991,7 +79594,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Suprema Inc product: '' cves: @@ -74020,7 +79623,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: SUSE product: '' cves: @@ -74049,7 +79652,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Sweepwidget product: '' cves: @@ -74078,7 +79681,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Swyx product: '' cves: @@ -74107,7 +79710,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Synchro MSP product: '' cves: @@ -74136,7 +79739,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Syncplify product: '' cves: @@ -74165,7 +79768,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Synology product: '' cves: @@ -74194,7 +79797,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Synopsys product: '' cves: @@ -74223,7 +79826,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Syntevo product: '' cves: @@ -74252,7 +79855,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: SysAid product: '' cves: @@ -74281,7 +79884,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Sysdig product: '' cves: @@ -74310,7 +79913,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Tableau product: Tableau Bridge cves: @@ -74567,7 +80170,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Tanium product: All cves: @@ -74626,7 +80229,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: TeamPasswordManager product: '' cves: @@ -74655,7 +80258,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Teamviewer product: '' cves: @@ -74684,7 +80287,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Tech Software product: OneAegis (f/k/a IRBManager) cves: @@ -74803,7 +80406,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Telestream product: '' cves: @@ -74832,7 +80435,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Tenable product: Tenable.io / Nessus cves: @@ -74862,7 +80465,7 @@ software: to CVE-2021-44228 or CVE-2021-45046 at this time references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Thales product: CADP/SafeNet Protect App (PA) - JCE cves: @@ -76698,7 +82301,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: ThycoticCentrify product: Account Lifecycle Manager cves: @@ -76997,7 +82600,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Top Gun Technology (TGT) product: '' cves: @@ -77026,7 +82629,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: TopDesk product: '' cves: @@ -77055,7 +82658,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Topicus Security product: Topicus KeyHub cves: @@ -77114,7 +82717,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Tosibox product: '' cves: @@ -77143,7 +82746,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: TPLink product: Omega Controller cves: @@ -77204,7 +82807,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Tricentis Tosca product: '' cves: @@ -77233,7 +82836,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Tridium product: '' cves: @@ -77531,7 +83134,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: TrueNAS product: '' cves: @@ -77560,7 +83163,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Tufin product: '' cves: @@ -77589,7 +83192,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: TYPO3 product: '' cves: @@ -77618,7 +83221,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Ubiquiti product: UniFi Network Application cves: @@ -77648,7 +83251,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Ubiquiti product: UniFi Network Controller cves: @@ -77708,7 +83311,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: UiPath product: InSights cves: @@ -77767,7 +83370,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: UniFlow product: '' cves: @@ -77796,7 +83399,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Unify ATOS product: '' cves: @@ -77825,7 +83428,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Unimus product: '' cves: @@ -77854,7 +83457,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: USSIGNAL MSP product: '' cves: @@ -77883,7 +83486,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Varian product: Acuity cves: @@ -79113,7 +84716,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Varnish Software product: '' cves: @@ -79142,7 +84745,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Varonis product: '' cves: @@ -79171,7 +84774,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Veeam product: '' cves: @@ -79200,7 +84803,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Venafi product: '' cves: @@ -79229,7 +84832,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Veritas NetBackup product: '' cves: @@ -79258,7 +84861,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Vertica product: '' cves: @@ -79346,7 +84949,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: VMware product: API Portal for VMware Tanzu cves: @@ -80598,7 +86201,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Wasp Barcode technologies product: '' cves: @@ -80627,7 +86230,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: WatchGuard product: Secplicity cves: @@ -80656,7 +86259,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Western Digital product: '' cves: @@ -80685,7 +86288,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: WIBU Systems product: CodeMeter Cloud Lite cves: @@ -80746,35 +86349,279 @@ software: references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: WindRiver - product: '' + - vendor: Wind River + product: LTS17 cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All vendor_links: - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-21T00:00:00' + - vendor: Wind River + product: LTS18 + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + vendor_links: + - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 + notes: '' + references: + - '' + last_updated: '2022-01-21T00:00:00' + - vendor: Wind River + product: LTS19 + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + vendor_links: + - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 + notes: '' + references: + - '' + last_updated: '2022-01-21T00:00:00' + - vendor: Wind River + product: LTS21 + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + vendor_links: + - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Wind River + product: WRL-6 + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + vendor_links: + - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 + notes: The Wind River Linux Product Versions 8.0 and prior contains the log4j1.2 + and JMSAppender components, however, JMSAppender is deactivated in the release + package and not affected by CVE-2021-4104 customers are advised to NOT manually + activate the JMSAppender component. + references: + - '' + last_updated: '2022-01-21T00:00:00' + - vendor: Wind River + product: WRL-7 + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + vendor_links: + - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 + notes: The Wind River Linux Product Versions 8.0 and prior contains the log4j1.2 + and JMSAppender components, however, JMSAppender is deactivated in the release + package and not affected by CVE-2021-4104 customers are advised to NOT manually + activate the JMSAppender component. + references: + - '' + last_updated: '2022-01-21T00:00:00' + - vendor: Wind River + product: WRL-8 + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + vendor_links: + - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 + notes: The Wind River Linux Product Versions 8.0 and prior contains the log4j1.2 + and JMSAppender components, however, JMSAppender is deactivated in the release + package and not affected by CVE-2021-4104 customers are advised to NOT manually + activate the JMSAppender component. + references: + - '' + last_updated: '2022-01-21T00:00:00' + - vendor: Wind River + product: WRL-9 + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + vendor_links: + - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 + notes: '' + references: + - '' + last_updated: '2022-01-21T00:00:00' - vendor: WireShark product: '' cves: @@ -80803,7 +86650,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Wistia product: '' cves: @@ -80832,7 +86679,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: WitFoo product: '' cves: @@ -80861,7 +86708,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: WordPress product: '' cves: @@ -80890,7 +86737,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Worksphere product: '' cves: @@ -80919,7 +86766,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Wowza product: '' cves: @@ -80948,7 +86795,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: WSO2 product: WSO2 Enterprise Integrator cves: @@ -80978,7 +86825,7 @@ software: notes: A temporary mitigation is available while vendor works on update references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: XCP-ng product: '' cves: @@ -81007,7 +86854,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: XenForo product: '' cves: @@ -81036,7 +86883,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Xerox product: '' cves: @@ -81065,7 +86912,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: XPertDoc product: '' cves: @@ -81094,7 +86941,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: XPLG product: '' cves: @@ -81123,7 +86970,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: XWIKI product: '' cves: @@ -81152,7 +86999,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Xylem product: Aquatalk cves: @@ -81651,7 +87498,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: YellowFin product: '' cves: @@ -81680,7 +87527,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: YOKOGAWA product: '' cves: @@ -81738,7 +87585,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Zabbix product: '' cves: @@ -81767,7 +87614,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: ZAMMAD product: '' cves: @@ -81796,7 +87643,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Zaproxy product: '' cves: @@ -81825,7 +87672,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Zebra product: '' cves: @@ -81854,7 +87701,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Zendesk product: All Products cves: @@ -81915,7 +87762,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Zentera Systems, Inc. product: CoIP Access Platform cves: @@ -81974,7 +87821,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Zesty product: '' cves: @@ -82003,7 +87850,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Zimbra product: '' cves: @@ -82032,7 +87879,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Zix product: '' cves: @@ -82090,7 +87937,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: ZPE systems Inc product: '' cves: @@ -82119,7 +87966,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Zscaler product: See Link (Multiple Products) cves: @@ -82177,7 +88024,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Zyxel product: Security Firewall/Gateways cves: diff --git a/data/cisagov_A.yml b/data/cisagov_A.yml index 03f5dd2..f569214 100644 --- a/data/cisagov_A.yml +++ b/data/cisagov_A.yml @@ -475,8 +475,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: AFAS Software - product: '' + - vendor: Advanced Systems Concepts (formally Jscape) + product: Active MFT cves: cve-2021-4104: investigated: false @@ -499,13 +499,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.afas.nl/vraagantwoord/NL/SE/120439.htm - notes: '' + - https://support.advsyscon.com/hc/en-us/articles/4413631831569 + notes: This advisory is available to customers only and has not been reviewed + by CISA references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: AFHCAN Global LLC - product: AFHCANsuite + last_updated: '2021-12-14T00:00:00' + - vendor: Advanced Systems Concepts (formally Jscape) + product: MFT cves: cve-2021-4104: investigated: false @@ -513,11 +514,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - 8.0.7 - 8.4.3 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -529,13 +529,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://afhcan.org/support.aspx - notes: '' + - https://support.advsyscon.com/hc/en-us/articles/4413631831569 + notes: This advisory is available to customers only and has not been reviewed + by CISA references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: AFHCAN Global LLC - product: AFHCANServer + last_updated: '2021-12-14T00:00:00' + - vendor: Advanced Systems Concepts (formally Jscape) + product: MFT Gateway cves: cve-2021-4104: investigated: false @@ -543,11 +544,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - 8.0.7 - 8.4.3 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -559,13 +559,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://afhcan.org/support.aspx - notes: '' + - https://support.advsyscon.com/hc/en-us/articles/4413631831569 + notes: This advisory is available to customers only and has not been reviewed + by CISA references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: AFHCAN Global LLC - product: AFHCANcart + last_updated: '2021-12-14T00:00:00' + - vendor: Advanced Systems Concepts (formally Jscape) + product: MFT Server cves: cve-2021-4104: investigated: false @@ -573,11 +574,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - 8.0.7 - 8.4.3 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -589,13 +589,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://afhcan.org/support.aspx - notes: '' + - https://support.advsyscon.com/hc/en-us/articles/4413631831569 + notes: This advisory is available to customers only and has not been reviewed + by CISA references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: AFHCAN Global LLC - product: AFHCANweb + last_updated: '2021-12-14T00:00:00' + - vendor: AFAS Software + product: '' cves: cve-2021-4104: investigated: false @@ -603,11 +604,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - 8.0.7 - 8.4.3 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -619,13 +619,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://afhcan.org/support.aspx + - https://help.afas.nl/vraagantwoord/NL/SE/120439.htm notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: AFHCAN Global LLC - product: AFHCANmobile + product: AFHCANcart cves: cve-2021-4104: investigated: false @@ -655,7 +655,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: AFHCAN Global LLC - product: AFHCANupdate + product: AFHCANmobile cves: cve-2021-4104: investigated: false @@ -684,8 +684,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Agilysys - product: '' + - vendor: AFHCAN Global LLC + product: AFHCANServer cves: cve-2021-4104: investigated: false @@ -693,10 +693,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 8.0.7 - 8.4.3 cve-2021-45046: investigated: false affected_versions: [] @@ -708,13 +709,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://info.agilysys.com/webmail/76642/2001127877/c3fda575e2313fac1f6a203dc6fc1db2439c3db0da22bde1b6c1b6747d7f0e2f + - https://afhcan.org/support.aspx notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Advanced Systems Concepts (formally Jscape) - product: Active MFT + - vendor: AFHCAN Global LLC + product: AFHCANsuite cves: cve-2021-4104: investigated: false @@ -722,10 +723,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 8.0.7 - 8.4.3 cve-2021-45046: investigated: false affected_versions: [] @@ -737,14 +739,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.advsyscon.com/hc/en-us/articles/4413631831569 - notes: This advisory is available to customers only and has not been reviewed - by CISA + - https://afhcan.org/support.aspx + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Advanced Systems Concepts (formally Jscape) - product: MFT Server + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: AFHCAN Global LLC + product: AFHCANupdate cves: cve-2021-4104: investigated: false @@ -752,10 +753,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 8.0.7 - 8.4.3 cve-2021-45046: investigated: false affected_versions: [] @@ -767,14 +769,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.advsyscon.com/hc/en-us/articles/4413631831569 - notes: This advisory is available to customers only and has not been reviewed - by CISA + - https://afhcan.org/support.aspx + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Advanced Systems Concepts (formally Jscape) - product: MFT Gateway + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: AFHCAN Global LLC + product: AFHCANweb cves: cve-2021-4104: investigated: false @@ -782,10 +783,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 8.0.7 - 8.4.3 cve-2021-45046: investigated: false affected_versions: [] @@ -797,14 +799,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.advsyscon.com/hc/en-us/articles/4413631831569 - notes: This advisory is available to customers only and has not been reviewed - by CISA + - https://afhcan.org/support.aspx + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Advanced Systems Concepts (formally Jscape) - product: MFT + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Agilysys + product: '' cves: cve-2021-4104: investigated: false @@ -827,12 +828,11 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.advsyscon.com/hc/en-us/articles/4413631831569 - notes: This advisory is available to customers only and has not been reviewed - by CISA + - https://info.agilysys.com/webmail/76642/2001127877/c3fda575e2313fac1f6a203dc6fc1db2439c3db0da22bde1b6c1b6747d7f0e2f + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Akamai product: SIEM Splunk Connector cves: @@ -1192,7 +1192,7 @@ software: - '' last_updated: '2021-12-23T00:00:00' - vendor: Amazon - product: AWS Lambda + product: AWS DynamoDB cves: cve-2021-4104: investigated: false @@ -1201,9 +1201,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: + affected_versions: [] + fixed_versions: - Unknown - fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -1216,13 +1216,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' + last_updated: '2021-12-17T00:00:00' - vendor: Amazon - product: AWS DynamoDB + product: AWS EKS, ECS, Fargate cves: cve-2021-4104: investigated: false @@ -1231,9 +1231,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: + affected_versions: - Unknown + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -1247,10 +1247,16 @@ software: unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: '' + notes: To help mitigate the impact of the open-source Apache “Log4j2" utility + (CVE-2021-44228 and CVE-2021-45046) security issues on customers’ containers, + Amazon EKS, Amazon ECS, and AWS Fargate are deploying a Linux-based update (hot-patch). + This hot-patch will require customer opt-in to use, and disables JNDI lookups + from the Log4J2 library in customers’ containers. These updates are available + as an Amazon Linux package for Amazon ECS customers, as a DaemonSet for Kubernetes + users on AWS, and will be in supported AWS Fargate platform versions references: - '' - last_updated: '2021-12-17T00:00:00' + last_updated: '2021-12-16T00:00:00' - vendor: Amazon product: AWS ElastiCache cves: @@ -1282,7 +1288,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Amazon - product: AWS Inspector + product: AWS ELB cves: cve-2021-4104: investigated: false @@ -1310,9 +1316,9 @@ software: notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' + last_updated: '2021-12-16T00:00:00' - vendor: Amazon - product: AWS RDS + product: AWS Inspector cves: cve-2021-4104: investigated: false @@ -1337,13 +1343,12 @@ software: unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: Amazon RDS and Amazon Aurora have been updated to mitigate the issues identified - in CVE-2021-44228 + notes: '' references: - '' last_updated: '2021-12-17T00:00:00' - vendor: Amazon - product: AWS S3 + product: AWS Kinesis Data Stream cves: cve-2021-4104: investigated: false @@ -1352,9 +1357,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: + affected_versions: - Unknown + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -1368,12 +1373,16 @@ software: unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: '' + notes: We are actively patching all sub-systems that use Log4j2 by applying updates. + The Kinesis Client Library (KCL) version 2.X and the Kinesis Producer Library + (KPL) are not impacted. For customers using KCL 1.x, we have released an updated + version and we strongly recommend that all KCL version 1.x customers upgrade + to KCL version 1.14.5 (or higher) references: - '' last_updated: '2021-12-14T00:00:00' - vendor: Amazon - product: AWS SNS + product: AWS Lambda cves: cve-2021-4104: investigated: false @@ -1382,9 +1391,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: + affected_versions: - Unknown + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -1397,15 +1406,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: Amazon SNS systems that serve customer traffic are patched against the - Log4j2 issue. We are working to apply the Log4j2 patch to sub-systems that operate - separately from SNS’s systems that serve customer traffic + - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon - product: AWS SQS + product: AWS Lambda cves: cve-2021-4104: investigated: false @@ -1414,9 +1421,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: + affected_versions: - Unknown + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -1429,13 +1436,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon - product: AWS EKS, ECS, Fargate + product: AWS RDS cves: cve-2021-4104: investigated: false @@ -1444,9 +1451,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: + affected_versions: [] + fixed_versions: - Unknown - fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -1460,18 +1467,13 @@ software: unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: To help mitigate the impact of the open-source Apache “Log4j2" utility - (CVE-2021-44228 and CVE-2021-45046) security issues on customers’ containers, - Amazon EKS, Amazon ECS, and AWS Fargate are deploying a Linux-based update (hot-patch). - This hot-patch will require customer opt-in to use, and disables JNDI lookups - from the Log4J2 library in customers’ containers. These updates are available - as an Amazon Linux package for Amazon ECS customers, as a DaemonSet for Kubernetes - users on AWS, and will be in supported AWS Fargate platform versions + notes: Amazon RDS and Amazon Aurora have been updated to mitigate the issues identified + in CVE-2021-44228 references: - '' - last_updated: '2021-12-16T00:00:00' + last_updated: '2021-12-17T00:00:00' - vendor: Amazon - product: AWS ELB + product: AWS S3 cves: cve-2021-4104: investigated: false @@ -1499,9 +1501,9 @@ software: notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' + last_updated: '2021-12-14T00:00:00' - vendor: Amazon - product: AWS Kinesis Data Stream + product: AWS SNS cves: cve-2021-4104: investigated: false @@ -1510,9 +1512,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: + affected_versions: [] + fixed_versions: - Unknown - fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -1526,16 +1528,14 @@ software: unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: We are actively patching all sub-systems that use Log4j2 by applying updates. - The Kinesis Client Library (KCL) version 2.X and the Kinesis Producer Library - (KPL) are not impacted. For customers using KCL 1.x, we have released an updated - version and we strongly recommend that all KCL version 1.x customers upgrade - to KCL version 1.14.5 (or higher) + notes: Amazon SNS systems that serve customer traffic are patched against the + Log4j2 issue. We are working to apply the Log4j2 patch to sub-systems that operate + separately from SNS’s systems that serve customer traffic references: - '' last_updated: '2021-12-14T00:00:00' - vendor: Amazon - product: AWS Lambda + product: AWS SQS cves: cve-2021-4104: investigated: false @@ -1544,9 +1544,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: + affected_versions: [] + fixed_versions: - Unknown - fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -1559,11 +1559,11 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' + last_updated: '2021-12-15T00:00:00' - vendor: Amazon product: CloudFront cves: @@ -2045,7 +2045,7 @@ software: - '' last_updated: '2021-12-13T00:00:00' - vendor: Apache - product: Camel Quarkus + product: Camel 2 cves: cve-2021-4104: investigated: false @@ -2074,7 +2074,7 @@ software: - '' last_updated: '2021-12-13T00:00:00' - vendor: Apache - product: Camel K + product: Camel JBang cves: cve-2021-4104: investigated: false @@ -2082,8 +2082,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - <=3.1.4 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -2103,7 +2104,7 @@ software: - '' last_updated: '2021-12-13T00:00:00' - vendor: Apache - product: CamelKafka Connector + product: Camel K cves: cve-2021-4104: investigated: false @@ -2162,7 +2163,7 @@ software: - '' last_updated: '2021-12-13T00:00:00' - vendor: Apache - product: Camel JBang + product: Camel Quarkus cves: cve-2021-4104: investigated: false @@ -2170,9 +2171,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - <=3.1.4 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -2192,7 +2192,7 @@ software: - '' last_updated: '2021-12-13T00:00:00' - vendor: Apache - product: Camel 2 + product: CamelKafka Connector cves: cve-2021-4104: investigated: false @@ -2480,8 +2480,8 @@ software: references: - '' last_updated: '2021-12-21T00:00:00' - - vendor: Apereo - product: CAS + - vendor: APC by Schneider Electric + product: Powerchute Business Edition cves: cve-2021-4104: investigated: false @@ -2490,10 +2490,47 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 6.3.x & 6.4.x + affected_versions: [] + fixed_versions: + - v9.5 + - v10.0.1 + - v10.0.2 + - v10.0.3 + - v10.0.4 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] + vendor_links: + - https://community.exchange.se.com/t5/APC-UPS-Data-Center-Backup/Log4-versions-used-in-Powerchute-vulnerable/m-p/379866/highlight/true#M47345 + notes: Mitigation instructions to remove the affected class. + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: APC by Schneider Electric + product: Powerchute Network Shutdown + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '4.2' + - '4.3' + - '4.4' + - 4.4.1 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2505,13 +2542,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://apereo.github.io/2021/12/11/log4j-vuln/ - notes: '' + - https://community.exchange.se.com/t5/APC-UPS-Data-Center-Backup/Log4-versions-used-in-Powerchute-vulnerable/m-p/379866/highlight/true#M47345 + notes: Mitigation instructions to remove the affected class. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' + last_updated: '2021-12-15T00:00:00' - vendor: Apereo - product: Opencast + product: CAS cves: cve-2021-4104: investigated: false @@ -2521,8 +2558,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - < 9.10 - - < 10.6 + - 6.3.x & 6.4.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -2536,13 +2572,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://github.com/opencast/opencast/security/advisories/GHSA-mf4f-j588-5xm8 + - https://apereo.github.io/2021/12/11/log4j-vuln/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Application Performance Ltd - product: DBMarlin + - vendor: Apereo + product: Opencast cves: cve-2021-4104: investigated: false @@ -2550,9 +2586,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: - - Not Affected + - < 9.10 + - < 10.6 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -2565,11 +2602,12 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://github.com/opencast/opencast/security/advisories/GHSA-mf4f-j588-5xm8 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Apigee product: '' cves: @@ -2755,7 +2793,8 @@ software: unaffected_versions: [] cve-2021-44228: investigated: false - affected_versions: [] + affected_versions: + - Not Affected fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -2768,14 +2807,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://docs.dbmarlin.com/docs/faqs/frequently-asked-questions/?_ga=2.72968147.1563671049.1639624574-1296952804.1639624574#apache-log4j-vulnerability-cve-2021-4428 + vendor_links: [] notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - - vendor: APPSHEET - product: '' + - vendor: Application Performance Ltd + product: DBMarlin cves: cve-2021-4104: investigated: false @@ -2798,13 +2836,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.appsheet.com/t/appsheet-statement-on-log4j-vulnerability-cve-2021-44228/59976 + - https://docs.dbmarlin.com/docs/faqs/frequently-asked-questions/?_ga=2.72968147.1563671049.1639624574-1296952804.1639624574#apache-log4j-vulnerability-cve-2021-4428 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Aptible - product: Aptible + last_updated: '2021-12-15T00:00:00' + - vendor: APPSHEET + product: '' cves: cve-2021-4104: investigated: false @@ -2812,9 +2850,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - ElasticSearch 5.x + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -2828,13 +2865,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://status.aptible.com/incidents/gk1rh440h36s?u=zfbcrbt2lkv4 + - https://community.appsheet.com/t/appsheet-statement-on-log4j-vulnerability-cve-2021-44228/59976 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: APC by Schneider Electric - product: Powerchute Business Edition + - vendor: Aptible + product: Aptible cves: cve-2021-4104: investigated: false @@ -2843,47 +2880,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: - - v9.5 - - v10.0.1 - - v10.0.2 - - v10.0.3 - - v10.0.4 - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.exchange.se.com/t5/APC-UPS-Data-Center-Backup/Log4-versions-used-in-Powerchute-vulnerable/m-p/379866/highlight/true#M47345 - notes: Mitigation instructions to remove the affected class. - references: - - '' - last_updated: '2021-12-15T00:00:00' - - vendor: APC by Schneider Electric - product: Powerchute Network Shutdown - cves: - cve-2021-4104: - investigated: false - affected_versions: [] + affected_versions: + - ElasticSearch 5.x fixed_versions: [] unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - '4.2' - - '4.3' - - '4.4' - - 4.4.1 - unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2895,11 +2895,11 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.exchange.se.com/t5/APC-UPS-Data-Center-Backup/Log4-versions-used-in-Powerchute-vulnerable/m-p/379866/highlight/true#M47345 - notes: Mitigation instructions to remove the affected class. + - https://status.aptible.com/incidents/gk1rh440h36s?u=zfbcrbt2lkv4 + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Aqua Security product: '' cves: @@ -3718,7 +3718,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -3731,7 +3731,9 @@ software: unaffected_versions: [] vendor_links: - https://www.atvise.com/en/articles/at-log4j-sicherheitsluecke-atvise-produkte-und-terminals-nicht-betroffen - notes: The security vulnerability does NOT affect our applications and products or pose any threat. This applies to all Bachmann applications and products, including atvise solutions. + notes: The security vulnerability does NOT affect our applications and products + or pose any threat. This applies to all Bachmann applications and products, + including atvise solutions. references: - '' last_updated: '2022-01-17T00:00:00' @@ -4081,6 +4083,38 @@ software: references: - '' last_updated: '2021-12-14T00:00:00' + - vendor: Avaya + product: Avaya Aura® Device Services + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 8.0.1 + - 8.0.2 + - 8.1.3 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' - vendor: Avaya product: Avaya Aura® Media Server cves: @@ -4816,38 +4850,6 @@ software: references: - '' last_updated: '2021-12-14T00:00:00' - - vendor: Avaya - product: Avaya Aura® Device Services - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: - - 8.0.1 - - 8.0.2 - - 8.1.3 - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 - notes: '' - references: - - '' - last_updated: '2021-12-14T00:00:00' - vendor: AVEPOINT product: '' cves: diff --git a/data/cisagov_B.yml b/data/cisagov_B.yml index 5a00349..5cb247d 100644 --- a/data/cisagov_B.yml +++ b/data/cisagov_B.yml @@ -33,7 +33,7 @@ software: references: - '' last_updated: '2021-12-16T00:00:00' - - vendor: Baxter + - vendor: BackBox product: '' cves: cve-2021-4104: @@ -57,12 +57,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.baxter.com/sites/g/files/ebysai746/files/2021-12/Apache_Log4j_Vulnerability.pdf + - https://updates.backbox.com/V6.5/Docs/CVE-2021-44228.pdf notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BackBox + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Balbix product: '' cves: cve-2021-4104: @@ -86,12 +86,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://updates.backbox.com/V6.5/Docs/CVE-2021-44228.pdf + - https://www.balbix.com/blog/broad-exposure-to-log4shell-cve-2021-44228-highlights-how-the-attack-surface-has-exploded/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Balbix + - vendor: Baramundi Products product: '' cves: cve-2021-4104: @@ -115,12 +115,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.balbix.com/blog/broad-exposure-to-log4shell-cve-2021-44228-highlights-how-the-attack-surface-has-exploded/ + - https://forum.baramundi.com/index.php?threads/baramundi-produkte-von-log4shell-schwachstelle-in-log4j-nicht-betroffen.12539/#post-62875 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Baramundi Products + - vendor: Barco product: '' cves: cve-2021-4104: @@ -144,12 +144,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forum.baramundi.com/index.php?threads/baramundi-produkte-von-log4shell-schwachstelle-in-log4j-nicht-betroffen.12539/#post-62875 + - https://www.barco.com/en/support/knowledge-base/kb12495 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Barco + - vendor: Barracuda product: '' cves: cve-2021-4104: @@ -173,12 +173,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.barco.com/en/support/knowledge-base/kb12495 + - https://www.barracuda.com/company/legal/trust-center notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Barracuda + - vendor: Baxter product: '' cves: cve-2021-4104: @@ -202,13 +202,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.barracuda.com/company/legal/trust-center + - https://www.baxter.com/sites/g/files/ebysai746/files/2021-12/Apache_Log4j_Vulnerability.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' + last_updated: '2021-12-20T00:00:00' - vendor: BBraun - product: Outlook® Safety Infusion System Pump family + product: APEX® Compounder cves: cve-2021-4104: investigated: false @@ -237,8 +237,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: BBraun - product: Space® Infusion Pump family (Infusomat® Space® Infusion Pump, Perfusor® - Space® Infusion + product: DoseTrac® Server, DoseLink™ Server, and Space® Online Suite Server software cves: cve-2021-4104: investigated: false @@ -267,7 +266,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: BBraun - product: Pump, SpaceStation, and Space® Wireless Battery) + product: Outlook® Safety Infusion System Pump family cves: cve-2021-4104: investigated: false @@ -296,7 +295,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: BBraun - product: DoseTrac® Server, DoseLink™ Server, and Space® Online Suite Server software + product: Pinnacle® Compounder cves: cve-2021-4104: investigated: false @@ -325,7 +324,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: BBraun - product: Pinnacle® Compounder + product: Pump, SpaceStation, and Space® Wireless Battery) cves: cve-2021-4104: investigated: false @@ -354,7 +353,8 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: BBraun - product: APEX® Compounder + product: Space® Infusion Pump family (Infusomat® Space® Infusion Pump, Perfusor® + Space® Infusion cves: cve-2021-4104: investigated: false @@ -615,7 +615,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: BD - product: BD Knowledge Portal for Infusion Technologies + product: BD Knowledge Portal for BD Pyxis™ Supply cves: cve-2021-4104: investigated: false @@ -644,7 +644,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: BD - product: BD Knowledge Portal for Medication Technologies + product: BD Knowledge Portal for Infusion Technologies cves: cve-2021-4104: investigated: false @@ -673,7 +673,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: BD - product: BD Knowledge Portal for BD Pyxis™ Supply + product: BD Knowledge Portal for Medication Technologies cves: cve-2021-4104: investigated: false @@ -1049,7 +1049,7 @@ software: references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: BioMerieux + - vendor: Bender product: '' cves: cve-2021-4104: @@ -1073,12 +1073,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.biomerieux.com/en/cybersecurity-data-privacy + - https://www.bender.de/en/cert notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Bender + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Best Practical Request Tracker (RT) and Request Tracker for Incident Response + (RTIR) product: '' cves: cve-2021-4104: @@ -1102,14 +1103,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.bender.de/en/cert + - https://bestpractical.com/blog/2021/12/request-tracker-rt-and-request-tracker-for-incident-response-rtir-do-not-use-log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Best Practical Request Tracker (RT) and Request Tracker for Incident Response - (RTIR) - product: '' + - vendor: BeyondTrust + product: Privilege Management Cloud cves: cve-2021-4104: investigated: false @@ -1117,9 +1117,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - Unknown unaffected_versions: [] cve-2021-45046: investigated: false @@ -1132,13 +1133,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://bestpractical.com/blog/2021/12/request-tracker-rt-and-request-tracker-for-incident-response-rtir-do-not-use-log4j + - https://www.beyondtrust.com/blog/entry/security-advisory-apache-log4j2-cve-2021-44228-log4shell notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' + last_updated: '2021-12-17T00:00:00' - vendor: BeyondTrust - product: Privilege Management Cloud + product: Privilege Management Reporting in BeyondInsight cves: cve-2021-4104: investigated: false @@ -1149,7 +1150,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - Unknown + - '21.2' unaffected_versions: [] cve-2021-45046: investigated: false @@ -1168,7 +1169,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: BeyondTrust - product: Privilege Management Reporting in BeyondInsight + product: Secure Remote Access appliances cves: cve-2021-4104: investigated: false @@ -1178,9 +1179,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - '21.2' - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - Unknown cve-2021-45046: investigated: false affected_versions: [] @@ -1197,8 +1198,8 @@ software: references: - '' last_updated: '2021-12-17T00:00:00' - - vendor: BeyondTrust - product: Secure Remote Access appliances + - vendor: BeyondTrust Bomgar + product: '' cves: cve-2021-4104: investigated: false @@ -1206,11 +1207,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - Unknown + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1222,12 +1222,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.beyondtrust.com/blog/entry/security-advisory-apache-log4j2-cve-2021-44228-log4shell + - https://beyondtrustcorp.service-now.com/kb_view.do?sysparm_article=KB0016542 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: BeyondTrust Bomgar + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BioMerieux product: '' cves: cve-2021-4104: @@ -1251,11 +1251,11 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://beyondtrustcorp.service-now.com/kb_view.do?sysparm_article=KB0016542 + - https://www.biomerieux.com/en/cybersecurity-data-privacy notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' + last_updated: '2021-12-22T00:00:00' - vendor: BisectHosting product: '' cves: @@ -2590,7 +2590,7 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Boston Scientific + - vendor: Bosch product: '' cves: cve-2021-4104: @@ -2614,12 +2614,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.bostonscientific.com/content/dam/bostonscientific/corporate/product-security/bsc_statement_on_apache_log4j-v1.pdf + - https://bosch-iot-suite.com/news/apache-log4j-rce-vulnerability/ notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Bosch + last_updated: '2021-12-22T00:00:00' + - vendor: Boston Scientific product: '' cves: cve-2021-4104: @@ -2643,11 +2643,11 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://bosch-iot-suite.com/news/apache-log4j-rce-vulnerability/ + - https://www.bostonscientific.com/content/dam/bostonscientific/corporate/product-security/bsc_statement_on_apache_log4j-v1.pdf notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' + last_updated: '2021-12-20T00:00:00' - vendor: Box product: '' cves: @@ -4067,7 +4067,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Broadcom product: Symantec Protection Engine (SPE) cves: @@ -4096,7 +4096,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Broadcom product: Symantec Protection for SharePoint Servers (SPSS) cves: @@ -4125,7 +4125,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Broadcom product: VIP cves: @@ -4154,7 +4154,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Broadcom product: VIP Authentication Hub cves: @@ -4183,7 +4183,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Broadcom product: Web Isolation (WI) cves: @@ -4212,7 +4212,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Broadcom product: Web Security Service (WSS) cves: @@ -4241,7 +4241,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Broadcom product: WebPulse cves: @@ -4270,5 +4270,5 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' ... diff --git a/data/cisagov_C.yml b/data/cisagov_C.yml index 648dacb..b24be77 100644 --- a/data/cisagov_C.yml +++ b/data/cisagov_C.yml @@ -32,7 +32,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Campbell Scientific product: All cves: @@ -90,7 +90,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Canary Labs product: All cves: @@ -121,7 +121,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Canon - product: CT Medical Imaging Products + product: Alphenix (Angio Workstation) cves: cve-2021-4104: investigated: false @@ -150,7 +150,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Canon - product: MR Medical Imaging Products + product: CT Medical Imaging Products cves: cve-2021-4104: investigated: false @@ -179,7 +179,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Canon - product: UL Medical Imaging Products + product: Infinix-i (Angio Workstation) cves: cve-2021-4104: investigated: false @@ -208,7 +208,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Canon - product: XR Medical Imaging Products + product: MR Medical Imaging Products cves: cve-2021-4104: investigated: false @@ -266,7 +266,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Canon - product: Vitrea Advanced 7.x + product: UL Medical Imaging Products cves: cve-2021-4104: investigated: false @@ -295,7 +295,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Canon - product: Infinix-i (Angio Workstation) + product: Vitrea Advanced 7.x cves: cve-2021-4104: investigated: false @@ -324,7 +324,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Canon - product: Alphenix (Angio Workstation) + product: XR Medical Imaging Products cves: cve-2021-4104: investigated: false @@ -408,7 +408,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Carestream product: '' cves: @@ -466,7 +466,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: CAS genesisWorld product: '' cves: @@ -495,7 +495,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cato Networks product: '' cves: @@ -524,7 +524,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cepheid product: C360 cves: @@ -611,7 +611,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Chaser Systems product: discrimiNAT Firewall cves: @@ -641,7 +641,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Check Point product: CloudGuard cves: @@ -671,7 +671,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Check Point product: Harmony Endpoint & Harmony Mobile cves: @@ -701,7 +701,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Check Point product: Infinity Portal cves: @@ -730,7 +730,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Check Point product: Quantum Security Gateway cves: @@ -760,7 +760,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Check Point product: Quantum Security Management cves: @@ -791,7 +791,7 @@ software: this attack by default. references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Check Point product: SMB cves: @@ -821,7 +821,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Check Point product: ThreatCloud cves: @@ -850,7 +850,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: CheckMK product: '' cves: @@ -879,7 +879,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Ciphermail product: '' cves: @@ -908,7 +908,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: CircleCI product: CircleCI cves: @@ -966,7 +966,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: AppDynamics cves: @@ -995,67 +995,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco Common Services Platform Collector - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Network Services Orchestrator (NSO) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco System Architecture Evolution Gateway (SAEGW) + product: Cisco ACI Multi-Site Orchestrator cves: cve-2021-4104: investigated: false @@ -1082,9 +1024,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco ACI Multi-Site Orchestrator + product: Cisco ACI Virtual Edge cves: cve-2021-4104: investigated: false @@ -1111,9 +1053,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco ACI Virtual Edge + product: Cisco Adaptive Security Appliance (ASA) Software cves: cve-2021-4104: investigated: false @@ -1140,9 +1082,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Adaptive Security Appliance (ASA) Software + product: Cisco Advanced Web Security Reporting Application cves: cve-2021-4104: investigated: false @@ -1169,9 +1111,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Advanced Web Security Reporting Application + product: Cisco AMP Virtual Private Cloud Appliance cves: cve-2021-4104: investigated: false @@ -1198,9 +1140,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco AMP Virtual Private Cloud Appliance + product: Cisco AnyConnect Secure Mobility Client cves: cve-2021-4104: investigated: false @@ -1227,9 +1169,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco AnyConnect Secure Mobility Client + product: Cisco Application Policy Infrastructure Controller (APIC) cves: cve-2021-4104: investigated: false @@ -1256,9 +1198,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Application Policy Infrastructure Controller (APIC) + product: Cisco ASR 5000 Series Routers cves: cve-2021-4104: investigated: false @@ -1285,9 +1227,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco ASR 5000 Series Routers + product: Cisco Broadcloud Calling cves: cve-2021-4104: investigated: false @@ -1314,9 +1256,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Broadcloud Calling + product: Cisco BroadWorks cves: cve-2021-4104: investigated: false @@ -1343,9 +1285,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco BroadWorks + product: Cisco Catalyst 9800 Series Wireless Controllers cves: cve-2021-4104: investigated: false @@ -1372,9 +1314,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Catalyst 9800 Series Wireless Controllers + product: Cisco CloudCenter Suite Admin cves: cve-2021-4104: investigated: false @@ -1401,9 +1343,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco CloudCenter Suite Admin + product: Cisco CloudCenter Workload Manager cves: cve-2021-4104: investigated: false @@ -1430,9 +1372,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco CloudCenter Workload Manager + product: Cisco Cognitive Intelligence cves: cve-2021-4104: investigated: false @@ -1459,9 +1401,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Cognitive Intelligence + product: Cisco Common Services Platform Collector cves: cve-2021-4104: investigated: false @@ -1488,7 +1430,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Computer Telephony Integration Object Server (CTIOS) cves: @@ -1517,7 +1459,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Connected Grid Device Manager cves: @@ -1546,7 +1488,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Connected Mobile Experiences cves: @@ -1575,7 +1517,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Connectivity cves: @@ -1604,7 +1546,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Contact Center Domain Manager (CCDM) cves: @@ -1633,7 +1575,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Contact Center Management Portal (CCMP) cves: @@ -1662,7 +1604,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Crosswork Change Automation cves: @@ -1691,7 +1633,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco CX Cloud Agent Software cves: @@ -1720,7 +1662,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Data Center Network Manager (DCNM) cves: @@ -1749,7 +1691,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Defense Orchestrator cves: @@ -1778,7 +1720,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco DNA Assurance cves: @@ -1807,7 +1749,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco DNA Center cves: @@ -1836,7 +1778,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco DNA Spaces cves: @@ -1865,35 +1807,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: DUO network gateway (on-prem/self-hosted) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: [] - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Elastic Services Controller (ESC) cves: @@ -1922,7 +1836,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Emergency Responder cves: @@ -1951,7 +1865,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Enterprise Chat and Email cves: @@ -1980,7 +1894,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Enterprise NFV Infrastructure Software (NFVIS) cves: @@ -2009,7 +1923,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Evolved Programmable Network Manager cves: @@ -2038,7 +1952,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Extensible Network Controller (XNC) cves: @@ -2067,7 +1981,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Finesse cves: @@ -2096,7 +2010,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Firepower Management Center cves: @@ -2125,7 +2039,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Firepower Threat Defense (FTD) cves: @@ -2154,7 +2068,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco GGSN Gateway GPRS Support Node cves: @@ -2183,7 +2097,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco HyperFlex System cves: @@ -2212,7 +2126,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Identity Services Engine (ISE) cves: @@ -2241,7 +2155,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Integrated Management Controller (IMC) Supervisor cves: @@ -2270,7 +2184,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Intersight cves: @@ -2299,7 +2213,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Intersight Virtual Appliance cves: @@ -2328,7 +2242,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco IOS and IOS XE Software cves: @@ -2357,7 +2271,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco IoT Field Network Director (formerly Cisco Connected Grid Network Management System) @@ -2387,7 +2301,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco IoT Operations Dashboard cves: @@ -2416,7 +2330,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco IOx Fog Director cves: @@ -2445,7 +2359,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco IP Services Gateway (IPSG) cves: @@ -2474,7 +2388,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Kinetic for Cities cves: @@ -2503,7 +2417,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco MDS 9000 Series Multilayer Switches cves: @@ -2532,7 +2446,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Meeting Server cves: @@ -2561,7 +2475,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco MME Mobility Management Entity cves: @@ -2590,7 +2504,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Modeling Labs cves: @@ -2619,7 +2533,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Network Assessment (CNA) Tool cves: @@ -2648,7 +2562,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Network Assurance Engine cves: @@ -2677,7 +2591,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Network Convergence System 2000 Series cves: @@ -2706,7 +2620,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Network Planner cves: @@ -2735,7 +2649,36 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco Network Services Orchestrator (NSO) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Nexus 5500 Platform Switches cves: @@ -2764,7 +2707,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Nexus 5600 Platform Switches cves: @@ -2793,7 +2736,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Nexus 6000 Series Switches cves: @@ -2822,7 +2765,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Nexus 7000 Series Switches cves: @@ -2851,7 +2794,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode @@ -2881,7 +2824,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Nexus Dashboard (formerly Cisco Application Services Engine) cves: @@ -2910,7 +2853,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Nexus Data Broker cves: @@ -2939,7 +2882,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Nexus Insights cves: @@ -2968,7 +2911,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Optical Network Planner cves: @@ -2997,7 +2940,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Packaged Contact Center Enterprise cves: @@ -3026,9 +2969,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Paging Server (InformaCast) + product: Cisco Paging Server cves: cve-2021-4104: investigated: false @@ -3055,9 +2998,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Paging Server + product: Cisco Paging Server (InformaCast) cves: cve-2021-4104: investigated: false @@ -3084,7 +3027,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco PDSN/HA Packet Data Serving Node and Home Agent cves: @@ -3113,7 +3056,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco PGW Packet Data Network Gateway cves: @@ -3142,7 +3085,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Policy Suite cves: @@ -3171,7 +3114,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Prime Central for Service Providers cves: @@ -3200,7 +3143,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Prime Collaboration Manager cves: @@ -3229,7 +3172,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Prime Collaboration Provisioning cves: @@ -3258,7 +3201,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Prime Infrastructure cves: @@ -3287,7 +3230,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Prime License Manager cves: @@ -3316,7 +3259,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Prime Network cves: @@ -3345,7 +3288,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Prime Optical for Service Providers cves: @@ -3374,7 +3317,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Prime Provisioning cves: @@ -3403,7 +3346,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Prime Service Catalog cves: @@ -3432,7 +3375,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Registered Envelope Service cves: @@ -3461,7 +3404,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco SD-WAN vEdge 1000 Series Routers cves: @@ -3490,7 +3433,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco SD-WAN vEdge 2000 Series Routers cves: @@ -3519,7 +3462,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco SD-WAN vEdge 5000 Series Routers cves: @@ -3548,7 +3491,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco SD-WAN vEdge Cloud Router Platform cves: @@ -3577,7 +3520,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco SD-WAN vManage cves: @@ -3606,7 +3549,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Secure Network Analytics (SNA), formerly Stealthwatch cves: @@ -3635,7 +3578,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco SocialMiner cves: @@ -3664,7 +3607,36 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco System Architecture Evolution Gateway (SAEGW) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco TelePresence Management Suite cves: @@ -3693,7 +3665,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco UCS Director cves: @@ -3722,7 +3694,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco UCS Performance Manager cves: @@ -3751,7 +3723,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Umbrella cves: @@ -3780,7 +3752,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Unified Attendant Console Advanced cves: @@ -3809,7 +3781,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Unified Attendant Console Business Edition cves: @@ -3838,7 +3810,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Unified Attendant Console Department Edition cves: @@ -3867,7 +3839,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Unified Attendant Console Enterprise Edition cves: @@ -3896,7 +3868,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Unified Attendant Console Premium Edition cves: @@ -3925,7 +3897,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Unified Communications Manager Cloud cves: @@ -3954,9 +3926,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Unified Contact Center Enterprise - Live Data server + product: Cisco Unified Contact Center Enterprise cves: cve-2021-4104: investigated: false @@ -3983,9 +3955,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Unified Contact Center Enterprise + product: Cisco Unified Contact Center Enterprise - Live Data server cves: cve-2021-4104: investigated: false @@ -4012,7 +3984,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Unified Contact Center Express cves: @@ -4041,7 +4013,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Unified Intelligent Contact Management Enterprise cves: @@ -4070,7 +4042,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Unified SIP Proxy Software cves: @@ -4099,7 +4071,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Video Surveillance Operations Manager cves: @@ -4128,7 +4100,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Virtual Topology System - Virtual Topology Controller (VTC) VM cves: @@ -4157,7 +4129,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Virtualized Voice Browser cves: @@ -4186,7 +4158,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Vision Dynamic Signage Director cves: @@ -4215,7 +4187,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco WAN Automation Engine (WAE) cves: @@ -4244,7 +4216,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Web Security Appliance (WSA) cves: @@ -4273,7 +4245,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Webex Cloud-Connected UC (CCUC) cves: @@ -4302,7 +4274,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Webex Meetings Server cves: @@ -4331,7 +4303,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Webex Teams cves: @@ -4360,7 +4332,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Wide Area Application Services (WAAS) cves: @@ -4389,7 +4361,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Duo cves: @@ -4418,7 +4390,35 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: DUO network gateway (on-prem/self-hosted) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: [] + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: duo network gateway (on-prem/self-hosted) cves: @@ -4446,7 +4446,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Exony Virtualized Interaction Manager (VIM) cves: @@ -4475,7 +4475,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Managed Services Accelerator (MSX) Network Access Control Service cves: @@ -4504,7 +4504,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Citrix product: Citrix ADC (NetScaler ADC) and Citrix Gateway (NetScaler Gateway) cves: @@ -4811,7 +4811,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Citrix - product: ShareFile Storage Zones Controller + product: Citrix Virtual Apps and Desktops (XenApp & XenDesktop) cves: cve-2021-4104: investigated: false @@ -4835,16 +4835,19 @@ software: unaffected_versions: [] vendor_links: - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + notes: 'IMPACTED: Linux VDA (non-LTSR versions only)- CVE-2021-44228 and CVE-2021-45046: + Customers are advised to apply the latest update as soon as possible to reduce + the risk of exploitation. [Linux Virtual Delivery Agent 2112](https://www.citrix.com/downloads/citrix-virtual-apps-and-desktops/components/linux-vda-2112.html). + See the [Citrix Statement](https://support.citrix.com/article/CTX335705) for + additional mitigations. For CVE-2021-45105: Investigation has shown that Linux + VDA is not impacted. Nonetheless, the Linux VDA 2112 has been updated (21.12.0.30, + released December 20th) to contain Apache log4j version 2.17.0. NOT IMPACTED: + Linux VDA LTSR all versions; All other CVAD components.' references: - '' last_updated: '2021-12-21T00:00:00' - vendor: Citrix - product: Citrix Virtual Apps and Desktops (XenApp & XenDesktop) + product: Citrix Workspace App cves: cve-2021-4104: investigated: false @@ -4852,10 +4855,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45046: investigated: false affected_versions: [] @@ -4868,19 +4872,16 @@ software: unaffected_versions: [] vendor_links: - https://support.citrix.com/article/CTX335705 - notes: 'IMPACTED: Linux VDA (non-LTSR versions only)- CVE-2021-44228 and CVE-2021-45046: - Customers are advised to apply the latest update as soon as possible to reduce - the risk of exploitation. [Linux Virtual Delivery Agent 2112](https://www.citrix.com/downloads/citrix-virtual-apps-and-desktops/components/linux-vda-2112.html). - See the [Citrix Statement](https://support.citrix.com/article/CTX335705) for - additional mitigations. For CVE-2021-45105: Investigation has shown that Linux - VDA is not impacted. Nonetheless, the Linux VDA 2112 has been updated (21.12.0.30, - released December 20th) to contain Apache log4j version 2.17.0. NOT IMPACTED: - Linux VDA LTSR all versions; All other CVAD components.' + notes: Citrix continues to investigate any potential impact on Citrix-managed + cloud services. If, as the investigation continues, any Citrix-managed services + are found to be affected by this issue, Citrix will take immediate action to + remediate the problem. Customers using Citrix-managed cloud services do not + need to take any action. references: - '' last_updated: '2021-12-21T00:00:00' - vendor: Citrix - product: Citrix Workspace App + product: ShareFile Storage Zones Controller cves: cve-2021-4104: investigated: false @@ -4888,11 +4889,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All Platforms + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -4941,7 +4941,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: AM2CM Tool cves: @@ -4970,7 +4970,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Ambari cves: @@ -5001,7 +5001,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Arcadia Enterprise cves: @@ -5031,7 +5031,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: CDH, HDP, and HDF cves: @@ -5061,7 +5061,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: CDP Operational Database (COD) cves: @@ -5090,7 +5090,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: CDP Private Cloud Base cves: @@ -5120,7 +5120,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: CDS 3 Powered by Apache Spark cves: @@ -5150,7 +5150,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: CDS 3.2 for GPUs cves: @@ -5180,7 +5180,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Cloudera Cybersecurity Platform cves: @@ -5210,7 +5210,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Cloudera Data Engineering (CDE) cves: @@ -5239,7 +5239,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Cloudera Data Engineering (CDE) cves: @@ -5269,7 +5269,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Cloudera Data Flow (CFM) cves: @@ -5298,7 +5298,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Cloudera Data Science Workbench (CDSW) cves: @@ -5329,7 +5329,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Cloudera Data Visualization (CDV) cves: @@ -5358,7 +5358,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Cloudera Data Warehouse (CDW) cves: @@ -5387,7 +5387,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Cloudera Data Warehouse (CDW) cves: @@ -5417,7 +5417,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Cloudera DataFlow (CDF) cves: @@ -5446,7 +5446,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Cloudera Edge Management (CEM) cves: @@ -5476,7 +5476,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Cloudera Enterprise cves: @@ -5506,7 +5506,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Cloudera Flow Management (CFM) cves: @@ -5536,7 +5536,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Cloudera Machine Learning (CML) cves: @@ -5565,7 +5565,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Cloudera Machine Learning (CML) cves: @@ -5595,7 +5595,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Cloudera Manager (Including Backup Disaster Recovery (BDR) and Replication Manager) @@ -5626,7 +5626,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Cloudera Manager (Including Backup Disaster Recovery (BDR) and Replication Manager) @@ -5659,7 +5659,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Cloudera Manager (Including Backup Disaster Recovery (BDR)) cves: @@ -5688,7 +5688,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Cloudera Runtime (including Cloudera Data Hub and all Data Hub templates) cves: @@ -5720,7 +5720,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Cloudera Stream Processing (CSP) cves: @@ -5750,7 +5750,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Cloudera Streaming Analytics (CSA) cves: @@ -5779,7 +5779,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Cloudera Streaming Analytics (CSA) cves: @@ -5808,7 +5808,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Data Analytics Studio (DAS) cves: @@ -5837,7 +5837,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Data Catalog cves: @@ -5866,7 +5866,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Data Lifecycle Manager (DLM) cves: @@ -5895,7 +5895,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Data Steward Studio (DSS) cves: @@ -5925,7 +5925,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Hortonworks Data Flow (HDF) cves: @@ -5954,7 +5954,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Hortonworks Data Platform (HDP) cves: @@ -5986,7 +5986,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Hortonworks DataPlane Platform cves: @@ -6015,7 +6015,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Management Console cves: @@ -6045,7 +6045,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Management Console for CDP Public Cloud cves: @@ -6074,7 +6074,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Replication Manager cves: @@ -6103,7 +6103,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: SmartSense cves: @@ -6132,7 +6132,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Workload Manager cves: @@ -6161,9 +6161,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera - product: Workload XM (SaaS) + product: Workload XM cves: cve-2021-4104: investigated: false @@ -6171,8 +6171,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - All versions fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -6190,9 +6191,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera - product: Workload XM + product: Workload XM (SaaS) cves: cve-2021-4104: investigated: false @@ -6200,9 +6201,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - All versions + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -6220,7 +6220,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: CloudFlare product: '' cves: @@ -6249,7 +6249,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudian HyperStore product: '' cves: @@ -6278,7 +6278,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudogu product: Ecosystem cves: @@ -6308,7 +6308,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudogu product: SCM-Manager cves: @@ -6337,7 +6337,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudron product: '' cves: @@ -6366,7 +6366,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Clover product: '' cves: @@ -6395,7 +6395,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Code42 product: Code42 App cves: @@ -6486,7 +6486,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Codesys product: '' cves: @@ -6515,7 +6515,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cohesity product: '' cves: @@ -6544,7 +6544,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: CommVault product: '' cves: @@ -6573,7 +6573,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Concourse product: Concourse cves: @@ -6602,7 +6602,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: ConcreteCMS.com product: '' cves: @@ -6631,7 +6631,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Confluent product: Confluent Cloud cves: @@ -6663,7 +6663,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Confluent - product: Confluent Platform + product: Confluent ElasticSearch Sink Connector cves: cve-2021-4104: investigated: false @@ -6673,7 +6673,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - <7.0.1 + - <11.1.7 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -6723,7 +6723,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Confluent - product: Confluent Kafka Connectors + product: Confluent Google DataProc Sink Connector cves: cve-2021-4104: investigated: false @@ -6732,10 +6732,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - <1.1.5 fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -6753,7 +6753,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Confluent - product: Confluent ElasticSearch Sink Connector + product: Confluent HDFS 2 Sink Connector cves: cve-2021-4104: investigated: false @@ -6763,7 +6763,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - <11.1.7 + - <10.1.3 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -6783,7 +6783,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Confluent - product: Confluent Google DataProc Sink Connector + product: Confluent HDFS 3 Sink Connector cves: cve-2021-4104: investigated: false @@ -6793,7 +6793,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - <1.1.5 + - <1.1.8 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -6813,7 +6813,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Confluent - product: Confluent Splunk Sink Connector + product: Confluent Kafka Connectors cves: cve-2021-4104: investigated: false @@ -6822,10 +6822,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - <2.05 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -6843,7 +6843,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Confluent - product: Confluent HDFS 2 Sink Connector + product: Confluent Platform cves: cve-2021-4104: investigated: false @@ -6853,7 +6853,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - <10.1.3 + - <7.0.1 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -6873,7 +6873,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Confluent - product: Confluent HDFS 3 Sink Connector + product: Confluent Splunk Sink Connector cves: cve-2021-4104: investigated: false @@ -6883,7 +6883,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - <1.1.8 + - <2.05 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -6960,7 +6960,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: ConnectWise product: '' cves: @@ -6989,7 +6989,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: ContrastSecurity product: '' cves: @@ -7018,7 +7018,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: ControlUp product: '' cves: @@ -7047,7 +7047,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: COPADATA product: All cves: @@ -7105,7 +7105,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: CPanel product: '' cves: @@ -7134,7 +7134,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cradlepoint product: '' cves: @@ -7163,7 +7163,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Crestron product: '' cves: @@ -7221,7 +7221,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: CryptShare product: '' cves: @@ -7250,7 +7250,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: CyberArk product: Privileged Threat Analytics (PTA) cves: @@ -7310,7 +7310,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: CyberRes product: '' cves: @@ -7339,5 +7339,5 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' ... diff --git a/data/cisagov_D.yml b/data/cisagov_D.yml index 1fefa45..f8738da 100644 --- a/data/cisagov_D.yml +++ b/data/cisagov_D.yml @@ -34,7 +34,7 @@ software: - '' last_updated: '2022-01-06T00:00:00' - vendor: Daktronics - product: Data Vision Software (DVS) + product: Dakronics Media Player cves: cve-2021-4104: investigated: false @@ -42,10 +42,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - DMP (any series) cve-2021-45046: investigated: false affected_versions: [] @@ -58,8 +59,7 @@ software: unaffected_versions: [] vendor_links: - https://www.daktronics.com/en-us/support/kb/000025337 - notes: DVS has one microservice that uses Log4j, but it uses a version that is - not impacted. + notes: '' references: - '' last_updated: '2022-01-06T00:00:00' @@ -95,7 +95,7 @@ software: - '' last_updated: '2022-01-06T00:00:00' - vendor: Daktronics - product: Dakronics Media Player + product: Data Vision Software (DVS) cves: cve-2021-4104: investigated: false @@ -103,11 +103,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - DMP (any series) + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -120,7 +119,8 @@ software: unaffected_versions: [] vendor_links: - https://www.daktronics.com/en-us/support/kb/000025337 - notes: '' + notes: DVS has one microservice that uses Log4j, but it uses a version that is + not impacted. references: - '' last_updated: '2022-01-06T00:00:00' @@ -615,7 +615,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Dassault Systèmes product: '' cves: @@ -644,7 +644,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Databricks product: '' cves: @@ -673,7 +673,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Datadog product: Datadog Agent cves: @@ -706,7 +706,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Dataminer product: '' cves: @@ -735,7 +735,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Datev product: '' cves: @@ -764,7 +764,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Datto product: '' cves: @@ -793,7 +793,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: dCache.org product: '' cves: @@ -822,7 +822,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Debian product: '' cves: @@ -851,7 +851,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Deepinstinct product: '' cves: @@ -880,9 +880,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Dell - product: Alienware Command Center + product: '"Dell EMC PowerMax VMAX VMAX3 and VMAX AFA"' cves: cve-2021-4104: investigated: false @@ -912,7 +912,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Alienware OC Controls + product: '"Dell EMC PowerSwitch Z9264F-ON BMC Dell EMC PowerSwitch Z9432F-ON BMC"' cves: cve-2021-4104: investigated: false @@ -942,7 +942,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Alienware On Screen Display + product: Alienware Command Center cves: cve-2021-4104: investigated: false @@ -972,7 +972,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Alienware Update + product: Alienware OC Controls cves: cve-2021-4104: investigated: false @@ -1002,7 +1002,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Atmos + product: Alienware On Screen Display cves: cve-2021-4104: investigated: false @@ -1032,7 +1032,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Azure Stack HCI + product: Alienware Update cves: cve-2021-4104: investigated: false @@ -1062,7 +1062,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: CalMAN Powered Calibration Firmware + product: APEX Console cves: cve-2021-4104: investigated: false @@ -1072,9 +1072,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: + fixed_versions: - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1087,12 +1087,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Cloud environment patched references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: CalMAN Ready for Dell + product: APEX Data Storage Services cves: cve-2021-4104: investigated: false @@ -1100,11 +1100,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1117,12 +1116,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Cloud environment patch in progress references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Centera + product: Atmos cves: cve-2021-4104: investigated: false @@ -1152,7 +1151,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Chameleon Linux Based Diagnostics + product: Azure Stack HCI cves: cve-2021-4104: investigated: false @@ -1182,7 +1181,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Chassis Management Controller (CMC) + product: CalMAN Powered Calibration Firmware cves: cve-2021-4104: investigated: false @@ -1212,7 +1211,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: China HDD Deluxe + product: CalMAN Ready for Dell cves: cve-2021-4104: investigated: false @@ -1242,7 +1241,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Cloud Mobility for Dell EMC Storage + product: Centera cves: cve-2021-4104: investigated: false @@ -1272,7 +1271,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Cloud Tiering Appliance + product: Chameleon Linux Based Diagnostics cves: cve-2021-4104: investigated: false @@ -1302,7 +1301,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Connectrix (Cisco MDS 9000 switches) + product: Chassis Management Controller (CMC) cves: cve-2021-4104: investigated: false @@ -1332,7 +1331,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Connextrix B Series + product: China HDD Deluxe cves: cve-2021-4104: investigated: false @@ -1362,7 +1361,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: CyberSecIQ Application + product: Cloud IQ cves: cve-2021-4104: investigated: false @@ -1370,11 +1369,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1387,12 +1385,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Cloud environment patched references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: CyberSense for PowerProtect Cyber Recovery + product: Cloud Mobility for Dell EMC Storage cves: cve-2021-4104: investigated: false @@ -1422,7 +1420,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell BSAFE Crypto-C Micro Edition + product: Cloud Tiering Appliance cves: cve-2021-4104: investigated: false @@ -1452,7 +1450,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell BSAFE Crypto-J + product: Connectrix (Cisco MDS 9000 switches) cves: cve-2021-4104: investigated: false @@ -1482,7 +1480,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell BSAFE Micro Edition Suite + product: Connectrix (Cisco MDS DCNM) cves: cve-2021-4104: investigated: false @@ -1490,11 +1488,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1507,12 +1504,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch expected by 12/23/21 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Calibration Assistant + product: Connectrix B-Series SANnav cves: cve-2021-4104: investigated: false @@ -1521,10 +1518,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 2.1.1 fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1537,12 +1534,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch expected by 3/31/2022 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Cinema Color + product: Connextrix B Series cves: cve-2021-4104: investigated: false @@ -1572,7 +1569,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Cloud Command Repository Manager + product: CyberSecIQ Application cves: cve-2021-4104: investigated: false @@ -1602,7 +1599,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Cloud Management Agent + product: CyberSense for PowerProtect Cyber Recovery cves: cve-2021-4104: investigated: false @@ -1632,7 +1629,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Color Management + product: Data Domain OS cves: cve-2021-4104: investigated: false @@ -1641,10 +1638,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - Versions between 7.3.0.5 and 7.7.0.6;Versions before 7.6.0.30 fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1657,12 +1654,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021-274 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Command Configure + product: Dell BSAFE Crypto-C Micro Edition cves: cve-2021-4104: investigated: false @@ -1692,7 +1689,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Command Integration Suite for System Center + product: Dell BSAFE Crypto-J cves: cve-2021-4104: investigated: false @@ -1722,7 +1719,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Command Intel vPro Out of Band + product: Dell BSAFE Micro Edition Suite cves: cve-2021-4104: investigated: false @@ -1752,7 +1749,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Command Monitor + product: Dell Calibration Assistant cves: cve-2021-4104: investigated: false @@ -1782,7 +1779,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Command Power Manager + product: Dell Cinema Color cves: cve-2021-4104: investigated: false @@ -1812,7 +1809,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Command PowerShell Provider + product: Dell Cloud Command Repository Manager cves: cve-2021-4104: investigated: false @@ -1842,7 +1839,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Command Update + product: Dell Cloud Management Agent cves: cve-2021-4104: investigated: false @@ -1872,7 +1869,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Customer Connect + product: Dell Color Management cves: cve-2021-4104: investigated: false @@ -1902,7 +1899,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Data Guardian* + product: Dell Command Configure cves: cve-2021-4104: investigated: false @@ -1932,7 +1929,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Data Protection* + product: Dell Command Integration Suite for System Center cves: cve-2021-4104: investigated: false @@ -1962,7 +1959,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Data Recovery Environment + product: Dell Command Intel vPro Out of Band cves: cve-2021-4104: investigated: false @@ -1992,7 +1989,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Data Vault + product: Dell Command Monitor cves: cve-2021-4104: investigated: false @@ -2022,7 +2019,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Data Vault for Chrome OS + product: Dell Command Power Manager cves: cve-2021-4104: investigated: false @@ -2052,7 +2049,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Deployment Agent + product: Dell Command PowerShell Provider cves: cve-2021-4104: investigated: false @@ -2082,7 +2079,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Digital Delivery + product: Dell Command Update cves: cve-2021-4104: investigated: false @@ -2112,7 +2109,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Direct USB Key + product: Dell Customer Connect cves: cve-2021-4104: investigated: false @@ -2142,7 +2139,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Display Manager 1.5 for Windows / macOS + product: Dell Data Guardian* cves: cve-2021-4104: investigated: false @@ -2172,7 +2169,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Display Manager 2.0 for Windows / macOS + product: Dell Data Protection* cves: cve-2021-4104: investigated: false @@ -2202,7 +2199,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC AppSync + product: Dell Data Recovery Environment cves: cve-2021-4104: investigated: false @@ -2232,7 +2229,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Cloudboost + product: Dell Data Vault cves: cve-2021-4104: investigated: false @@ -2262,7 +2259,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC CloudLink + product: Dell Data Vault for Chrome OS cves: cve-2021-4104: investigated: false @@ -2292,7 +2289,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Container Storage Modules + product: Dell Deployment Agent cves: cve-2021-4104: investigated: false @@ -2322,7 +2319,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Data Computing Appliance (DCA) + product: Dell Digital Delivery cves: cve-2021-4104: investigated: false @@ -2352,7 +2349,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Data Protection Advisor + product: Dell Direct USB Key cves: cve-2021-4104: investigated: false @@ -2382,7 +2379,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC DataIQ + product: Dell Display Manager 1.5 for Windows / macOS cves: cve-2021-4104: investigated: false @@ -2412,7 +2409,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Disk Library for Mainframe + product: Dell Display Manager 2.0 for Windows / macOS cves: cve-2021-4104: investigated: false @@ -2442,7 +2439,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC GeoDrive + product: Dell EMC AppSync cves: cve-2021-4104: investigated: false @@ -2472,7 +2469,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Isilon InsightIQ + product: Dell EMC Avamar cves: cve-2021-4104: investigated: false @@ -2481,10 +2478,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - '"18.2 19.1 19.2 19.3 19.4"' fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2497,12 +2494,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch expected by 12/20/21 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC License Manager + product: Dell EMC BSN Controller Node cves: cve-2021-4104: investigated: false @@ -2510,11 +2507,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2527,12 +2523,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021-305 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Networking Onie + product: Dell EMC Cloud Disaster Recovery cves: cve-2021-4104: investigated: false @@ -2541,10 +2537,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: + affected_versions: - N/A + fixed_versions: [] + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2557,12 +2553,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch pending references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC OpenManage Ansible Modules + product: Dell EMC Cloudboost cves: cve-2021-4104: investigated: false @@ -2592,7 +2588,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC OpenManage integration for Splunk + product: Dell EMC CloudLink cves: cve-2021-4104: investigated: false @@ -2622,7 +2618,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC OpenManage Integration for VMware vCenter + product: Dell EMC Container Storage Modules cves: cve-2021-4104: investigated: false @@ -2652,7 +2648,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC OpenManage Management pack for vRealize Operations + product: Dell EMC Data Computing Appliance (DCA) cves: cve-2021-4104: investigated: false @@ -2682,8 +2678,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC OpenManage Operations Connector for Micro Focus Operations Bridge - Manager + product: Dell EMC Data Protection Advisor cves: cve-2021-4104: investigated: false @@ -2713,7 +2708,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: '"Dell EMC PowerMax VMAX VMAX3 and VMAX AFA"' + product: Dell EMC Data Protection Central cves: cve-2021-4104: investigated: false @@ -2721,11 +2716,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2738,12 +2732,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021- 269 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerPath + product: Dell EMC Data Protection Search cves: cve-2021-4104: investigated: false @@ -2752,10 +2746,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - Versions before 19.5.0.7 fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2768,12 +2762,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021-279 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerPath Management Appliance + product: Dell EMC DataIQ cves: cve-2021-4104: investigated: false @@ -2803,7 +2797,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerProtect Cyber Recovery + product: Dell EMC Disk Library for Mainframe cves: cve-2021-4104: investigated: false @@ -2833,7 +2827,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerScale OneFS + product: Dell EMC ECS cves: cve-2021-4104: investigated: false @@ -2841,11 +2835,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2858,12 +2851,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch expected by 12/18/21 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerShell for PowerMax + product: Dell EMC Enterprise Storage Analytics for vRealize Operations cves: cve-2021-4104: investigated: false @@ -2872,10 +2865,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - '"<6.0.0 6.1.0 6.2.x"' fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2888,12 +2881,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021-278 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerShell for Powerstore + product: Dell EMC GeoDrive cves: cve-2021-4104: investigated: false @@ -2923,7 +2916,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerShell for Unity + product: Dell EMC Integrated System for Azure Stack HCI cves: cve-2021-4104: investigated: false @@ -2932,10 +2925,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: + affected_versions: - N/A + fixed_versions: [] + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2948,12 +2941,16 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: '"Dell EMC Integrated System for Azure Stack HCI is not impacted by this + advisory. If Dell EMC SupportAssist Enterprise (SAE) or Dell EMC Secure Connect + Gateway (SCG) were optionally installed with Dell EMC Integrated System for + Azure Stack HCI monitor the following advisories. Apply workaround guidance + and remediations as they become [available:](https://www.dell.com/support/kbdoc/en-us/000194622/dsa-2021-307-dell-emc-integrated-system-for-azure-stack-hci-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: '"Dell EMC PowerSwitch Z9264F-ON BMC Dell EMC PowerSwitch Z9432F-ON BMC"' + product: Dell EMC Integrated System for Microsoft Azure Stack Hub cves: cve-2021-4104: investigated: false @@ -2962,10 +2959,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: + affected_versions: - N/A + fixed_versions: [] + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2978,12 +2975,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch pending references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerVault ME4 Series Storage Arrays + product: Dell EMC Isilon InsightIQ cves: cve-2021-4104: investigated: false @@ -3013,7 +3010,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerVault MD3 Series Storage Arrays + product: Dell EMC License Manager cves: cve-2021-4104: investigated: false @@ -3043,7 +3040,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Repository Manager (DRM) + product: Dell EMC Metro Node cves: cve-2021-4104: investigated: false @@ -3052,10 +3049,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 7.0.x fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3068,12 +3065,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021-308 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC SourceOne + product: Dell EMC NetWorker Server cves: cve-2021-4104: investigated: false @@ -3082,10 +3079,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - '"19.5.x 19.4.x 19.3.x"' fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3098,12 +3095,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch expected by 12/20/21 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Systems Update (DSU) + product: Dell EMC NetWorker Virtual Edition cves: cve-2021-4104: investigated: false @@ -3112,10 +3109,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - '"19.5.x 19.4.x 19.3.x"' fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3128,12 +3125,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch expected by 12/20/21 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Unisphere 360 + product: Dell EMC Networking Onie cves: cve-2021-4104: investigated: false @@ -3163,7 +3160,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Virtual Storage Integrator + product: Dell EMC Networking Virtual Edge Platform with VersaOS cves: cve-2021-4104: investigated: false @@ -3172,10 +3169,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - '"with Versa Concerto with Versa Analytics with Versa Concero Director"' fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3188,12 +3185,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021-304 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC VPLEX + product: Dell EMC OpenManage Ansible Modules cves: cve-2021-4104: investigated: false @@ -3223,7 +3220,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC XtremIO + product: Dell EMC OpenManage integration for Splunk cves: cve-2021-4104: investigated: false @@ -3253,7 +3250,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Encryption Enterprise* + product: Dell EMC OpenManage Integration for VMware vCenter cves: cve-2021-4104: investigated: false @@ -3283,7 +3280,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Encryption Personal* + product: Dell EMC OpenManage Management pack for vRealize Operations cves: cve-2021-4104: investigated: false @@ -3313,7 +3310,8 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Endpoint Security Suite Enterprise* + product: Dell EMC OpenManage Operations Connector for Micro Focus Operations Bridge + Manager cves: cve-2021-4104: investigated: false @@ -3343,7 +3341,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Hybrid Client + product: Dell EMC PowerFlex Appliance cves: cve-2021-4104: investigated: false @@ -3352,10 +3350,11 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - '"All versions up to Intelligent Catalog 38_356_00_r10.zip All versions + up to Intelligent Catalog 38_362_00_r7.zip"' fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3368,12 +3367,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch pending references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell ImageAssist + product: Dell EMC PowerFlex Rack cves: cve-2021-4104: investigated: false @@ -3382,10 +3381,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: + affected_versions: - N/A + fixed_versions: [] + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3398,12 +3397,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch pending references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Insights Client + product: Dell EMC PowerFlex Software (SDS) cves: cve-2021-4104: investigated: false @@ -3412,10 +3411,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - '"3.5 3.5.1 3.5.1.1 3.5.1.2 3.5.1.3 3.5.1.4 3.6 3.6.0.1 3.6.0.2"' fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3428,12 +3427,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch pending references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Linux Assistant + product: Dell EMC PowerPath cves: cve-2021-4104: investigated: false @@ -3463,7 +3462,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Mobile Connect + product: Dell EMC PowerPath Management Appliance cves: cve-2021-4104: investigated: false @@ -3493,7 +3492,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Monitor ISP (Windows/Mac/Linux) + product: Dell EMC PowerProtect Cyber Recovery cves: cve-2021-4104: investigated: false @@ -3523,7 +3522,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Monitor SDK + product: Dell EMC PowerProtect Data Manager cves: cve-2021-4104: investigated: false @@ -3532,10 +3531,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - All versions 19.9 and earlier fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3548,12 +3547,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch pending references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Networking X-Series + product: Dell EMC PowerProtect DP Series Appliance (iDPA) cves: cve-2021-4104: investigated: false @@ -3562,10 +3561,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 2.7.0 and earlier fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3578,12 +3577,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch pending references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Open Manage Mobile + product: Dell EMC PowerScale OneFS cves: cve-2021-4104: investigated: false @@ -3613,7 +3612,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Open Manage Server Administrator + product: Dell EMC PowerShell for PowerMax cves: cve-2021-4104: investigated: false @@ -3643,7 +3642,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell OpenManage Change Management + product: Dell EMC PowerShell for Powerstore cves: cve-2021-4104: investigated: false @@ -3673,7 +3672,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell OpenManage Enterprise Power Manager Plugin + product: Dell EMC PowerShell for Unity cves: cve-2021-4104: investigated: false @@ -3703,7 +3702,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Optimizer + product: Dell EMC PowerStore cves: cve-2021-4104: investigated: false @@ -3711,11 +3710,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3728,12 +3726,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch expected by 12/23/21 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell OS Recovery Tool + product: Dell EMC PowerVault MD3 Series Storage Arrays cves: cve-2021-4104: investigated: false @@ -3763,7 +3761,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Peripheral Manager 1.4 / 1.5 for Windows + product: Dell EMC PowerVault ME4 Series Storage Arrays cves: cve-2021-4104: investigated: false @@ -3793,7 +3791,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Platform Service + product: Dell EMC RecoverPoint Classic cves: cve-2021-4104: investigated: false @@ -3802,10 +3800,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - All 5.1.x and later versions fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3818,12 +3816,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch pending references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Power Manager + product: Dell EMC RecoverPoint for Virtual Machine cves: cve-2021-4104: investigated: false @@ -3832,10 +3830,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - All 5.0.x and later versions fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3848,12 +3846,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch pending references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Power Manager Lite + product: Dell EMC Repository Manager (DRM) cves: cve-2021-4104: investigated: false @@ -3883,7 +3881,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Precision Optimizer + product: Dell EMC Ruckus SmartZone 100 Controller cves: cve-2021-4104: investigated: false @@ -3891,11 +3889,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3908,12 +3905,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021-303 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Precision Optimizer for Linux + product: Dell EMC Ruckus SmartZone 300 Controller cves: cve-2021-4104: investigated: false @@ -3921,11 +3918,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3938,12 +3934,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021-303 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Premier Color + product: Dell EMC Ruckus Virtual Software cves: cve-2021-4104: investigated: false @@ -3951,11 +3947,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3968,12 +3963,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021-303 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Recovery (Linux) + product: Dell EMC SourceOne cves: cve-2021-4104: investigated: false @@ -4003,7 +3998,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Remediation Platform + product: Dell EMC SRM vApp cves: cve-2021-4104: investigated: false @@ -4012,10 +4007,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - Versions before 4.6.0.2 fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -4028,12 +4023,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch expected by 1/25/2022 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Remote Execution Engine (DRONE) + product: Dell EMC Streaming Data Platform cves: cve-2021-4104: investigated: false @@ -4041,11 +4036,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -4058,12 +4052,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch expected by 12/18/21 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Security Advisory Update - DSA-2021-088 + product: Dell EMC Systems Update (DSU) cves: cve-2021-4104: investigated: false @@ -4093,7 +4087,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Security Management Server & Dell Security Management Server Virtual* + product: Dell EMC Unisphere 360 cves: cve-2021-4104: investigated: false @@ -4123,7 +4117,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell SupportAssist SOS + product: Dell EMC Unity cves: cve-2021-4104: investigated: false @@ -4131,11 +4125,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -4148,12 +4141,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch expected by 12/29/21 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Thin OS + product: Dell EMC Virtual Storage Integrator cves: cve-2021-4104: investigated: false @@ -4183,7 +4176,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Threat Defense + product: Dell EMC VPLEX cves: cve-2021-4104: investigated: false @@ -4213,7 +4206,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell True Color + product: Dell EMC VxRail cves: cve-2021-4104: investigated: false @@ -4222,10 +4215,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - '"4.5.x 4.7.x 7.0.x"' fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -4238,12 +4231,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch pending references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Trusted Device + product: Dell EMC XtremIO cves: cve-2021-4104: investigated: false @@ -4273,7 +4266,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Update + product: Dell Encryption Enterprise* cves: cve-2021-4104: investigated: false @@ -4303,7 +4296,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dream Catcher + product: Dell Encryption Personal* cves: cve-2021-4104: investigated: false @@ -4333,7 +4326,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: DUP Creation Service + product: Dell Endpoint Security Suite Enterprise* cves: cve-2021-4104: investigated: false @@ -4363,7 +4356,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: DUP Framework (ISG) + product: Dell Hybrid Client cves: cve-2021-4104: investigated: false @@ -4393,7 +4386,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Embedded NAS + product: Dell ImageAssist cves: cve-2021-4104: investigated: false @@ -4423,7 +4416,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Embedded Service Enabler + product: Dell Insights Client cves: cve-2021-4104: investigated: false @@ -4453,7 +4446,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Equallogic PS + product: Dell Linux Assistant cves: cve-2021-4104: investigated: false @@ -4483,7 +4476,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Fluid FS + product: Dell Mobile Connect cves: cve-2021-4104: investigated: false @@ -4513,7 +4506,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: iDRAC Service Module (iSM) + product: Dell Monitor ISP (Windows/Mac/Linux) cves: cve-2021-4104: investigated: false @@ -4543,7 +4536,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Infinity MLK (firmware) + product: Dell Monitor SDK cves: cve-2021-4104: investigated: false @@ -4573,7 +4566,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Integrated Dell Remote Access Controller (iDRAC) + product: Dell Networking X-Series cves: cve-2021-4104: investigated: false @@ -4603,7 +4596,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: ISG Accelerators + product: Dell Open Manage Mobile cves: cve-2021-4104: investigated: false @@ -4633,7 +4626,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: ISG Board & Electrical + product: Dell Open Manage Server Administrator cves: cve-2021-4104: investigated: false @@ -4663,7 +4656,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: IsilonSD Management Server + product: Dell Open Management Enterprise - Modular cves: cve-2021-4104: investigated: false @@ -4672,10 +4665,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - <1.40.10 fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -4688,12 +4681,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021-268 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: IVE-WinDiag + product: Dell OpenManage Change Management cves: cve-2021-4104: investigated: false @@ -4723,7 +4716,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Mainframe Enablers + product: Dell OpenManage Enterprise Power Manager Plugin cves: cve-2021-4104: investigated: false @@ -4753,7 +4746,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: My Dell + product: Dell Optimizer cves: cve-2021-4104: investigated: false @@ -4783,7 +4776,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: MyDell Mobile + product: Dell OS Recovery Tool cves: cve-2021-4104: investigated: false @@ -4813,7 +4806,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: NetWorker Management Console + product: Dell Peripheral Manager 1.4 / 1.5 for Windows cves: cve-2021-4104: investigated: false @@ -4843,7 +4836,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Networking BIOS + product: Dell Platform Service cves: cve-2021-4104: investigated: false @@ -4873,7 +4866,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Networking DIAG + product: Dell Power Manager cves: cve-2021-4104: investigated: false @@ -4903,7 +4896,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Networking N-Series + product: Dell Power Manager Lite cves: cve-2021-4104: investigated: false @@ -4933,7 +4926,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Networking OS 10 + product: Dell Precision Optimizer cves: cve-2021-4104: investigated: false @@ -4963,7 +4956,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Networking OS9 + product: Dell Precision Optimizer for Linux cves: cve-2021-4104: investigated: false @@ -4993,7 +4986,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Networking SD-WAN Edge SD-WAN + product: Dell Premier Color cves: cve-2021-4104: investigated: false @@ -5023,7 +5016,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Networking W-Series + product: Dell Recovery (Linux) cves: cve-2021-4104: investigated: false @@ -5053,7 +5046,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Networking X-Series + product: Dell Remediation Platform cves: cve-2021-4104: investigated: false @@ -5083,7 +5076,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: OMIMSSC (OpenManage Integration for Microsoft System Center) + product: Dell Remote Execution Engine (DRONE) cves: cve-2021-4104: investigated: false @@ -5113,7 +5106,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: OMNIA + product: Dell Security Advisory Update - DSA-2021-088 cves: cve-2021-4104: investigated: false @@ -5143,7 +5136,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: OpenManage Connections - Nagios + product: Dell Security Management Server & Dell Security Management Server Virtual* cves: cve-2021-4104: investigated: false @@ -5173,7 +5166,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: OpenManage Connections - ServiceNow + product: Dell SupportAssist SOS cves: cve-2021-4104: investigated: false @@ -5203,8 +5196,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: OpenManage Integration for Microsoft System Center for System Center - Operations Manager + product: Dell Thin OS cves: cve-2021-4104: investigated: false @@ -5234,7 +5226,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: OpenManage Integration with Microsoft Windows Admin Center + product: Dell Threat Defense cves: cve-2021-4104: investigated: false @@ -5264,7 +5256,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: OpenManage Network Integration + product: Dell True Color cves: cve-2021-4104: investigated: false @@ -5294,7 +5286,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: PowerConnect N3200 + product: Dell Trusted Device cves: cve-2021-4104: investigated: false @@ -5324,7 +5316,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: PowerConnect PC2800 + product: Dell Update cves: cve-2021-4104: investigated: false @@ -5354,7 +5346,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: PowerConnect PC8100 + product: DellEMC OpenManage Enterprise Services cves: cve-2021-4104: investigated: false @@ -5362,11 +5354,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -5379,12 +5370,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch expected by 12/20/21 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: PowerEdge BIOS + product: Dream Catcher cves: cve-2021-4104: investigated: false @@ -5414,7 +5405,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: PowerEdge Operating Systems + product: DUP Creation Service cves: cve-2021-4104: investigated: false @@ -5444,7 +5435,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: PowerTools Agent + product: DUP Framework (ISG) cves: cve-2021-4104: investigated: false @@ -5474,7 +5465,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: PPDM Kubernetes cProxy + product: Embedded NAS cves: cve-2021-4104: investigated: false @@ -5504,7 +5495,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: PPDM VMware vProxy + product: Embedded Service Enabler cves: cve-2021-4104: investigated: false @@ -5534,7 +5525,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Redtail + product: Enterprise Hybrid Cloud cves: cve-2021-4104: investigated: false @@ -5542,11 +5533,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -5559,12 +5549,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: '[link](https://www.dell.com/support/kbdoc/en-us/000194490/dsa-2021-270-enterprise-hybrid-cloud-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Remotely Anywhere + product: Equallogic PS cves: cve-2021-4104: investigated: false @@ -5594,7 +5584,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Riptide (firmware) + product: Fluid FS cves: cve-2021-4104: investigated: false @@ -5624,7 +5614,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Rugged Control Center (RCC) + product: iDRAC Service Module (iSM) cves: cve-2021-4104: investigated: false @@ -5654,7 +5644,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: SD ROM Utility + product: Infinity MLK (firmware) cves: cve-2021-4104: investigated: false @@ -5684,7 +5674,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: SDNAS + product: Integrated Dell Remote Access Controller (iDRAC) cves: cve-2021-4104: investigated: false @@ -5714,7 +5704,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Server Storage + product: ISG Accelerators cves: cve-2021-4104: investigated: false @@ -5744,7 +5734,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Smart Fabric Storage Software + product: ISG Board & Electrical cves: cve-2021-4104: investigated: false @@ -5774,7 +5764,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: SmartByte + product: IsilonSD Management Server cves: cve-2021-4104: investigated: false @@ -5804,7 +5794,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: SMI-S + product: IVE-WinDiag cves: cve-2021-4104: investigated: false @@ -5834,7 +5824,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Software RAID + product: Mainframe Enablers cves: cve-2021-4104: investigated: false @@ -5864,7 +5854,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Solutions Enabler + product: My Dell cves: cve-2021-4104: investigated: false @@ -5894,7 +5884,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Solutions Enabler vApp + product: MyDell Mobile cves: cve-2021-4104: investigated: false @@ -5924,7 +5914,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Sonic + product: NetWorker Management Console cves: cve-2021-4104: investigated: false @@ -5954,7 +5944,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: SRS VE + product: Networking BIOS cves: cve-2021-4104: investigated: false @@ -5984,7 +5974,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Storage Center OS and additional SC applications unless otherwise noted + product: Networking DIAG cves: cve-2021-4104: investigated: false @@ -6014,7 +6004,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: SupportAssist Client Commercial + product: Networking N-Series cves: cve-2021-4104: investigated: false @@ -6044,7 +6034,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: SupportAssist Client Consumer + product: Networking OS 10 cves: cve-2021-4104: investigated: false @@ -6074,7 +6064,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: UCC Edge + product: Networking OS9 cves: cve-2021-4104: investigated: false @@ -6104,7 +6094,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Unisphere for PowerMax + product: Networking SD-WAN Edge SD-WAN cves: cve-2021-4104: investigated: false @@ -6134,7 +6124,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Unisphere for PowerMax vApp + product: Networking W-Series cves: cve-2021-4104: investigated: false @@ -6164,7 +6154,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Unisphere for VMAX + product: Networking X-Series cves: cve-2021-4104: investigated: false @@ -6194,7 +6184,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Unisphere for VNX + product: OMIMSSC (OpenManage Integration for Microsoft System Center) cves: cve-2021-4104: investigated: false @@ -6224,7 +6214,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Update Manager Plugin + product: OMNIA cves: cve-2021-4104: investigated: false @@ -6254,7 +6244,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: ViPR Controller + product: OpenManage Connections - Nagios cves: cve-2021-4104: investigated: false @@ -6284,7 +6274,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: VNX1 + product: OpenManage Connections - ServiceNow cves: cve-2021-4104: investigated: false @@ -6314,7 +6304,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: VNX2 + product: OpenManage Enterprise cves: cve-2021-4104: investigated: false @@ -6322,11 +6312,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -6339,12 +6328,13 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch expected by 12/19/21 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: VPLEX VS2/VS6 / VPLEX Witness + product: OpenManage Integration for Microsoft System Center for System Center + Operations Manager cves: cve-2021-4104: investigated: false @@ -6374,7 +6364,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Vsan Ready Nodes + product: OpenManage Integration with Microsoft Windows Admin Center cves: cve-2021-4104: investigated: false @@ -6404,7 +6394,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Warnado MLK (firmware) + product: OpenManage Network Integration cves: cve-2021-4104: investigated: false @@ -6434,7 +6424,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Wyse Proprietary OS (ThinOS) + product: PowerConnect N3200 cves: cve-2021-4104: investigated: false @@ -6464,7 +6454,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Wyse Windows Embedded Suite + product: PowerConnect PC2800 cves: cve-2021-4104: investigated: false @@ -6494,7 +6484,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: APEX Console + product: PowerConnect PC8100 cves: cve-2021-4104: investigated: false @@ -6504,9 +6494,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: + fixed_versions: [] + unaffected_versions: - N/A - unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -6519,12 +6509,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Cloud environment patched + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: APEX Data Storage Services + product: PowerEdge BIOS cves: cve-2021-4104: investigated: false @@ -6532,10 +6522,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -6548,12 +6539,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Cloud environment patch in progress + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Cloud IQ + product: PowerEdge Operating Systems cves: cve-2021-4104: investigated: false @@ -6561,10 +6552,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -6577,12 +6569,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Cloud environment patched + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Connectrix (Cisco MDS DCNM) + product: PowerTools Agent cves: cve-2021-4104: investigated: false @@ -6590,10 +6582,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -6606,12 +6599,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/23/21 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Connectrix B-Series SANnav + product: PPDM Kubernetes cProxy cves: cve-2021-4104: investigated: false @@ -6620,10 +6613,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 2.1.1 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -6636,12 +6629,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 3/31/2022 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Data Domain OS + product: PPDM VMware vProxy cves: cve-2021-4104: investigated: false @@ -6650,10 +6643,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Versions between 7.3.0.5 and 7.7.0.6;Versions before 7.6.0.30 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -6666,12 +6659,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-274 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Avamar + product: Redtail cves: cve-2021-4104: investigated: false @@ -6680,10 +6673,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '"18.2 19.1 19.2 19.3 19.4"' + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -6696,12 +6689,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/20/21 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC BSN Controller Node + product: Remotely Anywhere cves: cve-2021-4104: investigated: false @@ -6709,10 +6702,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -6725,12 +6719,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-305 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Cloud Disaster Recovery + product: Riptide (firmware) cves: cve-2021-4104: investigated: false @@ -6739,39 +6733,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - N/A - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending - references: - - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC Data Protection Central - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -6784,12 +6749,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021- 269 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Data Protection Search + product: Rugged Control Center (RCC) cves: cve-2021-4104: investigated: false @@ -6798,10 +6763,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Versions before 19.5.0.7 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -6814,12 +6779,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-279 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC ECS + product: SD ROM Utility cves: cve-2021-4104: investigated: false @@ -6827,10 +6792,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -6843,12 +6809,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/18/21 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Enterprise Hybrid Cloud + product: SDNAS cves: cve-2021-4104: investigated: false @@ -6856,10 +6822,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -6872,12 +6839,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '[link](https://www.dell.com/support/kbdoc/en-us/000194490/dsa-2021-270-enterprise-hybrid-cloud-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Enterprise Storage Analytics for vRealize Operations + product: Secure Connect Gateway (SCG) Appliance cves: cve-2021-4104: investigated: false @@ -6887,7 +6854,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '"<6.0.0 6.1.0 6.2.x"' + - '"5.00.00 5.00.05 and 4.0.06 and earlier versions (OVF and VHD)"' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -6902,12 +6869,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-278 + notes: See DSA-2021-282 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Integrated System for Azure Stack HCI + product: Secure Connect Gateway (SCG) Policy Manager cves: cve-2021-4104: investigated: false @@ -6917,7 +6884,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - N/A + - '"5.00.00.10 5.00.05.10"' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -6932,16 +6899,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '"Dell EMC Integrated System for Azure Stack HCI is not impacted by this - advisory. If Dell EMC SupportAssist Enterprise (SAE) or Dell EMC Secure Connect - Gateway (SCG) were optionally installed with Dell EMC Integrated System for - Azure Stack HCI monitor the following advisories. Apply workaround guidance - and remediations as they become [available:](https://www.dell.com/support/kbdoc/en-us/000194622/dsa-2021-307-dell-emc-integrated-system-for-azure-stack-hci-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' + notes: See DSA-2021-281 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Integrated System for Microsoft Azure Stack Hub + product: Server Storage cves: cve-2021-4104: investigated: false @@ -6950,10 +6913,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - N/A + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -6966,12 +6929,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC NetWorker Virtual Edition + product: Smart Fabric Storage Software cves: cve-2021-4104: investigated: false @@ -6980,10 +6943,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '"19.5.x 19.4.x 19.3.x"' + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -6996,12 +6959,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/20/21 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC NetWorker Server + product: SmartByte cves: cve-2021-4104: investigated: false @@ -7010,10 +6973,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '"19.5.x 19.4.x 19.3.x"' + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -7026,12 +6989,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/20/21 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Networking Virtual Edge Platform with VersaOS + product: SMI-S cves: cve-2021-4104: investigated: false @@ -7040,10 +7003,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '"with Versa Concerto with Versa Analytics with Versa Concero Director"' + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -7056,12 +7019,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-304 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerFlex Appliance + product: Software RAID cves: cve-2021-4104: investigated: false @@ -7070,11 +7033,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '"All versions up to Intelligent Catalog 38_356_00_r10.zip All versions - up to Intelligent Catalog 38_362_00_r7.zip"' + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -7087,12 +7049,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerFlex Software (SDS) + product: Solutions Enabler cves: cve-2021-4104: investigated: false @@ -7101,10 +7063,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '"3.5 3.5.1 3.5.1.1 3.5.1.2 3.5.1.3 3.5.1.4 3.6 3.6.0.1 3.6.0.2"' + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -7117,12 +7079,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerFlex Rack + product: Solutions Enabler vApp cves: cve-2021-4104: investigated: false @@ -7131,10 +7093,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - N/A + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -7147,12 +7109,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerProtect Data Manager + product: Sonic cves: cve-2021-4104: investigated: false @@ -7161,10 +7123,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - All versions 19.9 and earlier + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -7177,12 +7139,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerProtect DP Series Appliance (iDPA) + product: SRS Policy Manager cves: cve-2021-4104: investigated: false @@ -7192,7 +7154,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 2.7.0 and earlier + - '7' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -7212,7 +7174,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerStore + product: SRS VE cves: cve-2021-4104: investigated: false @@ -7220,10 +7182,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -7236,12 +7199,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/23/21 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC RecoverPoint for Virtual Machine + product: Storage Center - Dell Storage Manager cves: cve-2021-4104: investigated: false @@ -7249,9 +7212,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - All 5.0.x and later versions + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -7271,7 +7233,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC RecoverPoint Classic + product: Storage Center OS and additional SC applications unless otherwise noted cves: cve-2021-4104: investigated: false @@ -7280,10 +7242,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - All 5.1.x and later versions + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -7296,12 +7258,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC SRM vApp + product: SupportAssist Client Commercial cves: cve-2021-4104: investigated: false @@ -7310,10 +7272,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Versions before 4.6.0.2 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -7326,12 +7288,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 1/25/2022 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Streaming Data Platform + product: SupportAssist Client Consumer cves: cve-2021-4104: investigated: false @@ -7339,10 +7301,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -7355,12 +7318,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/18/21 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Unity + product: SupportAssist Enterprise cves: cve-2021-4104: investigated: false @@ -7384,12 +7347,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/29/21 + notes: Patch expected by 12/23/21 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Metro Node + product: UCC Edge cves: cve-2021-4104: investigated: false @@ -7398,10 +7361,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 7.0.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -7414,12 +7377,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-308 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC VxRail + product: Unisphere Central cves: cve-2021-4104: investigated: false @@ -7427,9 +7390,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - '"4.5.x 4.7.x 7.0.x"' + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -7444,12 +7406,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + notes: Patch expected by 1/10/2022 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Open Management Enterprise - Modular + product: Unisphere for PowerMax cves: cve-2021-4104: investigated: false @@ -7458,10 +7420,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - <1.40.10 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -7474,12 +7436,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-268 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: DellEMC OpenManage Enterprise Services + product: Unisphere for PowerMax vApp cves: cve-2021-4104: investigated: false @@ -7487,10 +7449,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -7503,12 +7466,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/20/21 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: OpenManage Enterprise + product: Unisphere for VMAX cves: cve-2021-4104: investigated: false @@ -7516,10 +7479,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -7532,12 +7496,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/19/21 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Ruckus SmartZone 300 Controller + product: Unisphere for VNX cves: cve-2021-4104: investigated: false @@ -7545,10 +7509,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -7561,12 +7526,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-303 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Ruckus SmartZone 100 Controller + product: Update Manager Plugin cves: cve-2021-4104: investigated: false @@ -7574,10 +7539,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -7590,12 +7556,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-303 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Ruckus Virtual Software + product: Vblock cves: cve-2021-4104: investigated: false @@ -7619,12 +7585,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-303 + notes: Patch pending See vce6771 (requires customer login) references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Secure Connect Gateway (SCG) Appliance + product: ViPR Controller cves: cve-2021-4104: investigated: false @@ -7633,10 +7599,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '"5.00.00 5.00.05 and 4.0.06 and earlier versions (OVF and VHD)"' + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -7649,12 +7615,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-282 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Secure Connect Gateway (SCG) Policy Manager + product: VMware vRealize Automation 8.x cves: cve-2021-4104: investigated: false @@ -7664,7 +7630,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '"5.00.00.10 5.00.05.10"' + - '"8.2 8.3 8.4 8.5 and 8.6"' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -7679,12 +7645,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-281 + notes: Patch expected by 12/19/21 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: SRS Policy Manager + product: VMware vRealize Orchestrator 8.x cves: cve-2021-4104: investigated: false @@ -7694,7 +7660,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '7' + - '"8.2 8.3 8.4 8.5 and 8.6"' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -7709,12 +7675,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + notes: Patch expected by 12/19/21 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Storage Center - Dell Storage Manager + product: VNX1 cves: cve-2021-4104: investigated: false @@ -7722,10 +7688,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -7738,12 +7705,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: SupportAssist Enterprise + product: VNX2 cves: cve-2021-4104: investigated: false @@ -7751,10 +7718,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -7767,12 +7735,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/23/21 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Unisphere Central + product: VNXe 1600 cves: cve-2021-4104: investigated: false @@ -7780,8 +7748,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - Versions 3.1.16.10220572 and earlier fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -7796,12 +7765,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 1/10/2022 + notes: Patch expected by 12/19/21 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Vblock + product: VNXe 3200 cves: cve-2021-4104: investigated: false @@ -7809,8 +7778,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - Version 3.1.15.10216415 and earlier fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -7825,12 +7795,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending See vce6771 (requires customer login) + notes: Patch expected by 12/19/21 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: VNXe 1600 + product: VPLEX VS2/VS6 / VPLEX Witness cves: cve-2021-4104: investigated: false @@ -7839,10 +7809,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Versions 3.1.16.10220572 and earlier + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -7855,12 +7825,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/19/21 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: VNXe 3200 + product: vRealize Data Protection Extension Data Management cves: cve-2021-4104: investigated: false @@ -7868,9 +7838,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Version 3.1.15.10216415 and earlier + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -7890,7 +7859,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: VxBlock + product: vRealize Data Protection Extension for vRealize Automation (vRA) 8.x cves: cve-2021-4104: investigated: false @@ -7898,8 +7867,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '"version 19.6 version 19.7 version 19.8 and version 19.9"' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -7914,7 +7884,7 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '"Patch pending See vce6771 (requires customer login) "' + notes: Patch expected by 12/19/21 references: - '' last_updated: '2021-12-15T00:00:00' @@ -8099,7 +8069,37 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: vRealize Data Protection Extension Data Management + product: Vsan Ready Nodes + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - N/A + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: VxBlock cves: cve-2021-4104: investigated: false @@ -8123,12 +8123,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/19/21 + notes: '"Patch pending See vce6771 (requires customer login) "' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: vRealize Data Protection Extension for vRealize Automation (vRA) 8.x + product: Warnado MLK (firmware) cves: cve-2021-4104: investigated: false @@ -8137,10 +8137,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '"version 19.6 version 19.7 version 19.8 and version 19.9"' + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -8153,12 +8153,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/19/21 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: VMware vRealize Automation 8.x + product: Wyse Management Suite cves: cve-2021-4104: investigated: false @@ -8168,7 +8168,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '"8.2 8.3 8.4 8.5 and 8.6"' + - <3.5 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -8183,12 +8183,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/19/21 + notes: See DSA-2021-267 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: VMware vRealize Orchestrator 8.x + product: Wyse Proprietary OS (ThinOS) cves: cve-2021-4104: investigated: false @@ -8197,10 +8197,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '"8.2 8.3 8.4 8.5 and 8.6"' + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -8213,12 +8213,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/19/21 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Wyse Management Suite + product: Wyse Windows Embedded Suite cves: cve-2021-4104: investigated: false @@ -8227,10 +8227,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - <3.5 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -8243,7 +8243,7 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-267 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' @@ -8305,7 +8305,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Device42 product: '' cves: @@ -8334,7 +8334,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Devolutions product: All products cves: @@ -8363,7 +8363,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Diebold Nixdorf product: '' cves: @@ -8392,9 +8392,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Digi International - product: CTEK G6200 family + product: AnywhereUSB Manager cves: cve-2021-4104: investigated: false @@ -8423,7 +8423,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: CTEK SkyCloud + product: ARMT cves: cve-2021-4104: investigated: false @@ -8452,7 +8452,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: CTEK Z45 family + product: Aview cves: cve-2021-4104: investigated: false @@ -8481,7 +8481,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi 54xx family + product: AVWOB cves: cve-2021-4104: investigated: false @@ -8510,7 +8510,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi 63xx family + product: CTEK G6200 family cves: cve-2021-4104: investigated: false @@ -8539,7 +8539,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi AnywhereUSB (G2) family + product: CTEK SkyCloud cves: cve-2021-4104: investigated: false @@ -8568,7 +8568,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi AnywhereUSB Plus family + product: CTEK Z45 family cves: cve-2021-4104: investigated: false @@ -8597,7 +8597,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi Connect family + product: Digi 54xx family cves: cve-2021-4104: investigated: false @@ -8626,7 +8626,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi Connect EZ family + product: Digi 63xx family cves: cve-2021-4104: investigated: false @@ -8655,7 +8655,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi Connect IT family + product: Digi AnywhereUSB (G2) family cves: cve-2021-4104: investigated: false @@ -8684,7 +8684,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi ConnectPort family + product: Digi AnywhereUSB Plus family cves: cve-2021-4104: investigated: false @@ -8713,7 +8713,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi ConnectPort LTS family + product: Digi Connect EZ family cves: cve-2021-4104: investigated: false @@ -8742,7 +8742,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi Connect Sensor family + product: Digi Connect family cves: cve-2021-4104: investigated: false @@ -8771,7 +8771,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi Connect WS family + product: Digi Connect IT family cves: cve-2021-4104: investigated: false @@ -8800,7 +8800,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi Embedded Android + product: Digi Connect Sensor family cves: cve-2021-4104: investigated: false @@ -8829,7 +8829,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi Embedded Yocto + product: Digi Connect WS family cves: cve-2021-4104: investigated: false @@ -8858,7 +8858,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi EX routers + product: Digi ConnectPort family cves: cve-2021-4104: investigated: false @@ -8887,7 +8887,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi IX routers + product: Digi ConnectPort LTS family cves: cve-2021-4104: investigated: false @@ -8916,7 +8916,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi LR54 + product: Digi Embedded Android cves: cve-2021-4104: investigated: false @@ -8945,7 +8945,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi One family + product: Digi Embedded Yocto cves: cve-2021-4104: investigated: false @@ -8974,7 +8974,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi Passport family + product: Digi EX routers cves: cve-2021-4104: investigated: false @@ -9003,7 +9003,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi PortServer TS family + product: Digi IX routers cves: cve-2021-4104: investigated: false @@ -9032,7 +9032,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi TX routers + product: Digi LR54 cves: cve-2021-4104: investigated: false @@ -9061,7 +9061,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi WR11 + product: Digi Navigator cves: cve-2021-4104: investigated: false @@ -9090,7 +9090,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi WR21 + product: Digi One family cves: cve-2021-4104: investigated: false @@ -9119,7 +9119,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi WR31 + product: Digi Passport family cves: cve-2021-4104: investigated: false @@ -9148,7 +9148,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi WR44R/RR + product: Digi PortServer TS family cves: cve-2021-4104: investigated: false @@ -9177,7 +9177,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi WR54 + product: Digi Remote Manager cves: cve-2021-4104: investigated: false @@ -9206,7 +9206,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi WR64 + product: Digi TX routers cves: cve-2021-4104: investigated: false @@ -9235,7 +9235,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: AnywhereUSB Manager + product: Digi WR11 cves: cve-2021-4104: investigated: false @@ -9264,7 +9264,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Aview + product: Digi WR21 cves: cve-2021-4104: investigated: false @@ -9293,7 +9293,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: ARMT + product: Digi WR31 cves: cve-2021-4104: investigated: false @@ -9322,7 +9322,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: AVWOB + product: Digi WR44R/RR cves: cve-2021-4104: investigated: false @@ -9351,7 +9351,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi Navigator + product: Digi WR54 cves: cve-2021-4104: investigated: false @@ -9380,7 +9380,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi Remote Manager + product: Digi WR64 cves: cve-2021-4104: investigated: false @@ -9552,7 +9552,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Digital AI product: '' cves: @@ -9581,7 +9581,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Digital Alert Systems product: All cves: @@ -9639,7 +9639,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Docker product: '' cves: @@ -9668,7 +9668,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Docusign product: '' cves: @@ -9697,7 +9697,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: DrayTek product: Vigor Routers, Access Points, Switches, VigorACS Central Management Software, MyVigor Platform @@ -9756,9 +9756,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Dynatrace - product: Managed cluster nodes + product: ActiveGate cves: cve-2021-4104: investigated: false @@ -9782,12 +9782,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/ - notes: Please see Dynatrace Communication for details + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' - vendor: Dynatrace - product: SAAS + product: Dynatrace Extensions cves: cve-2021-4104: investigated: false @@ -9811,7 +9811,7 @@ software: unaffected_versions: [] vendor_links: - https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/ - notes: '' + notes: Please see Dynatrace Communication for details references: - '' last_updated: '2021-12-21T00:00:00' @@ -9845,7 +9845,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Dynatrace - product: Synthetic public locations + product: Managed cluster nodes cves: cve-2021-4104: investigated: false @@ -9869,12 +9869,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/ - notes: '' + notes: Please see Dynatrace Communication for details references: - '' last_updated: '2021-12-21T00:00:00' - vendor: Dynatrace - product: Synthetic Private ActiveGate + product: OneAgent cves: cve-2021-4104: investigated: false @@ -9898,12 +9898,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/ - notes: Please see Dynatrace Communication for details + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' - vendor: Dynatrace - product: ActiveGate + product: SAAS cves: cve-2021-4104: investigated: false @@ -9932,7 +9932,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Dynatrace - product: OneAgent + product: Synthetic Private ActiveGate cves: cve-2021-4104: investigated: false @@ -9956,12 +9956,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/ - notes: '' + notes: Please see Dynatrace Communication for details references: - '' last_updated: '2021-12-21T00:00:00' - vendor: Dynatrace - product: Dynatrace Extensions + product: Synthetic public locations cves: cve-2021-4104: investigated: false @@ -9985,7 +9985,7 @@ software: unaffected_versions: [] vendor_links: - https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/ - notes: Please see Dynatrace Communication for details + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' diff --git a/data/cisagov_E.yml b/data/cisagov_E.yml index abf2a20..1578987 100644 --- a/data/cisagov_E.yml +++ b/data/cisagov_E.yml @@ -32,7 +32,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Eaton product: Undisclosed cves: @@ -64,7 +64,7 @@ software: wall. references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: EclecticIQ product: '' cves: @@ -93,7 +93,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Eclipse Foundation product: '' cves: @@ -122,7 +122,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Edwards product: '' cves: @@ -180,7 +180,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: EGroupware product: '' cves: @@ -209,7 +209,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Elastic product: APM Java Agent cves: @@ -356,7 +356,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Elastic - product: Elastic Cloud Enterprise + product: Elastic Cloud cves: cve-2021-4104: investigated: false @@ -414,7 +414,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Elastic - product: Elastic Cloud on Kubernetes + product: Elastic Cloud Enterprise cves: cve-2021-4104: investigated: false @@ -443,7 +443,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Elastic - product: Elastic Cloud + product: Elastic Cloud on Kubernetes cves: cve-2021-4104: investigated: false @@ -793,9 +793,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Ellucian - product: Banner Analytics + product: Admin cves: cve-2021-4104: investigated: false @@ -824,7 +824,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Colleague + product: Banner Analytics cves: cve-2021-4104: investigated: false @@ -848,12 +848,12 @@ software: unaffected_versions: [] vendor_links: - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue - notes: On-prem and cloud deployements expect fixed 12/18/2021 + notes: '' references: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Admin + product: Banner Document Management (includes Banner Document Retention) cves: cve-2021-4104: investigated: false @@ -882,7 +882,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Enterprise Identity Services(BEIS) + product: Banner Event Publisher cves: cve-2021-4104: investigated: false @@ -969,7 +969,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Banner Workflow + product: Banner Self Service cves: cve-2021-4104: investigated: false @@ -998,7 +998,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Banner Document Management (includes Banner Document Retention) + product: Banner Workflow cves: cve-2021-4104: investigated: false @@ -1027,7 +1027,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian Advance Web Connector + product: Colleague cves: cve-2021-4104: investigated: false @@ -1051,12 +1051,12 @@ software: unaffected_versions: [] vendor_links: - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue - notes: '' + notes: On-prem and cloud deployements expect fixed 12/18/2021 references: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian eTranscripts + product: Colleague Analytics cves: cve-2021-4104: investigated: false @@ -1085,7 +1085,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian Mobile + product: CRM Advance cves: cve-2021-4104: investigated: false @@ -1114,7 +1114,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian Solution Manager + product: CRM Advise cves: cve-2021-4104: investigated: false @@ -1143,7 +1143,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Banner Event Publisher + product: CRM Recruit cves: cve-2021-4104: investigated: false @@ -1172,7 +1172,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Banner Self Service + product: Ellucian Advance Web Connector cves: cve-2021-4104: investigated: false @@ -1201,7 +1201,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Colleague Analytics + product: Ellucian Data Access cves: cve-2021-4104: investigated: false @@ -1230,7 +1230,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: CRM Advance + product: Ellucian Design Path cves: cve-2021-4104: investigated: false @@ -1259,7 +1259,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: CRM Advise + product: Ellucian Ellucian Portal cves: cve-2021-4104: investigated: false @@ -1288,7 +1288,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: CRM Recruit + product: Ellucian ePrint cves: cve-2021-4104: investigated: false @@ -1317,7 +1317,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian Data Access + product: Ellucian Ethos API & API Management Center cves: cve-2021-4104: investigated: false @@ -1346,7 +1346,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian Design Path + product: Ellucian Ethos Extend cves: cve-2021-4104: investigated: false @@ -1375,7 +1375,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian ePrint + product: Ellucian Ethos Integration cves: cve-2021-4104: investigated: false @@ -1404,7 +1404,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian Ethos API & API Management Center + product: Ellucian eTranscripts cves: cve-2021-4104: investigated: false @@ -1433,7 +1433,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian Ethos Extend + product: Ellucian Experience cves: cve-2021-4104: investigated: false @@ -1462,7 +1462,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian Ethos Integration + product: Ellucian Intelligent Platform (ILP) cves: cve-2021-4104: investigated: false @@ -1491,7 +1491,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian Experience + product: Ellucian International Student and Scholar Management (ISSM) cves: cve-2021-4104: investigated: false @@ -1520,7 +1520,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian Intelligent Platform (ILP) + product: Ellucian Message Service (EMS) cves: cve-2021-4104: investigated: false @@ -1549,7 +1549,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian International Student and Scholar Management (ISSM) + product: Ellucian Messaging Adapter (EMA) cves: cve-2021-4104: investigated: false @@ -1578,7 +1578,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian Message Service (EMS) + product: Ellucian Mobile cves: cve-2021-4104: investigated: false @@ -1607,7 +1607,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian Messaging Adapter (EMA) + product: Ellucian Payment Gateway cves: cve-2021-4104: investigated: false @@ -1636,7 +1636,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian Payment Gateway + product: Ellucian PowerCampus cves: cve-2021-4104: investigated: false @@ -1665,7 +1665,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian Ellucian Portal + product: Ellucian Solution Manager cves: cve-2021-4104: investigated: false @@ -1723,7 +1723,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian PowerCampus + product: Enterprise Identity Services(BEIS) cves: cve-2021-4104: investigated: false @@ -1752,7 +1752,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: K-Series Coriolis Transmitters + product: 148 Temperature Transmitter cves: cve-2021-4104: investigated: false @@ -1781,7 +1781,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Prolink Configuration Software + product: 2051 Pressure Transmitter Family cves: cve-2021-4104: investigated: false @@ -1810,7 +1810,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Prolink Mobile Application & ProcessViz Software + product: 2088 Pressure Transmitter Family cves: cve-2021-4104: investigated: false @@ -1839,7 +1839,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 4732 Endeavor + product: 2090F/2090P Pressure Transmitters cves: cve-2021-4104: investigated: false @@ -1868,7 +1868,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Vortex and Magmeter Transmitters + product: 215 Pressure Sensor Module cves: cve-2021-4104: investigated: false @@ -1897,7 +1897,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: USM 3410 and 3810 Series Ultrasonic Transmitters + product: 248 Configuration Application cves: cve-2021-4104: investigated: false @@ -1926,7 +1926,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Mark III Gas and Liquid USM + product: 248 Temperature Transmitter cves: cve-2021-4104: investigated: false @@ -1955,7 +1955,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Flarecheck FlowCheck Flowel & PWAM software + product: 3051 & 3051S Pressure transmitter families cves: cve-2021-4104: investigated: false @@ -1984,7 +1984,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: MPFM2600 & MPFM5726 + product: 3144P Temperature Transmitter cves: cve-2021-4104: investigated: false @@ -2013,7 +2013,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: DHNC1 DHNC2 + product: 326P Pressure Transmitter cves: cve-2021-4104: investigated: false @@ -2042,7 +2042,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: WCM SWGM + product: 326T Temperature Transmitter cves: cve-2021-4104: investigated: false @@ -2071,7 +2071,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Fieldwatch and Service consoles + product: 327T Temperature Transmitter cves: cve-2021-4104: investigated: false @@ -2100,7 +2100,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 5726 Transmitter + product: 4088 Pressure Transmitter cves: cve-2021-4104: investigated: false @@ -2129,7 +2129,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Plantweb Advisor for Metrology and Metering Suite SDK + product: 4088 Upgrade Utility cves: cve-2021-4104: investigated: false @@ -2158,7 +2158,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 'Gas Chromatographs: M500/2350A MON2000 700XA/1500XA 370XA MON2020' + product: 4600 Pressure Transmitter cves: cve-2021-4104: investigated: false @@ -2187,7 +2187,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 'Gas Analysis: X-STREAM Enhanced (XEGP XEGK XEGC XEGF XEFD XECLD)' + product: 4732 Endeavor cves: cve-2021-4104: investigated: false @@ -2216,9 +2216,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 'Gas Detection: Millennium II Basic Single & Dual Channel 928 Wireless - Gas Monitor/628 Gas Sensor 935 & 936 Open Path Gas Detector Millennium Air Particle - Monitor' + product: 4732 Endeavor cves: cve-2021-4104: investigated: false @@ -2247,7 +2245,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: K-Series Coriolis Transmitters + product: 550 PT Pressure Transmitter cves: cve-2021-4104: investigated: false @@ -2276,7 +2274,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Prolink Configuration Software + product: 5726 Transmitter cves: cve-2021-4104: investigated: false @@ -2305,7 +2303,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Prolink Mobile Application & ProcessViz Software + product: 5726 Transmitter cves: cve-2021-4104: investigated: false @@ -2334,7 +2332,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 4732 Endeavor + product: 644 Temperature Transmitter cves: cve-2021-4104: investigated: false @@ -2363,7 +2361,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Vortex and Magmeter Transmitters + product: 648 Temperature Transmitter cves: cve-2021-4104: investigated: false @@ -2392,7 +2390,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: USM 3410 and 3810 Series Ultrasonic Transmitters + product: 848T Temperature Transmitter cves: cve-2021-4104: investigated: false @@ -2421,7 +2419,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Mark III Gas and Liquid USM + product: 'Combustion: OCX OXT 6888 CX1100 6888Xi' cves: cve-2021-4104: investigated: false @@ -2450,7 +2448,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Flarecheck FlowCheck Flowel & PWAM software + product: CT2211 QCL Aerosol Microleak Detection System cves: cve-2021-4104: investigated: false @@ -2479,7 +2477,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: MPFM2600 & MPFM5726 + product: CT3000 QCL Automotive OEM Gas Analyzer cves: cve-2021-4104: investigated: false @@ -2508,7 +2506,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: DHNC1 DHNC2 + product: CT4000 QCL Marine OEM Gas Analyzer cves: cve-2021-4104: investigated: false @@ -2537,7 +2535,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: WCM SWGM + product: CT4215 QCL Packaging Leak Detection System cves: cve-2021-4104: investigated: false @@ -2566,7 +2564,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Fieldwatch and Service consoles + product: CT4400 QCL General Purpose Continuous Gas Analyzer cves: cve-2021-4104: investigated: false @@ -2595,7 +2593,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 5726 Transmitter + product: CT4404 QCL pMDI Leak Detection Analyzer cves: cve-2021-4104: investigated: false @@ -2624,7 +2622,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Plantweb Advisor for Metrology and Metering Suite SDK + product: CT5100 QCL Field Housing Continuous Gas Analyzer cves: cve-2021-4104: investigated: false @@ -2653,7 +2651,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 'Gas Chromatographs: M500/2350A MON2000 700XA/1500XA 370XA MON2020' + product: CT5400 QCL General Purpose Continuous Gas Analyzer cves: cve-2021-4104: investigated: false @@ -2682,7 +2680,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 'Gas Analysis: X-STREAM Enhanced (XEGP XEGK XEGC XEGF XEFD XECLD)' + product: CT5800 QCL Flameproof Housing Continuous Gas Analyzer cves: cve-2021-4104: investigated: false @@ -2711,9 +2709,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 'Gas Detection: Millennium II Basic Single & Dual Channel 928 Wireless - Gas Monitor/628 Gas Sensor 935 & 936 Open Path Gas Detector Millennium Air Particle - Monitor' + product: DHNC1 DHNC2 cves: cve-2021-4104: investigated: false @@ -2742,7 +2738,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Incus Ultrasonic gas leak detector + product: DHNC1 DHNC2 cves: cve-2021-4104: investigated: false @@ -2771,8 +2767,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 'Flame Detection: 975UF & 975UR Infrared Flame Detectors 975HR Infrared - Hydrogen Flame Detector 975MR Multi-Spectrum Infrared Flame Detector' + product: Emerson Aperio software cves: cve-2021-4104: investigated: false @@ -2801,7 +2796,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 'Liquid Transmitters: 5081 1066 1056 1057 56' + product: Engineering Assistant 5.x & 6.x cves: cve-2021-4104: investigated: false @@ -2830,7 +2825,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 'Combustion: OCX OXT 6888 CX1100 6888Xi' + product: Fieldwatch and Service consoles cves: cve-2021-4104: investigated: false @@ -2859,7 +2854,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Spectrex family Flame Detectors and Rosemount 975 flame detector + product: Fieldwatch and Service consoles cves: cve-2021-4104: investigated: false @@ -2888,7 +2883,8 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: CT4400 QCL General Purpose Continuous Gas Analyzer + product: 'Flame Detection: 975UF & 975UR Infrared Flame Detectors 975HR Infrared + Hydrogen Flame Detector 975MR Multi-Spectrum Infrared Flame Detector' cves: cve-2021-4104: investigated: false @@ -2917,7 +2913,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: CT5400 QCL General Purpose Continuous Gas Analyzer + product: Flarecheck FlowCheck Flowel & PWAM software cves: cve-2021-4104: investigated: false @@ -2946,7 +2942,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: CT5100 QCL Field Housing Continuous Gas Analyzer + product: Flarecheck FlowCheck Flowel & PWAM software cves: cve-2021-4104: investigated: false @@ -2975,7 +2971,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: CT5800 QCL Flameproof Housing Continuous Gas Analyzer + product: 'Gas Analysis: X-STREAM Enhanced (XEGP XEGK XEGC XEGF XEFD XECLD)' cves: cve-2021-4104: investigated: false @@ -3004,7 +3000,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: CT4215 QCL Packaging Leak Detection System + product: 'Gas Analysis: X-STREAM Enhanced (XEGP XEGK XEGC XEGF XEFD XECLD)' cves: cve-2021-4104: investigated: false @@ -3033,7 +3029,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: CT2211 QCL Aerosol Microleak Detection System + product: 'Gas Chromatographs: M500/2350A MON2000 700XA/1500XA 370XA MON2020' cves: cve-2021-4104: investigated: false @@ -3062,7 +3058,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: CT4404 QCL pMDI Leak Detection Analyzer + product: 'Gas Chromatographs: M500/2350A MON2000 700XA/1500XA 370XA MON2020' cves: cve-2021-4104: investigated: false @@ -3091,7 +3087,9 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: CT4000 QCL Marine OEM Gas Analyzer + product: 'Gas Detection: Millennium II Basic Single & Dual Channel 928 Wireless + Gas Monitor/628 Gas Sensor 935 & 936 Open Path Gas Detector Millennium Air Particle + Monitor' cves: cve-2021-4104: investigated: false @@ -3120,7 +3118,9 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: CT3000 QCL Automotive OEM Gas Analyzer + product: 'Gas Detection: Millennium II Basic Single & Dual Channel 928 Wireless + Gas Monitor/628 Gas Sensor 935 & 936 Open Path Gas Detector Millennium Air Particle + Monitor' cves: cve-2021-4104: investigated: false @@ -3149,7 +3149,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 3051 & 3051S Pressure transmitter families + product: Incus Ultrasonic gas leak detector cves: cve-2021-4104: investigated: false @@ -3178,7 +3178,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 2051 Pressure Transmitter Family + product: K-Series Coriolis Transmitters cves: cve-2021-4104: investigated: false @@ -3207,7 +3207,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 4088 Pressure Transmitter + product: K-Series Coriolis Transmitters cves: cve-2021-4104: investigated: false @@ -3236,7 +3236,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 2088 Pressure Transmitter Family + product: 'Liquid Transmitters: 5081 1066 1056 1057 56' cves: cve-2021-4104: investigated: false @@ -3265,7 +3265,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 2090F/2090P Pressure Transmitters + product: Mark III Gas and Liquid USM cves: cve-2021-4104: investigated: false @@ -3294,7 +3294,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 4600 Pressure Transmitter + product: Mark III Gas and Liquid USM cves: cve-2021-4104: investigated: false @@ -3323,7 +3323,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 215 Pressure Sensor Module + product: MPFM2600 & MPFM5726 cves: cve-2021-4104: investigated: false @@ -3352,7 +3352,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 550 PT Pressure Transmitter + product: MPFM2600 & MPFM5726 cves: cve-2021-4104: investigated: false @@ -3381,7 +3381,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 326P Pressure Transmitter + product: Plantweb Advisor for Metrology and Metering Suite SDK cves: cve-2021-4104: investigated: false @@ -3410,7 +3410,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 3144P Temperature Transmitter + product: Plantweb Advisor for Metrology and Metering Suite SDK cves: cve-2021-4104: investigated: false @@ -3439,7 +3439,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 644 Temperature Transmitter + product: Prolink Configuration Software cves: cve-2021-4104: investigated: false @@ -3468,7 +3468,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 848T Temperature Transmitter + product: Prolink Configuration Software cves: cve-2021-4104: investigated: false @@ -3497,7 +3497,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 148 Temperature Transmitter + product: Prolink Mobile Application & ProcessViz Software cves: cve-2021-4104: investigated: false @@ -3526,7 +3526,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 248 Temperature Transmitter + product: Prolink Mobile Application & ProcessViz Software cves: cve-2021-4104: investigated: false @@ -3555,7 +3555,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 326T Temperature Transmitter + product: Rosemount 2230 Graphical Field Display cves: cve-2021-4104: investigated: false @@ -3584,7 +3584,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 327T Temperature Transmitter + product: Rosemount 2240S Multi-input Temperature Transmitter cves: cve-2021-4104: investigated: false @@ -3613,7 +3613,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 648 Temperature Transmitter + product: Rosemount 2410 Tank Hub cves: cve-2021-4104: investigated: false @@ -3642,7 +3642,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 4088 Upgrade Utility + product: Rosemount 2460 System Hub cves: cve-2021-4104: investigated: false @@ -3671,7 +3671,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Engineering Assistant 5.x & 6.x + product: Rosemount 3490 Controller cves: cve-2021-4104: investigated: false @@ -3700,7 +3700,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 248 Configuration Application + product: Rosemount CMS/IOU 61 cves: cve-2021-4104: investigated: false @@ -3729,7 +3729,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Rosemount IO-Link Assistant + product: Rosemount CMS/SCU 51/SCC cves: cve-2021-4104: investigated: false @@ -3758,7 +3758,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Rosemount TankMaster and TankMaster Mobile + product: Rosemount CMS/WSU 51/SWF 51 cves: cve-2021-4104: investigated: false @@ -3787,7 +3787,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Rosemount RadarMaster and RadarMaster Plus + product: Rosemount IO-Link Assistant cves: cve-2021-4104: investigated: false @@ -3816,7 +3816,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Rosemount Radar Configuration Tool + product: Rosemount Level Detectors (21xx) cves: cve-2021-4104: investigated: false @@ -3845,7 +3845,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Rosemount 2460 System Hub + product: Rosemount Level Transmitters (14xx 33xx 53xx 54xx 56xx) cves: cve-2021-4104: investigated: false @@ -3874,7 +3874,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Rosemount 2410 Tank Hub + product: Rosemount Radar Configuration Tool cves: cve-2021-4104: investigated: false @@ -3903,7 +3903,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Rosemount 3490 Controller + product: Rosemount Radar Level Gauges (Pro 39xx 59xx) cves: cve-2021-4104: investigated: false @@ -3932,7 +3932,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Rosemount 2230 Graphical Field Display + product: Rosemount RadarMaster and RadarMaster Plus cves: cve-2021-4104: investigated: false @@ -3961,7 +3961,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Rosemount 2240S Multi-input Temperature Transmitter + product: Rosemount Tank Radar Gauges (TGUxx) cves: cve-2021-4104: investigated: false @@ -3990,7 +3990,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Rosemount CMS/SCU 51/SCC + product: Rosemount TankMaster and TankMaster Mobile cves: cve-2021-4104: investigated: false @@ -4019,7 +4019,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Rosemount CMS/WSU 51/SWF 51 + product: Spectrex family Flame Detectors and Rosemount 975 flame detector cves: cve-2021-4104: investigated: false @@ -4048,7 +4048,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Rosemount CMS/IOU 61 + product: USM 3410 and 3810 Series Ultrasonic Transmitters cves: cve-2021-4104: investigated: false @@ -4077,7 +4077,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Rosemount Level Transmitters (14xx 33xx 53xx 54xx 56xx) + product: USM 3410 and 3810 Series Ultrasonic Transmitters cves: cve-2021-4104: investigated: false @@ -4106,7 +4106,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Rosemount Radar Level Gauges (Pro 39xx 59xx) + product: Vortex and Magmeter Transmitters cves: cve-2021-4104: investigated: false @@ -4135,7 +4135,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Rosemount Tank Radar Gauges (TGUxx) + product: Vortex and Magmeter Transmitters cves: cve-2021-4104: investigated: false @@ -4164,7 +4164,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Rosemount Level Detectors (21xx) + product: WCM SWGM cves: cve-2021-4104: investigated: false @@ -4193,7 +4193,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Emerson Aperio software + product: WCM SWGM cves: cve-2021-4104: investigated: false @@ -4249,7 +4249,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: ESET product: '' cves: @@ -4278,7 +4278,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: ESRI product: ArcGIS Data Store cves: @@ -4493,7 +4493,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Evolveum Midpoint product: '' cves: @@ -4522,7 +4522,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Ewon product: '' cves: @@ -4551,7 +4551,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Exabeam product: '' cves: @@ -4581,7 +4581,7 @@ software: by CISA references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Exact product: '' cves: @@ -4610,7 +4610,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Exivity product: '' cves: @@ -4639,7 +4639,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: ExtraHop product: Reveal(x) cves: @@ -4700,7 +4700,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Extreme Networks product: '' cves: @@ -4729,7 +4729,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Extron product: '' cves: @@ -4758,5 +4758,5 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' ... diff --git a/data/cisagov_F.yml b/data/cisagov_F.yml index 5abf36e..8598911 100644 --- a/data/cisagov_F.yml +++ b/data/cisagov_F.yml @@ -32,7 +32,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: F-Secure product: Endpoint Proxy cves: @@ -62,7 +62,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: F-Secure product: Messaging Security Gateway cves: @@ -91,7 +91,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: F-Secure product: Policy Manager cves: @@ -121,7 +121,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: F-Secure product: Policy Manager Proxy cves: @@ -151,7 +151,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: F5 product: BIG-IP (all modules) cves: @@ -181,7 +181,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: F5 product: BIG-IQ Centralized Management cves: @@ -211,7 +211,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: F5 product: F5OS cves: @@ -241,9 +241,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: F5 - product: Traffix SDC + product: NGINX App Protect cves: cve-2021-4104: investigated: false @@ -252,11 +252,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 5.x (5.2.0 CF1 - - 5.1.0 CF-30 - 5.1.0 CF-33) + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 3.x cve-2021-45046: investigated: false affected_versions: [] @@ -269,13 +268,12 @@ software: unaffected_versions: [] vendor_links: - https://support.f5.com/csp/article/K19026212 - notes: 'Vulnerable components: EMS-ELK components (Fluentd + Elastic Search + - Kibana), Element Management System' + notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: F5 - product: NGINX Plus + product: NGINX Controller cves: cve-2021-4104: investigated: false @@ -287,7 +285,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - R19 - R25 + - 3.x cve-2021-45046: investigated: false affected_versions: [] @@ -303,9 +301,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: F5 - product: NGINX Open Source + product: NGINX Ingress Controller cves: cve-2021-4104: investigated: false @@ -317,7 +315,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 1.x + - 1.x - 2.x cve-2021-45046: investigated: false affected_versions: [] @@ -333,9 +331,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: F5 - product: NGINX Unit + product: NGINX Instance Manager cves: cve-2021-4104: investigated: false @@ -363,9 +361,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: F5 - product: NGINX App Protect + product: NGINX Open Source cves: cve-2021-4104: investigated: false @@ -377,7 +375,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 3.x + - 1.x cve-2021-45046: investigated: false affected_versions: [] @@ -393,9 +391,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: F5 - product: NGINX Controller + product: NGINX Plus cves: cve-2021-4104: investigated: false @@ -407,7 +405,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 3.x + - R19 - R25 cve-2021-45046: investigated: false affected_versions: [] @@ -423,9 +421,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: F5 - product: NGINX Ingress Controller + product: NGINX Service Mesh cves: cve-2021-4104: investigated: false @@ -437,7 +435,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 1.x - 2.x + - 1.x cve-2021-45046: investigated: false affected_versions: [] @@ -453,9 +451,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: F5 - product: NGINX Instance Manager + product: NGINX Unit cves: cve-2021-4104: investigated: false @@ -483,9 +481,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: F5 - product: NGINX Service Mesh + product: Traffix SDC cves: cve-2021-4104: investigated: false @@ -494,10 +492,11 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 5.x (5.2.0 CF1 + - 5.1.0 CF-30 - 5.1.0 CF-33) fixed_versions: [] - unaffected_versions: - - 1.x + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -510,10 +509,11 @@ software: unaffected_versions: [] vendor_links: - https://support.f5.com/csp/article/K19026212 - notes: '' + notes: 'Vulnerable components: EMS-ELK components (Fluentd + Elastic Search + + Kibana), Element Management System' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: FAST LTA product: '' cves: @@ -542,7 +542,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fastly product: '' cves: @@ -571,7 +571,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: FedEx product: Ship Manager Software cves: @@ -668,7 +668,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: FileCatalyst product: '' cves: @@ -697,7 +697,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: FileCloud product: '' cves: @@ -726,7 +726,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: FileWave product: '' cves: @@ -755,7 +755,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: FINVI product: '' cves: @@ -784,7 +784,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: FireDaemon product: '' cves: @@ -813,7 +813,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fisher & Paykel Healthcare product: '' cves: @@ -871,7 +871,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Flexera product: '' cves: @@ -900,7 +900,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Forcepoint product: DLP Manager cves: @@ -929,7 +929,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Forcepoint product: Forcepoint Cloud Security Gateway (CSG) cves: @@ -958,7 +958,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Forcepoint product: Next Generation Firewall (NGFW) cves: @@ -987,7 +987,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Forcepoint product: Next Generation Firewall, NGFW VPN Client, Forcepoint User ID service and Sidewinder @@ -1017,7 +1017,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Forcepoint product: One Endpoint cves: @@ -1046,7 +1046,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Forcepoint product: Security Manager (Web, Email and DLP) cves: @@ -1075,7 +1075,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Forescout product: '' cves: @@ -1104,7 +1104,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: ForgeRock product: Autonomous Identity cves: @@ -1133,7 +1133,7 @@ software: notes: all other ForgeRock products Not vulnerable references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiAIOps cves: @@ -1162,7 +1162,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiAnalyzer cves: @@ -1191,7 +1191,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiAnalyzer Cloud cves: @@ -1220,7 +1220,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiAP cves: @@ -1249,7 +1249,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiAuthenticator cves: @@ -1278,7 +1278,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiCASB cves: @@ -1307,7 +1307,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiConvertor cves: @@ -1336,7 +1336,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiDeceptor cves: @@ -1365,7 +1365,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiEDR Agent cves: @@ -1394,7 +1394,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiEDR Cloud cves: @@ -1423,7 +1423,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiGate Cloud cves: @@ -1452,7 +1452,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiGSLB Cloud cves: @@ -1481,7 +1481,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiMail cves: @@ -1510,7 +1510,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiManager cves: @@ -1539,7 +1539,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiManager Cloud cves: @@ -1568,7 +1568,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiNAC cves: @@ -1597,7 +1597,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiNAC cves: @@ -1626,7 +1626,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiOS (includes FortiGate & FortiWiFi) cves: @@ -1655,7 +1655,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiPhish Cloud cves: @@ -1684,7 +1684,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiPolicy cves: @@ -1713,7 +1713,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiPortal cves: @@ -1742,7 +1742,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiRecorder cves: @@ -1771,7 +1771,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiSIEM cves: @@ -1800,7 +1800,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiSOAR cves: @@ -1829,7 +1829,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiSwicth Cloud in FortiLANCloud cves: @@ -1858,7 +1858,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiSwitch & FortiSwitchManager cves: @@ -1887,7 +1887,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiToken Cloud cves: @@ -1916,7 +1916,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiVoice cves: @@ -1945,7 +1945,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiWeb Cloud cves: @@ -1974,7 +1974,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: ShieldX cves: @@ -2003,7 +2003,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: FTAPI product: '' cves: @@ -2032,7 +2032,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fujitsu product: '' cves: @@ -2061,7 +2061,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: FusionAuth product: FusionAuth cves: @@ -2091,5 +2091,5 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' ... diff --git a/data/cisagov_G.yml b/data/cisagov_G.yml index a4fcb96..88012b6 100644 --- a/data/cisagov_G.yml +++ b/data/cisagov_G.yml @@ -65,7 +65,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: GE Gas Power - product: Baseline Security Center (BSC) + product: Asset Performance Management (APM) cves: cve-2021-4104: investigated: false @@ -89,13 +89,12 @@ software: unaffected_versions: [] vendor_links: - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf - notes: Vulnerability to be fixed by vendor provided workaround. No user actions - necessary. Contact GE for details. + notes: GE verifying workaround. references: - '' last_updated: '2021-12-22T00:00:00' - vendor: GE Gas Power - product: Baseline Security Center (BSC) 2.0 + product: Baseline Security Center (BSC) cves: cve-2021-4104: investigated: false @@ -120,12 +119,12 @@ software: vendor_links: - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf notes: Vulnerability to be fixed by vendor provided workaround. No user actions - necessary. Contact GE for details + necessary. Contact GE for details. references: - '' last_updated: '2021-12-22T00:00:00' - vendor: GE Gas Power - product: Asset Performance Management (APM) + product: Baseline Security Center (BSC) 2.0 cves: cve-2021-4104: investigated: false @@ -149,7 +148,8 @@ software: unaffected_versions: [] vendor_links: - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf - notes: GE verifying workaround. + notes: Vulnerability to be fixed by vendor provided workaround. No user actions + necessary. Contact GE for details references: - '' last_updated: '2021-12-22T00:00:00' @@ -270,7 +270,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Genesys product: '' cves: @@ -299,7 +299,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: GeoServer product: '' cves: @@ -328,7 +328,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Gerrit code review product: '' cves: @@ -357,7 +357,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: GFI product: '' cves: @@ -386,7 +386,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Ghidra product: '' cves: @@ -415,7 +415,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Gigamon product: Fabric Manager cves: @@ -505,7 +505,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Globus product: '' cves: @@ -534,9 +534,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: GoAnywhere - product: MFT + product: Gateway cves: cve-2021-4104: investigated: false @@ -546,7 +546,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - < 6.8.6 + - < 2.8.4 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -566,7 +566,7 @@ software: - '' last_updated: '2021-12-18T00:00:00' - vendor: GoAnywhere - product: Gateway + product: MFT cves: cve-2021-4104: investigated: false @@ -576,7 +576,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - < 2.8.4 + - < 6.8.6 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -679,12 +679,13 @@ software: unaffected_versions: [] vendor_links: - https://security.googleblog.com/2021/12/apache-log4j-vulnerability.html - notes: Chrome Browser releases, infrastructure and admin console are not using versions of Log4j affected by the vulnerability. + notes: Chrome Browser releases, infrastructure and admin console are not using + versions of Log4j affected by the vulnerability. references: - '' last_updated: '2022-01-14' - vendor: Google Cloud - product: AI Platform Data Labeling + product: Access Transparency cves: cve-2021-4104: investigated: false @@ -714,7 +715,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: AI Platform Neural Architecture Search (NAS) + product: Actifio cves: cve-2021-4104: investigated: false @@ -738,13 +739,15 @@ software: unaffected_versions: [] vendor_links: - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + notes: Actifio has identified limited exposure to the Log4j 2 vulnerability and + has released a hotfix to address this vulnerability. Visit [https://now.actifio.com](https://now.actifio.com) + for the full statement and to obtain the hotfix (available to Actifio customers + only). references: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: AI Platform Training and Prediction + product: AI Platform Data Labeling cves: cve-2021-4104: investigated: false @@ -774,7 +777,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Access Transparency + product: AI Platform Neural Architecture Search (NAS) cves: cve-2021-4104: investigated: false @@ -804,7 +807,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Actifio + product: AI Platform Training and Prediction cves: cve-2021-4104: investigated: false @@ -828,10 +831,8 @@ software: unaffected_versions: [] vendor_links: - https://cloud.google.com/log4j2-security-advisory - notes: Actifio has identified limited exposure to the Log4j 2 vulnerability and - has released a hotfix to address this vulnerability. Visit [https://now.actifio.com](https://now.actifio.com) - for the full statement and to obtain the hotfix (available to Actifio customers - only). + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' last_updated: '2021-12-21T00:00:00' @@ -989,7 +990,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Anthos Premium Software + product: Anthos on VMWare cves: cve-2021-4104: investigated: false @@ -1014,12 +1015,16 @@ software: vendor_links: - https://cloud.google.com/log4j2-security-advisory notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + in CVE-2021-44228 and CVE-2021-45046. We strongly encourage customers to check + VMware recommendations documented in VMSA-2021-0028 and deploy fixes or workarounds + to their VMware products as they become available. We also recommend customers + review their respective applications and workloads affected by the same vulnerabilities + and apply appropriate patches. references: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Anthos Service Mesh + product: Anthos Premium Software cves: cve-2021-4104: investigated: false @@ -1049,7 +1054,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Anthos on VMWare + product: Anthos Service Mesh cves: cve-2021-4104: investigated: false @@ -1074,11 +1079,7 @@ software: vendor_links: - https://cloud.google.com/log4j2-security-advisory notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. We strongly encourage customers to check - VMware recommendations documented in VMSA-2021-0028 and deploy fixes or workarounds - to their VMware products as they become available. We also recommend customers - review their respective applications and workloads affected by the same vulnerabilities - and apply appropriate patches. + in CVE-2021-44228 and CVE-2021-45046. references: - '' last_updated: '2021-12-21T00:00:00' @@ -1793,7 +1794,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Cloud DNS + product: Cloud Data Loss Prevention cves: cve-2021-4104: investigated: false @@ -1821,9 +1822,9 @@ software: in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-20T00:00:00' + last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Cloud Data Loss Prevention + product: Cloud Debugger cves: cve-2021-4104: investigated: false @@ -1853,7 +1854,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Cloud Debugger + product: Cloud Deployment Manager cves: cve-2021-4104: investigated: false @@ -1883,7 +1884,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Cloud Deployment Manager + product: Cloud DNS cves: cve-2021-4104: investigated: false @@ -1911,7 +1912,7 @@ software: in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-21T00:00:00' + last_updated: '2021-12-20T00:00:00' - vendor: Google Cloud product: Cloud Endpoints cves: @@ -2036,7 +2037,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Cloud Intrusion Detection System (IDS) + product: Cloud Interconnect cves: cve-2021-4104: investigated: false @@ -2066,7 +2067,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Cloud Interconnect + product: Cloud Intrusion Detection System (IDS) cves: cve-2021-4104: investigated: false @@ -2186,7 +2187,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Cloud Network Address Translation (NAT) + product: Cloud Natural Language API cves: cve-2021-4104: investigated: false @@ -2214,9 +2215,9 @@ software: in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-20T00:00:00' + last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Cloud Natural Language API + product: Cloud Network Address Translation (NAT) cves: cve-2021-4104: investigated: false @@ -2244,7 +2245,7 @@ software: in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-21T00:00:00' + last_updated: '2021-12-20T00:00:00' - vendor: Google Cloud product: Cloud Profiler cves: @@ -2372,7 +2373,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Cloud SDK + product: Cloud Scheduler cves: cve-2021-4104: investigated: false @@ -2402,7 +2403,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Cloud SQL + product: Cloud SDK cves: cve-2021-4104: investigated: false @@ -2430,9 +2431,9 @@ software: in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-19T00:00:00' + last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Cloud Scheduler + product: Cloud Shell cves: cve-2021-4104: investigated: false @@ -2457,12 +2458,15 @@ software: vendor_links: - https://cloud.google.com/log4j2-security-advisory notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate + logging solution that uses Log4j 2. We strongly encourage customers who manage + Cloud Shell environments to identify components dependent on Log4j 2 and update + them to the latest version. references: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Cloud Shell + product: Cloud Source Repositories cves: cve-2021-4104: investigated: false @@ -2487,15 +2491,12 @@ software: vendor_links: - https://cloud.google.com/log4j2-security-advisory notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate - logging solution that uses Log4j 2. We strongly encourage customers who manage - Cloud Shell environments to identify components dependent on Log4j 2 and update - them to the latest version. + in CVE-2021-44228 and CVE-2021-45046. references: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Cloud Source Repositories + product: Cloud Spanner cves: cve-2021-4104: investigated: false @@ -2523,9 +2524,9 @@ software: in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-21T00:00:00' + last_updated: '2021-12-19T00:00:00' - vendor: Google Cloud - product: Cloud Spanner + product: Cloud SQL cves: cve-2021-4104: investigated: false @@ -2705,7 +2706,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Cloud VPN + product: Cloud Vision cves: cve-2021-4104: investigated: false @@ -2733,9 +2734,9 @@ software: in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-20T00:00:00' + last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Cloud Vision + product: Cloud Vision OCR On-Prem cves: cve-2021-4104: investigated: false @@ -2765,7 +2766,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Cloud Vision OCR On-Prem + product: Cloud VPN cves: cve-2021-4104: investigated: false @@ -2793,7 +2794,7 @@ software: in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-21T00:00:00' + last_updated: '2021-12-20T00:00:00' - vendor: Google Cloud product: CompilerWorks cves: @@ -4656,7 +4657,7 @@ software: notes: Gradle Scala Compiler Plugin depends upon log4j-core but it is not used. references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Gradle product: Gradle Enterprise cves: @@ -4686,7 +4687,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Gradle product: Gradle Enterprise Build Cache Node cves: @@ -4716,7 +4717,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Gradle product: Gradle Enterprise Test Distribution Agent cves: @@ -4746,7 +4747,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Grafana product: '' cves: @@ -4775,7 +4776,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Grandstream product: '' cves: @@ -4804,7 +4805,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Gravitee product: Access Management cves: @@ -4834,7 +4835,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Gravitee product: Access Management cves: @@ -4864,9 +4865,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Gravitee - product: API Management + product: Alert Engine cves: cve-2021-4104: investigated: false @@ -4878,7 +4879,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 3.10.x + - 1.5.x cve-2021-45046: investigated: false affected_versions: [] @@ -4894,9 +4895,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Gravitee - product: API Management + product: Alert Engine cves: cve-2021-4104: investigated: false @@ -4908,7 +4909,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 3.5.x + - 1.4.x cve-2021-45046: investigated: false affected_versions: [] @@ -4924,9 +4925,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Gravitee - product: Alert Engine + product: API Management cves: cve-2021-4104: investigated: false @@ -4938,7 +4939,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 1.5.x + - 3.10.x cve-2021-45046: investigated: false affected_versions: [] @@ -4954,9 +4955,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Gravitee - product: Alert Engine + product: API Management cves: cve-2021-4104: investigated: false @@ -4968,7 +4969,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 1.4.x + - 3.5.x cve-2021-45046: investigated: false affected_versions: [] @@ -4984,7 +4985,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Gravitee product: Cockpit cves: @@ -5014,7 +5015,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Gravitee.io product: '' cves: @@ -5043,7 +5044,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Gravwell product: '' cves: @@ -5072,7 +5073,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Graylog product: Graylog Server cves: @@ -5102,7 +5103,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: GreenShot product: '' cves: @@ -5131,7 +5132,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: GSA product: Cloud.gov cves: @@ -5189,5 +5190,5 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' ... diff --git a/data/cisagov_H.yml b/data/cisagov_H.yml index 6456aa3..b9d31cf 100644 --- a/data/cisagov_H.yml +++ b/data/cisagov_H.yml @@ -32,7 +32,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: HarmanPro AMX product: '' cves: @@ -61,7 +61,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: HashiCorp product: Boundary cves: @@ -90,7 +90,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: HashiCorp product: Consul cves: @@ -119,7 +119,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: HashiCorp product: Consul Enterprise cves: @@ -148,7 +148,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: HashiCorp product: Nomad cves: @@ -177,7 +177,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: HashiCorp product: Nomad Enterprise cves: @@ -206,7 +206,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: HashiCorp product: Packer cves: @@ -235,7 +235,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: HashiCorp product: Terraform cves: @@ -264,7 +264,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: HashiCorp product: Terraform Enterprise cves: @@ -293,7 +293,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: HashiCorp product: Vagrant cves: @@ -322,7 +322,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: HashiCorp product: Vault cves: @@ -351,7 +351,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: HashiCorp product: Vault Enterprise cves: @@ -380,7 +380,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: HashiCorp product: Waypoint cves: @@ -409,7 +409,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: HCL Software product: BigFix Compliance cves: @@ -423,7 +423,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -453,7 +453,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -483,7 +483,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -512,7 +512,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '< 10.0.7' + - < 10.0.7 unaffected_versions: [] cve-2021-45046: investigated: false @@ -543,7 +543,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -573,7 +573,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -603,7 +603,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -648,7 +648,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: HENIX product: Squash TM cves: @@ -661,9 +661,9 @@ software: investigated: true affected_versions: [] fixed_versions: - - '1.21.7-1.22.9' - - '2.0.3-2.1.5' - - '2.2.0-3.0.2' + - 1.21.7-1.22.9 + - 2.0.3-2.1.5 + - 2.2.0-3.0.2 unaffected_versions: [] cve-2021-45046: investigated: false @@ -709,7 +709,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Hikvision product: '' cves: @@ -738,7 +738,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Hitachi Energy product: 3rd party - Elastic Search, Kibana cves: @@ -751,7 +751,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'Elasticsearch 5.0.0+' + - Elasticsearch 5.0.0+ unaffected_versions: [] cve-2021-45046: investigated: false @@ -770,6 +770,40 @@ software: references: - '' last_updated: '2022-01-05T00:00:00' + - vendor: Hitachi Energy + product: 3rd party - Oracle Database Components + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '12.1' + - '12.2' + - 19c + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch + notes: As this is a third-party component, a separate patch management report + will be provided to customers with the steps to apply the Oracle provided patches + for these components. + references: + - '' + last_updated: '2022-01-05T00:00:00' - vendor: Hitachi Energy product: Axis cves: @@ -813,7 +847,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'v6' + - v6 unaffected_versions: [] cve-2021-45046: investigated: false @@ -891,7 +925,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Hitachi Energy product: FOXMAN-UN cves: @@ -904,10 +938,10 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'R15A' - - 'R14B' - - 'R14A' - - 'R11B SP1' + - R15A + - R14B + - R14A + - R11B SP1 unaffected_versions: [] cve-2021-45046: investigated: false @@ -940,7 +974,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'R11A and R10 series' + - R11A and R10 series unaffected_versions: [] cve-2021-45046: investigated: false @@ -960,7 +994,7 @@ software: - '' last_updated: '2022-01-05T00:00:00' - vendor: Hitachi Energy - product: Lumada APM SaaS offering + product: Lumada APM On-premises cves: cve-2021-4104: investigated: false @@ -984,13 +1018,12 @@ software: unaffected_versions: [] vendor_links: - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch - notes: No action is required by customers. The SaaS offering has been patched - per the recommendations. + notes: See vendor advisory for instructions for various versions. references: - '' last_updated: '2022-01-05T00:00:00' - vendor: Hitachi Energy - product: Lumada APM On-premises + product: Lumada APM SaaS offering cves: cve-2021-4104: investigated: false @@ -1014,7 +1047,8 @@ software: unaffected_versions: [] vendor_links: - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch - notes: See vendor advisory for instructions for various versions. + notes: No action is required by customers. The SaaS offering has been patched + per the recommendations. references: - '' last_updated: '2022-01-05T00:00:00' @@ -1030,9 +1064,9 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'v1.7.x' - - 'v1.8.x' - - 'v1.9.x' + - v1.7.x + - v1.8.x + - v1.9.x unaffected_versions: [] cve-2021-45046: investigated: false @@ -1079,38 +1113,6 @@ software: references: - '' last_updated: '2022-01-05T00:00:00' - - vendor: Hitachi Energy - product: Network Manager Outage Management Interface (CMI) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - '9.0-9.10.44' - - '9.1.1' - - '10.3.4' - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch - notes: See vendor advisory for instructions on mitigation steps. - references: - - '' - last_updated: '2022-01-05T00:00:00' - vendor: Hitachi Energy product: Network Manager ADMS Network Model Server cves: @@ -1123,7 +1125,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '9.1.0.32-9.1.0.44' + - 9.1.0.32-9.1.0.44 unaffected_versions: [] cve-2021-45046: investigated: false @@ -1142,7 +1144,7 @@ software: - '' last_updated: '2022-01-05T00:00:00' - vendor: Hitachi Energy - product: 3rd party - Oracle Database Components + product: Network Manager Outage Management Interface (CMI) cves: cve-2021-4104: investigated: false @@ -1153,9 +1155,9 @@ software: investigated: true affected_versions: [] fixed_versions: - - '12.1' - - '12.2' - - '19c' + - 9.0-9.10.44 + - 9.1.1 + - 10.3.4 unaffected_versions: [] cve-2021-45046: investigated: false @@ -1169,9 +1171,7 @@ software: unaffected_versions: [] vendor_links: - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch - notes: As this is a third-party component, a separate patch management report - will be provided to customers with the steps to apply the Oracle provided patches - for these components. + notes: See vendor advisory for instructions on mitigation steps. references: - '' last_updated: '2022-01-05T00:00:00' @@ -1187,8 +1187,8 @@ software: investigated: true affected_versions: [] fixed_versions: - - '3.7.15' - - '3.7.16' + - 3.7.15 + - 3.7.16 unaffected_versions: [] cve-2021-45046: investigated: false @@ -1218,7 +1218,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '2.0.0' + - 2.0.0 unaffected_versions: [] cve-2021-45046: investigated: false @@ -1249,10 +1249,10 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'R15A' - - 'R14B' - - 'R14A' - - 'R11B SP1' + - R15A + - R14B + - R14A + - R11B SP1 unaffected_versions: [] cve-2021-45046: investigated: false @@ -1285,7 +1285,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'R11A and R10 series' + - R11A and R10 series unaffected_versions: [] cve-2021-45046: investigated: false @@ -1332,9 +1332,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: HMS Industrial Networks AB - product: Talk2M including M2Web + product: Cosy, Flexy and Ewon CD cves: cve-2021-4104: investigated: false @@ -1363,7 +1363,7 @@ software: - '' last_updated: '2022-01-05T00:00:00' - vendor: HMS Industrial Networks AB - product: Cosy, Flexy and Ewon CD + product: eCatcher Mobile applications cves: cve-2021-4104: investigated: false @@ -1421,7 +1421,7 @@ software: - '' last_updated: '2022-01-05T00:00:00' - vendor: HMS Industrial Networks AB - product: eCatcher Mobile applications + product: Netbiter Hardware including EC, WS, and LC cves: cve-2021-4104: investigated: false @@ -1450,7 +1450,7 @@ software: - '' last_updated: '2022-01-05T00:00:00' - vendor: HMS Industrial Networks AB - product: Netbiter Hardware including EC, WS, and LC + product: Talk2M including M2Web cves: cve-2021-4104: investigated: false @@ -1478,8 +1478,8 @@ software: references: - '' last_updated: '2022-01-05T00:00:00' - - vendor: Honeywell - product: '' + - vendor: HOLOGIC + product: Advanced Workflow Manager (AWM) cves: cve-2021-4104: investigated: false @@ -1502,13 +1502,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.honeywell.com/us/en/press/2021/12/honeywells-statement-on-java-apache-log4j-logging-framework-vulnerability - notes: '' + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: While the Hologic software itself does not utilize Java/Log4J, the installed + APC PowerChute UPS with Business Edition v9.5 software installed may. APC is + still assessing its PowerChute software to determine if it is vulnerable. references: - '' - last_updated: '2022-01-12T07:18:53+00:00' - - vendor: HP - product: Teradici Cloud Access Controller + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: Affirm Prone Biopsy System cves: cve-2021-4104: investigated: false @@ -1516,10 +1518,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - '< v113' + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -1532,13 +1533,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hp.com/us-en/document/ish_5268006-5268030-16 + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: HP - product: Teradici EMSDK + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: Brevera Breast Biopsy System cves: cve-2021-4104: investigated: false @@ -1546,10 +1547,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - '< 1.0.6' + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -1562,13 +1562,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hp.com/us-en/document/ish_5268006-5268030-16 + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: HP - product: Teradici Management Console + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: Cenova Image Analytics Server cves: cve-2021-4104: investigated: false @@ -1576,10 +1576,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - '< 21.10.3' + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -1592,13 +1591,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hp.com/us-en/document/ish_5268006-5268030-16 + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: HP - product: Teradici PCoIP Connection Manager + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: Dimensions / 3Dimensions Mammography System cves: cve-2021-4104: investigated: false @@ -1606,11 +1605,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - '< 21.03.6' - - '< 20.07.4' + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -1623,13 +1620,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hp.com/us-en/document/ish_5268006-5268030-16 + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: HP - product: Teradici PCoIP License Server + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: Discovery Bone Densitometer cves: cve-2021-4104: investigated: false @@ -1652,13 +1649,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hp.com/us-en/document/ish_5268006-5268030-16 + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: HPE - product: 3PAR StoreServ Arrays + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: Faxitron CT Specimen Radiography System cves: cve-2021-4104: investigated: false @@ -1681,13 +1678,16 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: While the Hologic software itself does not utilize Java/Log4J, there is + a utility program installed that may utilize Java and Log4J. This utility program + does not run on startup and is not required for system operation. Please contact + Hologic Service for assistance in removing this program. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: AirWave Management Platform + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: Faxitron Specimen Radiography Systems cves: cve-2021-4104: investigated: false @@ -1710,13 +1710,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Alletra 6000 + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: Fluoroscan Insight Mini C-Arm cves: cve-2021-4104: investigated: false @@ -1739,13 +1739,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Alletra 9k + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: Horizon DXA Bone Densitometer cves: cve-2021-4104: investigated: false @@ -1768,13 +1768,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Aruba Central + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: Rosetta DC Tomosynthesis Data Converter cves: cve-2021-4104: investigated: false @@ -1797,13 +1797,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Aruba ClearPass Policy Manager + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: SecurView DX Workstation cves: cve-2021-4104: investigated: false @@ -1826,13 +1826,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Aruba ClearPass Policy Manager + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: SecurXChange Router cves: cve-2021-4104: investigated: false @@ -1855,13 +1855,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Aruba Instant (IAP) + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: SuperSonic Imagine Ultrasound Products (Aixplorer & Aixplorer Mach) cves: cve-2021-4104: investigated: false @@ -1884,13 +1884,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Aruba Location Services + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: Trident HD Specimen Radiography System cves: cve-2021-4104: investigated: false @@ -1913,13 +1913,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Aruba NetEdit + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: Unifi Workspace cves: cve-2021-4104: investigated: false @@ -1942,13 +1942,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: While the Hologic software itself does not utilize Java/Log4J, the installed + APC PowerChute UPS with Business Edition v9.5 software installed may. APC is + still assessing its PowerChute software to determine if it is vulnerable. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Aruba PVOS Switches + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: Windows Selenia Mammography System cves: cve-2021-4104: investigated: false @@ -1971,13 +1973,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Aruba SDN VAN Controller + last_updated: '2021-12-20T00:00:00' + - vendor: Honeywell + product: '' cves: cve-2021-4104: investigated: false @@ -2000,13 +2002,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.honeywell.com/us/en/press/2021/12/honeywells-statement-on-java-apache-log4j-logging-framework-vulnerability + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Aruba User Experience Insight (UXI) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: HP + product: Teradici Cloud Access Controller cves: cve-2021-4104: investigated: false @@ -2014,9 +2016,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - < v113 unaffected_versions: [] cve-2021-45046: investigated: false @@ -2029,13 +2032,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://support.hp.com/us-en/document/ish_5268006-5268030-16 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Aruba VIA Client + last_updated: '2021-12-17T00:00:00' + - vendor: HP + product: Teradici EMSDK cves: cve-2021-4104: investigated: false @@ -2043,9 +2046,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - < 1.0.6 unaffected_versions: [] cve-2021-45046: investigated: false @@ -2058,13 +2062,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://support.hp.com/us-en/document/ish_5268006-5268030-16 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: ArubaOS-CX switches + last_updated: '2021-12-17T00:00:00' + - vendor: HP + product: Teradici Management Console cves: cve-2021-4104: investigated: false @@ -2072,9 +2076,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - < 21.10.3 unaffected_versions: [] cve-2021-45046: investigated: false @@ -2087,13 +2092,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://support.hp.com/us-en/document/ish_5268006-5268030-16 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: ArubaOS-S switches + last_updated: '2021-12-17T00:00:00' + - vendor: HP + product: Teradici PCoIP Connection Manager cves: cve-2021-4104: investigated: false @@ -2101,9 +2106,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - < 21.03.6 + - < 20.07.4 unaffected_versions: [] cve-2021-45046: investigated: false @@ -2116,13 +2123,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://support.hp.com/us-en/document/ish_5268006-5268030-16 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: ArubaOS SD-WAN Controllers and Gateways + last_updated: '2021-12-17T00:00:00' + - vendor: HP + product: Teradici PCoIP License Server cves: cve-2021-4104: investigated: false @@ -2145,13 +2152,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://support.hp.com/us-en/document/ish_5268006-5268030-16 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' + last_updated: '2021-12-17T00:00:00' - vendor: HPE - product: ArubaOS Wi-Fi Controllers and Gateways + product: 3PAR StoreServ Arrays cves: cve-2021-4104: investigated: false @@ -2180,7 +2187,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: BladeSystem Onboard Administrator + product: AirWave Management Platform cves: cve-2021-4104: investigated: false @@ -2209,7 +2216,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Brocade 16Gb Fibre Channel SAN Switch for HPE Synergy + product: Alletra 6000 cves: cve-2021-4104: investigated: false @@ -2238,7 +2245,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Brocade 16Gb SAN Switch for HPE BladeSystem c-Class + product: Alletra 9k cves: cve-2021-4104: investigated: false @@ -2267,7 +2274,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Brocade 32Gb Fibre Channel SAN Switch for HPE Synergy + product: Aruba Central cves: cve-2021-4104: investigated: false @@ -2296,7 +2303,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Brocade Network Advisor + product: Aruba ClearPass Policy Manager cves: cve-2021-4104: investigated: false @@ -2325,7 +2332,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: CloudAuth + product: Aruba ClearPass Policy Manager cves: cve-2021-4104: investigated: false @@ -2354,7 +2361,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: CloudPhysics + product: Aruba Instant (IAP) cves: cve-2021-4104: investigated: false @@ -2383,7 +2390,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Compute Cloud Console + product: Aruba Location Services cves: cve-2021-4104: investigated: false @@ -2412,7 +2419,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Compute operations manager- FW UPDATE SERVICE + product: Aruba NetEdit cves: cve-2021-4104: investigated: false @@ -2441,7 +2448,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: COS (Cray Operating System) + product: Aruba PVOS Switches cves: cve-2021-4104: investigated: false @@ -2470,7 +2477,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Cray Systems Management (CSM) + product: Aruba SDN VAN Controller cves: cve-2021-4104: investigated: false @@ -2499,7 +2506,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Custom SPP Portal [Link](https://spp.hpe.com/custom) + product: Aruba User Experience Insight (UXI) cves: cve-2021-4104: investigated: false @@ -2528,7 +2535,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Data Services Cloud Console + product: Aruba VIA Client cves: cve-2021-4104: investigated: false @@ -2557,7 +2564,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Harmony Data Platform + product: ArubaOS SD-WAN Controllers and Gateways cves: cve-2021-4104: investigated: false @@ -2586,7 +2593,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HOP public services (grafana, vault, rancher, Jenkins) + product: ArubaOS Wi-Fi Controllers and Gateways cves: cve-2021-4104: investigated: false @@ -2615,7 +2622,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE B-series SN2600B SAN Extension Switch + product: ArubaOS-CX switches cves: cve-2021-4104: investigated: false @@ -2644,7 +2651,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE B-series SN4000B SAN Extension Switch + product: ArubaOS-S switches cves: cve-2021-4104: investigated: false @@ -2673,7 +2680,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE B-series SN6000B Fibre Channel Switch + product: BladeSystem Onboard Administrator cves: cve-2021-4104: investigated: false @@ -2702,7 +2709,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE B-series SN6500B Fibre Channel Switch + product: Brocade 16Gb Fibre Channel SAN Switch for HPE Synergy cves: cve-2021-4104: investigated: false @@ -2731,7 +2738,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE B-series SN6600B Fibre Channel Switch + product: Brocade 16Gb SAN Switch for HPE BladeSystem c-Class cves: cve-2021-4104: investigated: false @@ -2760,7 +2767,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE B-series SN6650B Fibre Channel Switch + product: Brocade 32Gb Fibre Channel SAN Switch for HPE Synergy cves: cve-2021-4104: investigated: false @@ -2789,7 +2796,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE B-series SN6700B Fibre Channel Switch + product: Brocade Network Advisor cves: cve-2021-4104: investigated: false @@ -2818,7 +2825,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE Customer Experience Assurance (CEA) + product: CloudAuth cves: cve-2021-4104: investigated: false @@ -2845,9 +2852,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-14T00:00:00' + last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE Hardware Support Manager plug-in for VMware vSphere Lifecycle Manager + product: CloudPhysics cves: cve-2021-4104: investigated: false @@ -2876,7 +2883,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE Home Location Register (HLR/I-HLR) + product: Compute Cloud Console cves: cve-2021-4104: investigated: false @@ -2903,9 +2910,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-14T00:00:00' + last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE Infosight for Servers + product: Compute operations manager- FW UPDATE SERVICE cves: cve-2021-4104: investigated: false @@ -2934,7 +2941,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE Integrated Home Subscriber Server (I-HSS) + product: COS (Cray Operating System) cves: cve-2021-4104: investigated: false @@ -2961,9 +2968,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-14T00:00:00' + last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE Intelligent Messaging (IM) + product: Cray Systems Management (CSM) cves: cve-2021-4104: investigated: false @@ -2990,9 +2997,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-14T00:00:00' + last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE Intelligent Network Server (INS) + product: Custom SPP Portal [Link](https://spp.hpe.com/custom) cves: cve-2021-4104: investigated: false @@ -3019,9 +3026,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-14T00:00:00' + last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE Multimedia Services Environment (MSE) + product: Data Services Cloud Console cves: cve-2021-4104: investigated: false @@ -3048,9 +3055,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-14T00:00:00' + last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE OC Convergent Communications Platform (OCCP) + product: Harmony Data Platform cves: cve-2021-4104: investigated: false @@ -3077,9 +3084,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-14T00:00:00' + last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE OC Media Platform Media Resource Function (OCMP-MRF) + product: HOP public services (grafana, vault, rancher, Jenkins) cves: cve-2021-4104: investigated: false @@ -3106,9 +3113,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-14T00:00:00' + last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE OC Service Access Controller (OC SAC) + product: HPE B-series SN2600B SAN Extension Switch cves: cve-2021-4104: investigated: false @@ -3135,9 +3142,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-14T00:00:00' + last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE OC Service Controller (OCSC) + product: HPE B-series SN4000B SAN Extension Switch cves: cve-2021-4104: investigated: false @@ -3164,9 +3171,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-14T00:00:00' + last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE OC Universal Signaling Platform (OC-USP-M) + product: HPE B-series SN6000B Fibre Channel Switch cves: cve-2021-4104: investigated: false @@ -3193,9 +3200,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-14T00:00:00' + last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE OneView + product: HPE B-series SN6500B Fibre Channel Switch cves: cve-2021-4104: investigated: false @@ -3224,7 +3231,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE OneView for VMware vRealize Operations (vROps) + product: HPE B-series SN6600B Fibre Channel Switch cves: cve-2021-4104: investigated: false @@ -3253,7 +3260,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE OneView Global Dashboard + product: HPE B-series SN6650B Fibre Channel Switch cves: cve-2021-4104: investigated: false @@ -3282,7 +3289,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE Performance Cluster Manager (HPCM) + product: HPE B-series SN6700B Fibre Channel Switch cves: cve-2021-4104: investigated: false @@ -3309,9 +3316,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-14T00:00:00' + last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE Performance Manager (PM) + product: HPE Customer Experience Assurance (CEA) cves: cve-2021-4104: investigated: false @@ -3340,7 +3347,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: HPE Position Determination Entity (PDE) + product: HPE Hardware Support Manager plug-in for VMware vSphere Lifecycle Manager cves: cve-2021-4104: investigated: false @@ -3367,9 +3374,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-14T00:00:00' + last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE Secure Identity Broker (SIB) + product: HPE Home Location Register (HLR/I-HLR) cves: cve-2021-4104: investigated: false @@ -3398,7 +3405,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: HPE Service Activator (SA) + product: HPE Infosight for Servers cves: cve-2021-4104: investigated: false @@ -3425,9 +3432,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-14T00:00:00' + last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE Service Governance Framework (SGF) + product: HPE Integrated Home Subscriber Server (I-HSS) cves: cve-2021-4104: investigated: false @@ -3456,7 +3463,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: HPE Service Orchestration Manager (SOM) + product: HPE Intelligent Messaging (IM) cves: cve-2021-4104: investigated: false @@ -3485,7 +3492,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: HPE Service Provisioner (SP) + product: HPE Intelligent Network Server (INS) cves: cve-2021-4104: investigated: false @@ -3514,7 +3521,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: HPE Short Message Point-to-Point Gateway (SMPP) + product: HPE Multimedia Services Environment (MSE) cves: cve-2021-4104: investigated: false @@ -3543,7 +3550,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: HPE Slingshot + product: HPE OC Convergent Communications Platform (OCCP) cves: cve-2021-4104: investigated: false @@ -3570,9 +3577,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-12T00:00:00' + last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: HPE Smart Interaction Server (SIS) + product: HPE OC Media Platform Media Resource Function (OCMP-MRF) cves: cve-2021-4104: investigated: false @@ -3601,7 +3608,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: HPE SN3000B Fibre Channel Switch + product: HPE OC Service Access Controller (OC SAC) cves: cve-2021-4104: investigated: false @@ -3628,9 +3635,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-12T00:00:00' + last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: HPE SN8000B 4-Slot SAN Director Switch + product: HPE OC Service Controller (OCSC) cves: cve-2021-4104: investigated: false @@ -3657,9 +3664,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-12T00:00:00' + last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: HPE SN8000B 8-Slot SAN Backbone Director Switch + product: HPE OC Universal Signaling Platform (OC-USP-M) cves: cve-2021-4104: investigated: false @@ -3686,9 +3693,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-12T00:00:00' + last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: HPE SN8600B 4-Slot SAN Director Switch + product: HPE OneView cves: cve-2021-4104: investigated: false @@ -3717,7 +3724,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE SN8600B 8-Slot SAN Director Switch + product: HPE OneView for VMware vRealize Operations (vROps) cves: cve-2021-4104: investigated: false @@ -3746,7 +3753,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE SN8700B 4-Slot Director Switch + product: HPE OneView Global Dashboard cves: cve-2021-4104: investigated: false @@ -3775,7 +3782,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE SN8700B 8-Slot Director Switch + product: HPE Performance Cluster Manager (HPCM) cves: cve-2021-4104: investigated: false @@ -3802,9 +3809,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-12T00:00:00' + last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: HPE Subscriber, Network, and Application Policy (SNAP) + product: HPE Performance Manager (PM) cves: cve-2021-4104: investigated: false @@ -3833,7 +3840,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: HPE Subscription Manager (SM) + product: HPE Position Determination Entity (PDE) cves: cve-2021-4104: investigated: false @@ -3862,7 +3869,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: HPE Synergy Image Streamer + product: HPE Secure Identity Broker (SIB) cves: cve-2021-4104: investigated: false @@ -3889,9 +3896,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-12T00:00:00' + last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: HPE Systems Insight Manager (SIM) + product: HPE Service Activator (SA) cves: cve-2021-4104: investigated: false @@ -3918,9 +3925,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-12T00:00:00' + last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: HPE Telecom Application Server (TAS) + product: HPE Service Governance Framework (SGF) cves: cve-2021-4104: investigated: false @@ -3949,7 +3956,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: HPE Unified Correlation and Automation (UCA) + product: HPE Service Orchestration Manager (SOM) cves: cve-2021-4104: investigated: false @@ -3978,7 +3985,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: HPE Unified Mediation Bus (UMB) + product: HPE Service Provisioner (SP) cves: cve-2021-4104: investigated: false @@ -4007,7 +4014,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: HPE Unified OSS Console (UOC) + product: HPE Short Message Point-to-Point Gateway (SMPP) cves: cve-2021-4104: investigated: false @@ -4036,7 +4043,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: HPE Unified Topology Manager (UTM) + product: HPE Slingshot cves: cve-2021-4104: investigated: false @@ -4063,9 +4070,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-14T00:00:00' + last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE Universal Identity Repository (VIR) + product: HPE Smart Interaction Server (SIS) cves: cve-2021-4104: investigated: false @@ -4094,7 +4101,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: HPE Universal SLA Manager (uSLAM) + product: HPE SN3000B Fibre Channel Switch cves: cve-2021-4104: investigated: false @@ -4121,9 +4128,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-14T00:00:00' + last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE Virtual Connect + product: HPE SN8000B 4-Slot SAN Director Switch cves: cve-2021-4104: investigated: false @@ -4152,7 +4159,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE Virtual Connect Enterprise Manager (VCEM) + product: HPE SN8000B 8-Slot SAN Backbone Director Switch cves: cve-2021-4104: investigated: false @@ -4181,7 +4188,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE Virtual Provisioning Gateway (vPGW) + product: HPE SN8600B 4-Slot SAN Director Switch cves: cve-2021-4104: investigated: false @@ -4208,9 +4215,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-14T00:00:00' + last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE Virtual Server Environment (VSE) + product: HPE SN8600B 8-Slot SAN Director Switch cves: cve-2021-4104: investigated: false @@ -4239,7 +4246,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE Virtual Subscriber Data Management (vSDM) + product: HPE SN8700B 4-Slot Director Switch cves: cve-2021-4104: investigated: false @@ -4266,9 +4273,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-14T00:00:00' + last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE WebRTC Gateway Controller (WGW) + product: HPE SN8700B 8-Slot Director Switch cves: cve-2021-4104: investigated: false @@ -4295,9 +4302,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-14T00:00:00' + last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE Wi-Fi Authentication Gateway (WauG) + product: HPE Subscriber, Network, and Application Policy (SNAP) cves: cve-2021-4104: investigated: false @@ -4324,9 +4331,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-12T00:00:00' + last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: Insight Cluster Management Utility (CMU) + product: HPE Subscription Manager (SM) cves: cve-2021-4104: investigated: false @@ -4353,9 +4360,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-12T00:00:00' + last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: Integrated Lights-Out (iLO) Amplifier Pack + product: HPE Synergy Image Streamer cves: cve-2021-4104: investigated: false @@ -4384,7 +4391,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Integrated Lights-Out 4 (iLO 4) + product: HPE Systems Insight Manager (SIM) cves: cve-2021-4104: investigated: false @@ -4392,11 +4399,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '4' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -4414,7 +4420,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Integrated Lights-Out 5 (iLO 5) + product: HPE Telecom Application Server (TAS) cves: cve-2021-4104: investigated: false @@ -4422,11 +4428,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '5' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -4442,9 +4447,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-12T00:00:00' + last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: Integrity BL860c, BL870c, BL890c + product: HPE Unified Correlation and Automation (UCA) cves: cve-2021-4104: investigated: false @@ -4471,9 +4476,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-12T00:00:00' + last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: Integrity Rx2800/Rx2900 + product: HPE Unified Mediation Bus (UMB) cves: cve-2021-4104: investigated: false @@ -4500,9 +4505,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-12T00:00:00' + last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: Integrity Superdome 2 + product: HPE Unified OSS Console (UOC) cves: cve-2021-4104: investigated: false @@ -4529,9 +4534,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-12T00:00:00' + last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: Integrity Superdome X + product: HPE Unified Topology Manager (UTM) cves: cve-2021-4104: investigated: false @@ -4558,9 +4563,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-12T00:00:00' + last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: Intelligent Provisioning + product: HPE Universal Identity Repository (VIR) cves: cve-2021-4104: investigated: false @@ -4587,9 +4592,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-12T00:00:00' + last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: iSUT integrated smart update tool + product: HPE Universal SLA Manager (uSLAM) cves: cve-2021-4104: investigated: false @@ -4616,9 +4621,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-12T00:00:00' + last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: Maven Artifacts (Atlas) + product: HPE Virtual Connect cves: cve-2021-4104: investigated: false @@ -4647,7 +4652,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: MSA + product: HPE Virtual Connect Enterprise Manager (VCEM) cves: cve-2021-4104: investigated: false @@ -4676,7 +4681,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: NetEdit + product: HPE Virtual Provisioning Gateway (vPGW) cves: cve-2021-4104: investigated: false @@ -4703,9 +4708,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-12T00:00:00' + last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: Nimble Storage + product: HPE Virtual Server Environment (VSE) cves: cve-2021-4104: investigated: false @@ -4734,7 +4739,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: NS-T0634-OSM CONSOLE TOOLS + product: HPE Virtual Subscriber Data Management (vSDM) cves: cve-2021-4104: investigated: false @@ -4761,9 +4766,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-12T00:00:00' + last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: NS-T0977-SCHEMA VALIDATOR + product: HPE WebRTC Gateway Controller (WGW) cves: cve-2021-4104: investigated: false @@ -4790,9 +4795,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-12T00:00:00' + last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: OfficeConnect + product: HPE Wi-Fi Authentication Gateway (WauG) cves: cve-2021-4104: investigated: false @@ -4821,7 +4826,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Primera Storage + product: Insight Cluster Management Utility (CMU) cves: cve-2021-4104: investigated: false @@ -4850,7 +4855,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: RepoServer part of OPA (on Premises aggregator) + product: Integrated Lights-Out (iLO) Amplifier Pack cves: cve-2021-4104: investigated: false @@ -4879,7 +4884,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Resource Aggregator for Open Distributed Infrastructure Management + product: Integrated Lights-Out 4 (iLO 4) cves: cve-2021-4104: investigated: false @@ -4887,10 +4892,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '4' cve-2021-45046: investigated: false affected_versions: [] @@ -4908,7 +4914,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: RESTful Interface Tool (iLOREST) + product: Integrated Lights-Out 5 (iLO 5) cves: cve-2021-4104: investigated: false @@ -4916,10 +4922,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '5' cve-2021-45046: investigated: false affected_versions: [] @@ -4937,7 +4944,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: SAT (System Admin Toolkit) + product: Integrity BL860c, BL870c, BL890c cves: cve-2021-4104: investigated: false @@ -4966,7 +4973,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Scripting Tools for Windows PowerShell (HPEiLOCmdlets) + product: Integrity Rx2800/Rx2900 cves: cve-2021-4104: investigated: false @@ -4995,7 +5002,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: SGI MC990 X Server + product: Integrity Superdome 2 cves: cve-2021-4104: investigated: false @@ -5024,7 +5031,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: SGI UV 2000 Server + product: Integrity Superdome X cves: cve-2021-4104: investigated: false @@ -5053,7 +5060,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: SGI UV 300, 300H, 300RL, 30EX + product: Intelligent Provisioning cves: cve-2021-4104: investigated: false @@ -5082,7 +5089,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: SGI UV 3000 Server + product: iSUT integrated smart update tool cves: cve-2021-4104: investigated: false @@ -5111,7 +5118,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: SN8700B 8-Slot Director Switch + product: Maven Artifacts (Atlas) cves: cve-2021-4104: investigated: false @@ -5140,7 +5147,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: StoreEasy + product: MSA cves: cve-2021-4104: investigated: false @@ -5169,7 +5176,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: StoreEver CVTL + product: NetEdit cves: cve-2021-4104: investigated: false @@ -5198,7 +5205,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: StoreEver LTO Tape Drives + product: Nimble Storage cves: cve-2021-4104: investigated: false @@ -5227,7 +5234,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: StoreEver MSL Tape Libraries + product: NS-T0634-OSM CONSOLE TOOLS cves: cve-2021-4104: investigated: false @@ -5256,7 +5263,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: StoreOnce + product: NS-T0977-SCHEMA VALIDATOR cves: cve-2021-4104: investigated: false @@ -5285,7 +5292,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: SUM (Smart Update Manager) + product: OfficeConnect cves: cve-2021-4104: investigated: false @@ -5314,7 +5321,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Superdome Flex 280 + product: Primera Storage cves: cve-2021-4104: investigated: false @@ -5343,7 +5350,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Superdome Flex Server + product: RepoServer part of OPA (on Premises aggregator) cves: cve-2021-4104: investigated: false @@ -5372,7 +5379,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: UAN (User Access Node) + product: Resource Aggregator for Open Distributed Infrastructure Management cves: cve-2021-4104: investigated: false @@ -5380,7 +5387,7 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -5400,8 +5407,8 @@ software: references: - '' last_updated: '2021-12-12T00:00:00' - - vendor: HPE/Micro Focus - product: Data Protector + - vendor: HPE + product: RESTful Interface Tool (iLOREST) cves: cve-2021-4104: investigated: false @@ -5409,10 +5416,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - '9.09' + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -5425,13 +5431,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://portal.microfocus.com/s/article/KM000003243 - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - - '[https://portal.microfocus.com/s/article/KM000003050](https://portal.microfocus.com/s/article/KM000003050)' - last_updated: '2021-12-17T00:00:00' - - vendor: HOLOGIC - product: Advanced Workflow Manager (AWM) + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: SAT (System Admin Toolkit) cves: cve-2021-4104: investigated: false @@ -5454,15 +5460,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity - notes: While the Hologic software itself does not utilize Java/Log4J, the installed - APC PowerChute UPS with Business Edition v9.5 software installed may. APC is - still assessing its PowerChute software to determine if it is vulnerable. + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: Unifi Workspace + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Scripting Tools for Windows PowerShell (HPEiLOCmdlets) cves: cve-2021-4104: investigated: false @@ -5485,15 +5489,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity - notes: While the Hologic software itself does not utilize Java/Log4J, the installed - APC PowerChute UPS with Business Edition v9.5 software installed may. APC is - still assessing its PowerChute software to determine if it is vulnerable. + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: Faxitron CT Specimen Radiography System + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: SGI MC990 X Server cves: cve-2021-4104: investigated: false @@ -5516,16 +5518,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity - notes: While the Hologic software itself does not utilize Java/Log4J, there is - a utility program installed that may utilize Java and Log4J. This utility program - does not run on startup and is not required for system operation. Please contact - Hologic Service for assistance in removing this program. + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: Dimensions / 3Dimensions Mammography System + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: SGI UV 2000 Server cves: cve-2021-4104: investigated: false @@ -5548,13 +5547,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: Affirm Prone Biopsy System + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: SGI UV 300, 300H, 300RL, 30EX cves: cve-2021-4104: investigated: false @@ -5577,13 +5576,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: Brevera Breast Biopsy System + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: SGI UV 3000 Server cves: cve-2021-4104: investigated: false @@ -5606,13 +5605,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: Trident HD Specimen Radiography System + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: SN8700B 8-Slot Director Switch cves: cve-2021-4104: investigated: false @@ -5635,13 +5634,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: SecurView DX Workstation + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: StoreEasy cves: cve-2021-4104: investigated: false @@ -5664,13 +5663,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: Cenova Image Analytics Server + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: StoreEver CVTL cves: cve-2021-4104: investigated: false @@ -5693,13 +5692,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: SecurXChange Router + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: StoreEver LTO Tape Drives cves: cve-2021-4104: investigated: false @@ -5722,13 +5721,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: Rosetta DC Tomosynthesis Data Converter + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: StoreEver MSL Tape Libraries cves: cve-2021-4104: investigated: false @@ -5751,13 +5750,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: Faxitron Specimen Radiography Systems + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: StoreOnce cves: cve-2021-4104: investigated: false @@ -5780,13 +5779,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: Horizon DXA Bone Densitometer + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: SUM (Smart Update Manager) cves: cve-2021-4104: investigated: false @@ -5809,13 +5808,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: Discovery Bone Densitometer + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Superdome Flex 280 cves: cve-2021-4104: investigated: false @@ -5838,13 +5837,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: Fluoroscan Insight Mini C-Arm + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Superdome Flex Server cves: cve-2021-4104: investigated: false @@ -5867,13 +5866,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: SuperSonic Imagine Ultrasound Products (Aixplorer & Aixplorer Mach) + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: UAN (User Access Node) cves: cve-2021-4104: investigated: false @@ -5896,13 +5895,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: Windows Selenia Mammography System + last_updated: '2021-12-12T00:00:00' + - vendor: HPE/Micro Focus + product: Data Protector cves: cve-2021-4104: investigated: false @@ -5910,9 +5909,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '9.09' unaffected_versions: [] cve-2021-45046: investigated: false @@ -5925,11 +5925,11 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + - https://portal.microfocus.com/s/article/KM000003243 notes: '' references: - - '' - last_updated: '2021-12-20T00:00:00' + - '[https://portal.microfocus.com/s/article/KM000003050](https://portal.microfocus.com/s/article/KM000003050)' + last_updated: '2021-12-17T00:00:00' - vendor: Huawei product: '' cves: @@ -5958,7 +5958,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Hubspot product: '' cves: @@ -5987,5 +5987,5 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' ... diff --git a/data/cisagov_I.yml b/data/cisagov_I.yml index 8c9c197..557f031 100644 --- a/data/cisagov_I.yml +++ b/data/cisagov_I.yml @@ -32,7 +32,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: I2P product: '' cves: @@ -61,7 +61,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: IBA-AG product: '' cves: @@ -90,7 +90,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Ibexa product: '' cves: @@ -119,9 +119,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: IBM - product: BigFix Compliance + product: Analytics Engine cves: cve-2021-4104: investigated: false @@ -143,13 +143,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: BigFix Inventory + product: App Configuration cves: cve-2021-4104: investigated: false @@ -157,9 +158,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - VM Manager Tool & SAP Tool + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -172,15 +172,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] - notes: To verify if your instance is affected, go to the lib subdirectory of the - tool (BESClient/LMT/SAPTOOL and BESClient/LMT/VMMAN) and check what version - of log4j is included. Version is included in the name of the library. + vendor_links: + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Analytics Engine + product: App Connect cves: cve-2021-4104: investigated: false @@ -209,7 +208,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: App Configuration + product: App ID cves: cve-2021-4104: investigated: false @@ -238,7 +237,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: App Connect + product: Application Gateway cves: cve-2021-4104: investigated: false @@ -267,7 +266,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: App ID + product: Aspera cves: cve-2021-4104: investigated: false @@ -296,7 +295,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Application Gateway + product: Aspera Endpoint cves: cve-2021-4104: investigated: false @@ -325,7 +324,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Aspera Endpoint + product: Aspera Enterprise cves: cve-2021-4104: investigated: false @@ -354,7 +353,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Aspera Enterprise + product: Aspera fasp.io cves: cve-2021-4104: investigated: false @@ -383,7 +382,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Aspera fasp.io + product: Bare Metal Servers cves: cve-2021-4104: investigated: false @@ -412,7 +411,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Aspera + product: BigFix Compliance cves: cve-2021-4104: investigated: false @@ -434,14 +433,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + vendor_links: [] notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: IBM - product: Bare Metal Servers + product: BigFix Inventory cves: cve-2021-4104: investigated: false @@ -449,8 +447,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - VM Manager Tool & SAP Tool fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -463,12 +462,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + vendor_links: [] + notes: To verify if your instance is affected, go to the lib subdirectory of the + tool (BESClient/LMT/SAPTOOL and BESClient/LMT/VMMAN) and check what version + of log4j is included. Version is included in the name of the library. references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: IBM product: Block Storage cves: @@ -3198,7 +3198,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: IBM product: Mass Data Migration cves: @@ -3808,7 +3808,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: IBM product: Robotic Process Automation cves: @@ -4010,7 +4010,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: IBM product: Spectrum Archive Library Edition cves: @@ -5663,7 +5663,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: IGEL product: '' cves: @@ -5692,7 +5692,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Ignite Realtime product: '' cves: @@ -5721,7 +5721,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: iGrafx product: '' cves: @@ -5750,7 +5750,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Illuminated Cloud product: '' cves: @@ -5779,7 +5779,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Illumio product: C-VEN cves: @@ -6185,7 +6185,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Imperva product: '' cves: @@ -6214,7 +6214,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Inductive Automation product: Ignition cves: @@ -6228,7 +6228,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -6241,7 +6241,8 @@ software: unaffected_versions: [] vendor_links: - https://support.inductiveautomation.com/hc/en-us/articles/4416204541709-Regarding-CVE-2021-44228-Log4j-RCE-0-day - notes: Older versions of Ignition (7.8 and older) did use the Log4j library, but they used an older version (1.2) that was not affected by this vulnerability. + notes: Older versions of Ignition (7.8 and older) did use the Log4j library, but + they used an older version (1.2) that was not affected by this vulnerability. references: - '' last_updated: '2022-01-19T00:00:00' @@ -6273,7 +6274,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: infinidat product: '' cves: @@ -6302,7 +6303,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: InfluxData product: '' cves: @@ -6331,7 +6332,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Infoblox product: '' cves: @@ -6360,7 +6361,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Informatica product: '' cves: @@ -6389,7 +6390,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Instana product: '' cves: @@ -6418,7 +6419,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Instructure product: '' cves: @@ -6447,7 +6448,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Intel product: Audio Development Kit cves: @@ -6478,7 +6479,7 @@ software: - '' last_updated: '2021-12-16T00:00:00' - vendor: Intel - product: Datacenter Manager + product: Computer Vision Annotation Tool maintained by Intel cves: cve-2021-4104: investigated: false @@ -6507,7 +6508,7 @@ software: - '' last_updated: '2021-12-16T00:00:00' - vendor: Intel - product: oneAPI sample browser plugin for Eclipse + product: Datacenter Manager cves: cve-2021-4104: investigated: false @@ -6536,7 +6537,7 @@ software: - '' last_updated: '2021-12-16T00:00:00' - vendor: Intel - product: System Debugger + product: Genomics Kernel Library cves: cve-2021-4104: investigated: false @@ -6565,7 +6566,7 @@ software: - '' last_updated: '2021-12-16T00:00:00' - vendor: Intel - product: Secure Device Onboard + product: oneAPI sample browser plugin for Eclipse cves: cve-2021-4104: investigated: false @@ -6594,7 +6595,7 @@ software: - '' last_updated: '2021-12-16T00:00:00' - vendor: Intel - product: Genomics Kernel Library + product: Secure Device Onboard cves: cve-2021-4104: investigated: false @@ -6623,7 +6624,7 @@ software: - '' last_updated: '2021-12-16T00:00:00' - vendor: Intel - product: System Studio + product: Sensor Solution Firmware Development Kit cves: cve-2021-4104: investigated: false @@ -6652,7 +6653,7 @@ software: - '' last_updated: '2021-12-16T00:00:00' - vendor: Intel - product: Computer Vision Annotation Tool maintained by Intel + product: System Debugger cves: cve-2021-4104: investigated: false @@ -6681,7 +6682,7 @@ software: - '' last_updated: '2021-12-16T00:00:00' - vendor: Intel - product: Sensor Solution Firmware Development Kit + product: System Studio cves: cve-2021-4104: investigated: false @@ -6710,7 +6711,7 @@ software: - '' last_updated: '2021-12-16T00:00:00' - vendor: Internet Systems Consortium(ISC) - product: ISC DHCP, aka dhcpd + product: BIND 9 cves: cve-2021-4104: investigated: false @@ -6740,7 +6741,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Internet Systems Consortium(ISC) - product: Kea DHCP + product: ISC DHCP, aka dhcpd cves: cve-2021-4104: investigated: false @@ -6770,7 +6771,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Internet Systems Consortium(ISC) - product: BIND 9 + product: Kea DHCP cves: cve-2021-4104: investigated: false @@ -6827,7 +6828,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Intland product: codebeamer cves: @@ -6859,7 +6860,7 @@ software: and [21.09](https://codebeamer.com/cb/wiki/19418497), but not yet for [21.04](https://codebeamer.com/cb/wiki/16937839) references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: IPRO product: Netgovern cves: @@ -6887,7 +6888,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: iRedMail product: '' cves: @@ -6916,7 +6917,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Ironnet product: '' cves: @@ -6945,7 +6946,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: ISLONLINE product: '' cves: @@ -6974,7 +6975,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Ivanti product: Application Control for Linux cves: @@ -6988,7 +6989,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -7018,7 +7019,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -7048,7 +7049,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -7076,8 +7077,8 @@ software: cve-2021-44228: investigated: true affected_versions: - - '6.2.2' - - '6.3.0 to 6.3.3' + - 6.2.2 + - 6.3.0 to 6.3.3 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -7109,7 +7110,37 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: CETerm (Naurtech) + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -7139,7 +7170,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -7169,7 +7200,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -7199,7 +7230,37 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: ConnectPro (Termproxy) + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -7229,7 +7290,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -7259,7 +7320,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -7289,7 +7350,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -7319,7 +7380,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -7349,7 +7410,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -7379,7 +7440,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -7409,7 +7470,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -7427,7 +7488,7 @@ software: - '' last_updated: '2022-01-18T00:00:00' - vendor: Ivanti - product: ITSM 6/7 + product: Incapptic Connect cves: cve-2021-4104: investigated: '' @@ -7439,7 +7500,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -7457,7 +7518,7 @@ software: - '' last_updated: '2022-01-18T00:00:00' - vendor: Ivanti - product: Incapptic Connect + product: Insight cves: cve-2021-4104: investigated: '' @@ -7469,7 +7530,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -7487,7 +7548,7 @@ software: - '' last_updated: '2022-01-18T00:00:00' - vendor: Ivanti - product: Insight + product: ITSM 6/7 cves: cve-2021-4104: investigated: '' @@ -7499,7 +7560,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -7529,7 +7590,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -7559,7 +7620,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -7589,7 +7650,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -7607,7 +7668,7 @@ software: - '' last_updated: '2022-01-18T00:00:00' - vendor: Ivanti - product: Ivanti EPM - Cloud Service Appliance + product: Ivanti Endpoint Security cves: cve-2021-4104: investigated: '' @@ -7619,7 +7680,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -7637,7 +7698,7 @@ software: - '' last_updated: '2022-01-18T00:00:00' - vendor: Ivanti - product: Ivanti Endpoint Security + product: Ivanti Environment Manager cves: cve-2021-4104: investigated: '' @@ -7649,7 +7710,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -7667,7 +7728,7 @@ software: - '' last_updated: '2022-01-18T00:00:00' - vendor: Ivanti - product: Ivanti Environment Manager + product: Ivanti EPM - Cloud Service Appliance cves: cve-2021-4104: investigated: '' @@ -7679,7 +7740,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -7707,15 +7768,15 @@ software: cve-2021-44228: investigated: true affected_versions: - - '2019.1.*' - - '2020.1.*' - - '2020.3.*' - - '2021.1.*' - - '4.4.*' + - 2019.1.* + - 2020.1.* + - 2020.3.* + - 2021.1.* + - 4.4.* fixed_versions: - - '2021.3 HF2' - - '2021.1 HF1' - - '2020.3 HF2' + - 2021.3 HF2 + - 2021.1 HF1 + - 2020.3 HF2 unaffected_versions: [] cve-2021-45046: investigated: '' @@ -7746,7 +7807,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -7776,7 +7837,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -7806,7 +7867,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -7836,7 +7897,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -7866,7 +7927,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -7884,7 +7945,7 @@ software: - '' last_updated: '2022-01-18T00:00:00' - vendor: Ivanti - product: Ivanti Service Desk + product: Ivanti Security Controls (Patch ISec) cves: cve-2021-4104: investigated: '' @@ -7896,7 +7957,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -7909,12 +7970,13 @@ software: unaffected_versions: [] vendor_links: - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US - notes: Not Affected. Java is no longer required since version 2018.3U3 Customers on older versions can uninstall JRE on their ISD Servers for mitigation. This will disable indexing of Attachments and Documents for full-text search. + notes: See More INFO for Ivanti Security Controls (Patch ISec) in the Advisory + Page references: - '' last_updated: '2022-01-18T00:00:00' - vendor: Ivanti - product: Ivanti Service Manager + product: Ivanti Service Desk cves: cve-2021-4104: investigated: '' @@ -7926,7 +7988,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -7939,12 +8001,14 @@ software: unaffected_versions: [] vendor_links: - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US - notes: '' + notes: Not Affected. Java is no longer required since version 2018.3U3 Customers + on older versions can uninstall JRE on their ISD Servers for mitigation. This + will disable indexing of Attachments and Documents for full-text search. references: - '' last_updated: '2022-01-18T00:00:00' - vendor: Ivanti - product: Ivanti Service Manager for Neurons (Cloud) + product: Ivanti Service Manager cves: cve-2021-4104: investigated: '' @@ -7956,7 +8020,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -7974,7 +8038,7 @@ software: - '' last_updated: '2022-01-18T00:00:00' - vendor: Ivanti - product: Ivanti Security Controls (Patch ISec) + product: Ivanti Service Manager for Neurons (Cloud) cves: cve-2021-4104: investigated: '' @@ -7986,7 +8050,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -7999,7 +8063,7 @@ software: unaffected_versions: [] vendor_links: - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US - notes: See More INFO for Ivanti Security Controls (Patch ISec) in the Advisory Page + notes: '' references: - '' last_updated: '2022-01-18T00:00:00' @@ -8016,7 +8080,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -8046,7 +8110,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -8076,7 +8140,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -8106,7 +8170,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -8136,7 +8200,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -8166,7 +8230,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -8196,7 +8260,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -8226,7 +8290,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -8254,7 +8318,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 'All' + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -8286,7 +8350,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -8316,7 +8380,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -8346,7 +8410,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -8374,7 +8438,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 'All' + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -8394,7 +8458,7 @@ software: - '' last_updated: '2022-01-18T00:00:00' - vendor: Ivanti - product: MobileIron Sentry (Core/Cloud) + product: MobileIron Core Connector cves: cve-2021-4104: investigated: '' @@ -8404,8 +8468,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '9.13' - - '9.14' + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -8420,12 +8483,12 @@ software: unaffected_versions: [] vendor_links: - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US - notes: See Advisory details for mitigation instructions for MobileIron Sentry. + notes: See Advisory details for mitigation instructions for MobileIron Core Connector. references: - '' last_updated: '2022-01-18T00:00:00' - vendor: Ivanti - product: MobileIron Core Connector + product: MobileIron Sentry (Core/Cloud) cves: cve-2021-4104: investigated: '' @@ -8435,7 +8498,8 @@ software: cve-2021-44228: investigated: true affected_versions: - - 'All' + - '9.13' + - '9.14' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -8450,7 +8514,7 @@ software: unaffected_versions: [] vendor_links: - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US - notes: See Advisory details for mitigation instructions for MobileIron Core Connector. + notes: See Advisory details for mitigation instructions for MobileIron Sentry. references: - '' last_updated: '2022-01-18T00:00:00' @@ -8467,7 +8531,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -8497,7 +8561,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -8527,7 +8591,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -8545,7 +8609,7 @@ software: - '' last_updated: '2022-01-18T00:00:00' - vendor: Ivanti - product: Pulse Desktop Client + product: Pulse Connect Secure cves: cve-2021-4104: investigated: '' @@ -8557,7 +8621,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -8575,7 +8639,7 @@ software: - '' last_updated: '2022-01-18T00:00:00' - vendor: Ivanti - product: Pulse Mobile Client + product: Pulse Desktop Client cves: cve-2021-4104: investigated: '' @@ -8587,7 +8651,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -8605,7 +8669,7 @@ software: - '' last_updated: '2022-01-18T00:00:00' - vendor: Ivanti - product: Pulse Services Director + product: Pulse Mobile Client cves: cve-2021-4104: investigated: '' @@ -8617,7 +8681,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -8635,7 +8699,7 @@ software: - '' last_updated: '2022-01-18T00:00:00' - vendor: Ivanti - product: Pulse Virtual Traffic Manager + product: Pulse One cves: cve-2021-4104: investigated: '' @@ -8647,7 +8711,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -8665,7 +8729,7 @@ software: - '' last_updated: '2022-01-18T00:00:00' - vendor: Ivanti - product: Pulse Web Application Firewall + product: Pulse Policy Secure cves: cve-2021-4104: investigated: '' @@ -8677,7 +8741,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -8695,7 +8759,7 @@ software: - '' last_updated: '2022-01-18T00:00:00' - vendor: Ivanti - product: Pulse Connect Secure + product: Pulse Services Director cves: cve-2021-4104: investigated: '' @@ -8707,7 +8771,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -8725,7 +8789,7 @@ software: - '' last_updated: '2022-01-18T00:00:00' - vendor: Ivanti - product: Pulse One + product: Pulse Virtual Traffic Manager cves: cve-2021-4104: investigated: '' @@ -8737,7 +8801,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -8755,7 +8819,7 @@ software: - '' last_updated: '2022-01-18T00:00:00' - vendor: Ivanti - product: Pulse Policy Secure + product: Pulse Web Application Firewall cves: cve-2021-4104: investigated: '' @@ -8767,7 +8831,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -8797,7 +8861,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -8827,7 +8891,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -8857,7 +8921,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -8887,7 +8951,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -8917,7 +8981,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -8947,7 +9011,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -8977,7 +9041,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -8995,7 +9059,7 @@ software: - '' last_updated: '2022-01-18T00:00:00' - vendor: Ivanti - product: ConnectPro (Termproxy) + product: Virtual Desktop Extender cves: cve-2021-4104: investigated: '' @@ -9007,7 +9071,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -9037,67 +9101,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' - cve-2021-45046: - investigated: '' - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: '' - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US - notes: '' - references: - - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: CETerm (Naurtech) - cves: - cve-2021-4104: - investigated: '' - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - 'All' - cve-2021-45046: - investigated: '' - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: '' - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US - notes: '' - references: - - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Virtual Desktop Extender - cves: - cve-2021-4104: - investigated: '' - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -9127,7 +9131,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] diff --git a/data/cisagov_J.yml b/data/cisagov_J.yml index 3ab71be..d58b98c 100644 --- a/data/cisagov_J.yml +++ b/data/cisagov_J.yml @@ -32,7 +32,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Jamf product: Jamf Pro cves: @@ -62,7 +62,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Janitza product: GridVis cves: @@ -121,7 +121,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Jedox product: '' cves: @@ -150,7 +150,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Jenkins product: CI/CD Core cves: @@ -178,7 +178,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Jenkins product: Plugins cves: @@ -209,9 +209,8 @@ software: - '' last_updated: '2021-12-16T00:00:00' - vendor: JetBrains - product: IntelliJ platform based IDEs (AppCode, CLion, DataGrip, DataSpell, GoLand, - IntelliJ IDEA Ultimate/Community/Edu, PhpStorm, PyCharm Professional/Community/Edu, - Rider, RubyMine, WebStorm) + product: All .NET tools (ReSharper, Rider, ReSharper C++, dotTrace, dotMemory, + dotCover, dotPeek) cves: cve-2021-4104: investigated: false @@ -239,10 +238,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: JetBrains - product: All .NET tools (ReSharper, Rider, ReSharper C++, dotTrace, dotMemory, - dotCover, dotPeek) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Jetbrains + product: Code With Me cves: cve-2021-4104: investigated: false @@ -252,9 +250,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: + fixed_versions: - Unknown + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -270,9 +268,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: JetBrains - product: ToolBox + product: Datalore cves: cve-2021-4104: investigated: false @@ -300,9 +298,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: JetBrains - product: TeamCity + product: Floating license server cves: cve-2021-4104: investigated: false @@ -312,9 +310,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - Unknown + fixed_versions: + - '30211' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -326,13 +324,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://youtrack.jetbrains.com/issue/TW-74298 + - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: JetBrains - product: Hub + product: Gateway cves: cve-2021-4104: investigated: false @@ -342,9 +340,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - 2021.1.14080 - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - Unknown cve-2021-45046: investigated: false affected_versions: [] @@ -356,13 +354,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.jetbrains.com/hub/2021/12/14/hub-update-regarding-log4j2-vulnerability/ + - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: JetBrains - product: YouTrack Standalone + product: Hub cves: cve-2021-4104: investigated: false @@ -373,7 +371,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - 2021.4.35970 + - 2021.1.14080 unaffected_versions: [] cve-2021-45046: investigated: false @@ -386,13 +384,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.jetbrains.com/youtrack/2021/12/youtrack-update-regarding-log4j2-vulnerability/ + - https://blog.jetbrains.com/hub/2021/12/14/hub-update-regarding-log4j2-vulnerability/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: JetBrains - product: YouTrack InCloud + product: IntelliJ platform based IDEs (AppCode, CLion, DataGrip, DataSpell, GoLand, + IntelliJ IDEA Ultimate/Community/Edu, PhpStorm, PyCharm Professional/Community/Edu, + Rider, RubyMine, WebStorm) cves: cve-2021-4104: investigated: false @@ -402,9 +402,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: + fixed_versions: [] + unaffected_versions: - Unknown - unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -420,9 +420,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: JetBrains - product: Datalore + product: Kotlin cves: cve-2021-4104: investigated: false @@ -450,9 +450,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: JetBrains - product: Space + product: Ktor cves: cve-2021-4104: investigated: false @@ -480,9 +480,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Jetbrains - product: Code With Me + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: JetBrains + product: MPS cves: cve-2021-4104: investigated: false @@ -492,9 +492,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: + fixed_versions: [] + unaffected_versions: - Unknown - unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -510,9 +510,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: JetBrains - product: Gateway + product: Space cves: cve-2021-4104: investigated: false @@ -540,9 +540,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: JetBrains - product: Kotlin + product: TeamCity cves: cve-2021-4104: investigated: false @@ -566,13 +566,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + - https://youtrack.jetbrains.com/issue/TW-74298 notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: JetBrains - product: Ktor + product: ToolBox cves: cve-2021-4104: investigated: false @@ -600,9 +600,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: JetBrains - product: MPS + product: UpSource cves: cve-2021-4104: investigated: false @@ -612,9 +612,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - Unknown + fixed_versions: + - 2020.1.1952 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -630,9 +630,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: JetBrains - product: Floating license server + product: YouTrack InCloud cves: cve-2021-4104: investigated: false @@ -643,7 +643,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '30211' + - Unknown unaffected_versions: [] cve-2021-45046: investigated: false @@ -660,9 +660,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: JetBrains - product: UpSource + product: YouTrack Standalone cves: cve-2021-4104: investigated: false @@ -673,7 +673,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - 2020.1.1952 + - 2021.4.35970 unaffected_versions: [] cve-2021-45046: investigated: false @@ -686,11 +686,11 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + - https://blog.jetbrains.com/youtrack/2021/12/youtrack-update-regarding-log4j2-vulnerability/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: JFROG product: '' cves: @@ -719,7 +719,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Jitsi product: '' cves: @@ -748,7 +748,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Jitterbit product: '' cves: @@ -777,9 +777,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: jPOS - product: (ISO-8583) bridge + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Johnson Controls + product: BCPro cves: cve-2021-4104: investigated: false @@ -791,7 +791,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - Unknown + - All versions cve-2021-45046: investigated: false affected_versions: [] @@ -803,13 +803,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://github.com/jpos/jPOS/commit/d615199a1bdd35c35d63c07c10fd0bdbbc96f625 + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: C•CURE‐9000 + product: CEM AC2000 cves: cve-2021-4104: investigated: false @@ -821,7 +821,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 2.90.x (all 2.90 versions) + - All versions cve-2021-45046: investigated: false affected_versions: [] @@ -839,7 +839,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: C•CURE‐9000 + product: CEM Hardware Products cves: cve-2021-4104: investigated: false @@ -851,7 +851,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 2.80.x (all 2.80 versions) + - All versions cve-2021-45046: investigated: false affected_versions: [] @@ -869,7 +869,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: C•CURE‐9000 + product: CloudVue Gateway cves: cve-2021-4104: investigated: false @@ -881,7 +881,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 2.70 (All versions) + - All versions cve-2021-45046: investigated: false affected_versions: [] @@ -899,7 +899,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: C•CURE‐9000 + product: CloudVue Web cves: cve-2021-4104: investigated: false @@ -911,7 +911,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 2.60 (All versions) + - All versions cve-2021-45046: investigated: false affected_versions: [] @@ -929,7 +929,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: victor + product: C•CURE‐9000 cves: cve-2021-4104: investigated: false @@ -941,7 +941,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 5.x + - 2.90.x (all 2.90 versions) cve-2021-45046: investigated: false affected_versions: [] @@ -959,7 +959,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: victor/ C•CURE‐9000 Unified + product: C•CURE‐9000 cves: cve-2021-4104: investigated: false @@ -971,7 +971,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 3.81.x / victor 5.4.1 / C•CURE‐9000 2.80 + - 2.80.x (all 2.80 versions) cve-2021-45046: investigated: false affected_versions: [] @@ -989,7 +989,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: victor/ C•CURE‐9000 Unified + product: C•CURE‐9000 cves: cve-2021-4104: investigated: false @@ -1001,7 +1001,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 3.91.x / victor 5.6.1 / C•CURE‐9000 2.90 + - 2.70 (All versions) cve-2021-45046: investigated: false affected_versions: [] @@ -1019,7 +1019,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: Metasys Products and Tools + product: C•CURE‐9000 cves: cve-2021-4104: investigated: false @@ -1031,7 +1031,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - 2.60 (All versions) cve-2021-45046: investigated: false affected_versions: [] @@ -1049,7 +1049,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: Facility Explorer + product: DLS cves: cve-2021-4104: investigated: false @@ -1061,7 +1061,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 14.x + - All versions cve-2021-45046: investigated: false affected_versions: [] @@ -1079,7 +1079,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: CEM AC2000 + product: Entrapass cves: cve-2021-4104: investigated: false @@ -1109,7 +1109,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: CEM Hardware Products + product: exacqVision Client cves: cve-2021-4104: investigated: false @@ -1139,7 +1139,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: Illustra Cameras + product: exacqVision Server cves: cve-2021-4104: investigated: false @@ -1169,7 +1169,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: Illustra Insight + product: exacqVision WebService cves: cve-2021-4104: investigated: false @@ -1199,7 +1199,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: Tyco AI + product: Facility Explorer cves: cve-2021-4104: investigated: false @@ -1211,7 +1211,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - 14.x cve-2021-45046: investigated: false affected_versions: [] @@ -1229,7 +1229,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: DLS + product: Illustra Cameras cves: cve-2021-4104: investigated: false @@ -1259,7 +1259,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: Entrapass + product: Illustra Insight cves: cve-2021-4104: investigated: false @@ -1289,7 +1289,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: CloudVue Web + product: iSTAR cves: cve-2021-4104: investigated: false @@ -1319,7 +1319,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: CloudVue Gateway + product: Metasys Products and Tools cves: cve-2021-4104: investigated: false @@ -1349,7 +1349,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: Qolsys IQ Panels + product: PowerSeries NEO cves: cve-2021-4104: investigated: false @@ -1379,7 +1379,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: PowerSeries NEO + product: PowerSeries Pro cves: cve-2021-4104: investigated: false @@ -1409,7 +1409,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: PowerSeries Pro + product: Qolsys IQ Panels cves: cve-2021-4104: investigated: false @@ -1469,7 +1469,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: VideoEdge + product: Tyco AI cves: cve-2021-4104: investigated: false @@ -1481,7 +1481,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 5.x + - All versions cve-2021-45046: investigated: false affected_versions: [] @@ -1499,7 +1499,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: exacqVision Server + product: victor cves: cve-2021-4104: investigated: false @@ -1511,7 +1511,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - 5.x cve-2021-45046: investigated: false affected_versions: [] @@ -1529,7 +1529,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: exacqVision Client + product: victor/ C•CURE‐9000 Unified cves: cve-2021-4104: investigated: false @@ -1541,7 +1541,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - 3.81.x / victor 5.4.1 / C•CURE‐9000 2.80 cve-2021-45046: investigated: false affected_versions: [] @@ -1559,7 +1559,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: exacqVision WebService + product: victor/ C•CURE‐9000 Unified cves: cve-2021-4104: investigated: false @@ -1571,7 +1571,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - 3.91.x / victor 5.6.1 / C•CURE‐9000 2.90 cve-2021-45046: investigated: false affected_versions: [] @@ -1589,7 +1589,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: BCPro + product: VideoEdge cves: cve-2021-4104: investigated: false @@ -1601,7 +1601,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - 5.x cve-2021-45046: investigated: false affected_versions: [] @@ -1618,8 +1618,8 @@ software: references: - '' last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: iSTAR + - vendor: Journyx + product: '' cves: cve-2021-4104: investigated: false @@ -1627,11 +1627,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All versions + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1643,13 +1642,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://community.journyx.com/support/solutions/articles/9000209044-apache-log4j-2-vulnerability-cve-2021-44228- notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Journyx - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: jPOS + product: (ISO-8583) bridge cves: cve-2021-4104: investigated: false @@ -1657,10 +1656,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - Unknown cve-2021-45046: investigated: false affected_versions: [] @@ -1672,11 +1672,11 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.journyx.com/support/solutions/articles/9000209044-apache-log4j-2-vulnerability-cve-2021-44228- + - https://github.com/jpos/jPOS/commit/d615199a1bdd35c35d63c07c10fd0bdbbc96f625 notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Jump Desktop product: '' cves: @@ -1705,7 +1705,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Juniper Networks product: '' cves: @@ -1734,7 +1734,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Justice Systems product: '' cves: @@ -1763,5 +1763,5 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' ... diff --git a/data/cisagov_K.yml b/data/cisagov_K.yml index 79eb59c..7149f4a 100644 --- a/data/cisagov_K.yml +++ b/data/cisagov_K.yml @@ -32,7 +32,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: K6 product: '' cves: @@ -61,7 +61,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Karakun product: '' cves: @@ -90,7 +90,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Kaseya product: '' cves: @@ -119,7 +119,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Keeper Security product: '' cves: @@ -148,7 +148,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: KEMP product: '' cves: @@ -177,7 +177,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: KEMP 2 product: '' cves: @@ -206,7 +206,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Kofax product: '' cves: @@ -235,7 +235,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Konica Minolta product: '' cves: @@ -264,7 +264,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Kronos UKG product: '' cves: @@ -293,7 +293,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Kyberna product: '' cves: @@ -322,5 +322,5 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' ... diff --git a/data/cisagov_L.yml b/data/cisagov_L.yml index 11c83aa..a1ffc81 100644 --- a/data/cisagov_L.yml +++ b/data/cisagov_L.yml @@ -32,7 +32,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: L3Harris Geospatial product: '' cves: @@ -61,7 +61,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Lancom Systems product: '' cves: @@ -90,7 +90,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Lansweeper product: '' cves: @@ -119,7 +119,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Laserfiche product: '' cves: @@ -148,7 +148,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: LastPass product: '' cves: @@ -177,7 +177,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: LaunchDarkly product: '' cves: @@ -206,7 +206,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Leanix product: '' cves: @@ -235,7 +235,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Leica BIOSYSTEMS product: Aperio AT2 cves: @@ -614,7 +614,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Leica BIOSYSTEMS - product: BOND-ADVANCE + product: BOND Controller cves: cve-2021-4104: investigated: false @@ -643,7 +643,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Leica BIOSYSTEMS - product: BOND Controller + product: BOND RX cves: cve-2021-4104: investigated: false @@ -672,7 +672,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Leica BIOSYSTEMS - product: BOND-III + product: BOND RXm cves: cve-2021-4104: investigated: false @@ -701,7 +701,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Leica BIOSYSTEMS - product: BOND-MAX + product: BOND-ADVANCE cves: cve-2021-4104: investigated: false @@ -730,7 +730,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Leica BIOSYSTEMS - product: BOND RX + product: BOND-III cves: cve-2021-4104: investigated: false @@ -759,7 +759,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Leica BIOSYSTEMS - product: BOND RXm + product: BOND-MAX cves: cve-2021-4104: investigated: false @@ -2415,7 +2415,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Let's Encrypt product: '' cves: @@ -2444,7 +2444,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: LibreNMS product: '' cves: @@ -2473,7 +2473,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: LifeRay product: '' cves: @@ -2502,7 +2502,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: LifeSize product: '' cves: @@ -2531,7 +2531,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Lightbend product: '' cves: @@ -2560,7 +2560,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Lime CRM product: '' cves: @@ -2589,7 +2589,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: LIONGARD product: '' cves: @@ -2618,7 +2618,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: LiquidFiles product: '' cves: @@ -2647,7 +2647,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: LiveAction product: '' cves: @@ -2676,7 +2676,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Loftware product: '' cves: @@ -2705,7 +2705,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: LOGalyze product: SIEM & log analyzer tool cves: @@ -2766,7 +2766,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: LogicMonitor product: LogicMonitor Platform cves: @@ -2795,7 +2795,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: LogMeIn product: '' cves: @@ -2824,7 +2824,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: LogRhythm product: '' cves: @@ -2853,7 +2853,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Looker product: Looker cves: @@ -2888,7 +2888,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: LucaNet product: '' cves: @@ -2917,7 +2917,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Lucee product: '' cves: @@ -2946,7 +2946,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Lyrasis product: Fedora Repository cves: diff --git a/data/cisagov_M.yml b/data/cisagov_M.yml index 987e2bb..b87271f 100644 --- a/data/cisagov_M.yml +++ b/data/cisagov_M.yml @@ -32,7 +32,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Maltego product: '' cves: @@ -61,9 +61,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: ManageEngine - product: Servicedesk Plus + product: AD SelfService Plus cves: cve-2021-4104: investigated: false @@ -72,10 +72,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '11305 and below' + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - Build 6.1 build 6114 cve-2021-45046: investigated: false affected_versions: [] @@ -86,14 +86,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.manageengine.com/products/service-desk/security-response-plan.html + vendor_links: [] notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2021-12-27T00:00:00' - vendor: ManageEngine - product: AD SelfService Plus + product: Servicedesk Plus cves: cve-2021-4104: investigated: false @@ -102,10 +101,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 11305 and below fixed_versions: [] - unaffected_versions: - - 'Build 6.1 build 6114' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -116,11 +115,12 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://www.manageengine.com/products/service-desk/security-response-plan.html notes: '' references: - '' - last_updated: '2021-12-27T00:00:00' + last_updated: '2021-12-15T00:00:00' - vendor: ManageEngine Zoho product: '' cves: @@ -149,9 +149,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: ManageEngine Zoho - product: ADManager Plus + product: ADAudit Plus cves: cve-2021-4104: investigated: false @@ -180,7 +180,7 @@ software: - '' last_updated: '2021-12-16T00:00:00' - vendor: ManageEngine Zoho - product: ADAudit Plus + product: ADManager Plus cves: cve-2021-4104: investigated: false @@ -209,7 +209,7 @@ software: - '' last_updated: '2021-12-16T00:00:00' - vendor: ManageEngine Zoho - product: DataSecurity Plus + product: Analytics Plus cves: cve-2021-4104: investigated: false @@ -238,7 +238,7 @@ software: - '' last_updated: '2021-12-16T00:00:00' - vendor: ManageEngine Zoho - product: EventLog Analyzer + product: Cloud Security Plus cves: cve-2021-4104: investigated: false @@ -267,7 +267,7 @@ software: - '' last_updated: '2021-12-16T00:00:00' - vendor: ManageEngine Zoho - product: M365 Manager Plus + product: DataSecurity Plus cves: cve-2021-4104: investigated: false @@ -296,7 +296,7 @@ software: - '' last_updated: '2021-12-16T00:00:00' - vendor: ManageEngine Zoho - product: RecoveryManager Plus + product: EventLog Analyzer cves: cve-2021-4104: investigated: false @@ -412,7 +412,7 @@ software: - '' last_updated: '2021-12-16T00:00:00' - vendor: ManageEngine Zoho - product: Cloud Security Plus + product: M365 Manager Plus cves: cve-2021-4104: investigated: false @@ -470,7 +470,7 @@ software: - '' last_updated: '2021-12-16T00:00:00' - vendor: ManageEngine Zoho - product: Analytics Plus + product: RecoveryManager Plus cves: cve-2021-4104: investigated: false @@ -526,7 +526,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: MathWorks product: All MathWorks general release desktop or server products cves: @@ -569,7 +569,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -598,7 +598,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '1.59.10+' + - 1.59.10+ unaffected_versions: [] cve-2021-45046: investigated: false @@ -644,7 +644,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Mattermost FocalBoard product: '' cves: @@ -673,7 +673,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: McAfee product: Data Exchange Layer (DXL) Client cves: @@ -927,7 +927,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: McAfee - product: ePolicy Orchestrator Application Server (ePO) + product: Enterprise Security Manager (ESM) cves: cve-2021-4104: investigated: false @@ -938,7 +938,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '5.10 CU11' + - 11.5.3 unaffected_versions: [] cve-2021-45046: investigated: false @@ -985,7 +985,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: McAfee - product: Host Intrusion Prevention (Host IPS) + product: ePolicy Orchestrator Application Server (ePO) cves: cve-2021-4104: investigated: false @@ -993,9 +993,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 5.10 CU11 unaffected_versions: [] cve-2021-45046: investigated: false @@ -1007,13 +1008,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://kc.mcafee.com/agent/index?page=content&id=SB10377 notes: '' references: - '' last_updated: '2021-12-20T00:00:00' - vendor: McAfee - product: Management of Native Encryption (MNE) + product: Host Intrusion Prevention (Host IPS) cves: cve-2021-4104: investigated: false @@ -1041,7 +1043,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: McAfee - product: McAfee Active Response (MAR) + product: Management of Native Encryption (MNE) cves: cve-2021-4104: investigated: false @@ -1069,7 +1071,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: McAfee - product: McAfee Agent (MA) + product: McAfee Active Response (MAR) cves: cve-2021-4104: investigated: false @@ -1097,7 +1099,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: McAfee - product: McAfee Application and Change Control (MACC) for Linux + product: McAfee Agent (MA) cves: cve-2021-4104: investigated: false @@ -1125,7 +1127,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: McAfee - product: McAfee Application and Change Control (MACC) for Windows + product: McAfee Application and Change Control (MACC) for Linux cves: cve-2021-4104: investigated: false @@ -1153,7 +1155,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: McAfee - product: McAfee Client Proxy (MCP) for Mac + product: McAfee Application and Change Control (MACC) for Windows cves: cve-2021-4104: investigated: false @@ -1181,7 +1183,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: McAfee - product: McAfee Client Proxy (MCP) for Windows + product: McAfee Client Proxy (MCP) for Mac cves: cve-2021-4104: investigated: false @@ -1209,7 +1211,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: McAfee - product: McAfee Drive Encryption (MDE) + product: McAfee Client Proxy (MCP) for Windows cves: cve-2021-4104: investigated: false @@ -1237,7 +1239,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: McAfee - product: McAfee Security for Microsoft Exchange (MSME) + product: McAfee Drive Encryption (MDE) cves: cve-2021-4104: investigated: false @@ -1265,7 +1267,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: McAfee - product: McAfee Security for Microsoft SharePoint (MSMS) + product: McAfee Security for Microsoft Exchange (MSME) cves: cve-2021-4104: investigated: false @@ -1321,7 +1323,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: McAfee - product: Enterprise Security Manager (ESM) + product: McAfee Security for Microsoft SharePoint (MSMS) cves: cve-2021-4104: investigated: false @@ -1329,10 +1331,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - '11.5.3' + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -1344,8 +1345,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://kc.mcafee.com/agent/index?page=content&id=SB10377 + vendor_links: [] notes: '' references: - '' @@ -1549,7 +1549,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: MEINBERG product: LANTIME and microSync cves: @@ -1607,7 +1607,7 @@ software: notes: Project is written in Python references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Memurai product: '' cves: @@ -1637,8 +1637,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Microsoft - product: Azure Application Gateway + - vendor: Micro Focus + product: Data Protector cves: cve-2021-4104: investigated: false @@ -1646,9 +1646,19 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '10.20' + - '10.30' + - '10.40' + - '10.50' + - '10.60' + - '10.70' + - '10.80' + - '10.90' + - '10.91' + - '11.00' unaffected_versions: [] cve-2021-45046: investigated: false @@ -1661,11 +1671,11 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/ + - https://portal.microfocus.com/s/article/KM000003052 notes: '' references: - - '' - last_updated: '2022-01-12T07:18:54+00:00' + - '[https://portal.microfocus.com/s/article/KM000003050](https://portal.microfocus.com/s/article/KM000003050)' + last_updated: '2021-12-13T00:00:00' - vendor: Microsoft product: Azure API Gateway cves: @@ -1694,9 +1704,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Microsoft - product: Azure Data lake store java + product: Azure Application Gateway cves: cve-2021-4104: investigated: false @@ -1704,9 +1714,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - '< 2.3.10' + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -1720,11 +1729,11 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://github.com/Azure/azure-data-lake-store-java/blob/ed5d6304783286c3cfff0a1dee457a922e23ad48/CHANGES.md#version-2310 + - https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Microsoft product: Azure Data lake store java cves: @@ -1736,7 +1745,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '< 2.3.10' + - < 2.3.10 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -1754,9 +1763,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Microsoft - product: Azure DevOps Server + product: Azure Data lake store java cves: cve-2021-4104: investigated: false @@ -1766,7 +1775,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '2019.0 - 2020.1' + - < 2.3.10 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -1780,11 +1789,11 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://devblogs.microsoft.com/devops/azure-devops-and-azure-devops-server-and-the-log4j-vulnerability/?WT.mc_id=DOP-MVP-5001511 + - https://github.com/Azure/azure-data-lake-store-java/blob/ed5d6304783286c3cfff0a1dee457a922e23ad48/CHANGES.md#version-2310 notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Microsoft product: Azure DevOps cves: @@ -1813,9 +1822,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Microsoft - product: Azure Traffic Manager + product: Azure DevOps Server cves: cve-2021-4104: investigated: false @@ -1823,8 +1832,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 2019.0 - 2020.1 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -1838,13 +1848,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/ + - https://devblogs.microsoft.com/devops/azure-devops-and-azure-devops-server-and-the-log4j-vulnerability/?WT.mc_id=DOP-MVP-5001511 notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Microsoft - product: Team Foundation Server + product: Azure Traffic Manager cves: cve-2021-4104: investigated: false @@ -1852,9 +1862,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - '2018.2+' + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -1868,13 +1877,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://devblogs.microsoft.com/devops/azure-devops-and-azure-devops-server-and-the-log4j-vulnerability/?WT.mc_id=DOP-MVP-5001511 + - https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Microstrategy - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Microsoft + product: Team Foundation Server cves: cve-2021-4104: investigated: false @@ -1882,8 +1891,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 2018.2+ fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -1897,13 +1907,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.microstrategy.com/s/article/MicroStrategy-s-response-to-CVE-2021-44228-The-Log4j-0-Day-Vulnerability?language=en_US + - https://devblogs.microsoft.com/devops/azure-devops-and-azure-devops-server-and-the-log4j-vulnerability/?WT.mc_id=DOP-MVP-5001511 notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Micro Focus - product: Data Protector + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Microstrategy + product: '' cves: cve-2021-4104: investigated: false @@ -1911,19 +1921,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - '10.20' - - '10.30' - - '10.40' - - '10.50' - - '10.60' - - '10.70' - - '10.80' - - '10.90' - - '10.91' - - '11.00' + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -1936,11 +1936,11 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://portal.microfocus.com/s/article/KM000003052 + - https://community.microstrategy.com/s/article/MicroStrategy-s-response-to-CVE-2021-44228-The-Log4j-0-Day-Vulnerability?language=en_US notes: '' references: - - '[https://portal.microfocus.com/s/article/KM000003050](https://portal.microfocus.com/s/article/KM000003050)' - last_updated: '2021-12-13T00:00:00' + - '' + last_updated: '2022-01-12T07:18:54+00:00' - vendor: Midori Global product: '' cves: @@ -1998,7 +1998,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Milestone sys product: '' cves: @@ -2027,7 +2027,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Mimecast product: '' cves: @@ -2056,7 +2056,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Minecraft product: '' cves: @@ -2085,7 +2085,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Mirantis product: '' cves: @@ -2114,7 +2114,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Miro product: '' cves: @@ -2143,7 +2143,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Mitel product: '' cves: @@ -2172,7 +2172,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: MMM Group product: Control software of all MMM series cves: @@ -2260,7 +2260,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: MongoDB product: MongoDB Atlas Search cves: @@ -2289,7 +2289,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: MongoDB product: MongoDB Community Edition (including Community Server, Cloud Manager, Community Kubernetes Operators) @@ -2319,7 +2319,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: MongoDB product: MongoDB Drivers cves: @@ -2348,7 +2348,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: MongoDB product: MongoDB Enterprise Advanced (including Enterprise Server, Ops Manager, Enterprise Kubernetes Operators) @@ -2378,7 +2378,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: MongoDB product: MongoDB Realm (including Realm Database, Sync, Functions, APIs) cves: @@ -2407,7 +2407,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: MongoDB product: MongoDB Tools (including Compass, Database Shell, VS Code Plugin, Atlas CLI, Database Connectors) @@ -2437,7 +2437,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Moodle product: '' cves: @@ -2466,7 +2466,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: MoogSoft product: '' cves: @@ -2495,7 +2495,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Motorola Avigilon product: '' cves: @@ -2538,7 +2538,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -2551,7 +2551,9 @@ software: unaffected_versions: [] vendor_links: - https://www.moxa.com/en/support/product-support/security-advisory/moxa-s-response-regarding-the-apache-log4j-vulnerability - notes: Moxa is investigating to determine if any of our products are affected by this vulnerability. At the time of publication, none of Moxa's products are affected. + notes: Moxa is investigating to determine if any of our products are affected + by this vulnerability. At the time of publication, none of Moxa's products are + affected. references: - '' last_updated: '2022-01-19T00:00:00' @@ -2584,9 +2586,9 @@ software: by CISA references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Mulesoft - product: Mule Runtime + product: Anypoint Studio cves: cve-2021-4104: investigated: false @@ -2596,8 +2598,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '3.x' - - '4.x' + - 7.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -2618,7 +2619,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Mulesoft - product: Mule Agent + product: Cloudhub cves: cve-2021-4104: investigated: false @@ -2626,9 +2627,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - '6.x' + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -2649,7 +2649,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Mulesoft - product: Cloudhub + product: Mule Agent cves: cve-2021-4104: investigated: false @@ -2657,8 +2657,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 6.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -2679,7 +2680,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Mulesoft - product: Anypoint Studio + product: Mule Runtime cves: cve-2021-4104: investigated: false @@ -2689,7 +2690,8 @@ software: cve-2021-44228: investigated: true affected_versions: - - '7.x' + - 3.x + - 4.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: diff --git a/data/cisagov_N.yml b/data/cisagov_N.yml index 3ce3b55..596c681 100644 --- a/data/cisagov_N.yml +++ b/data/cisagov_N.yml @@ -32,7 +32,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Nagios product: '' cves: @@ -61,7 +61,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: NAKIVO product: '' cves: @@ -90,7 +90,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: National Instruments product: OptimalPlus cves: @@ -102,9 +102,9 @@ software: cve-2021-44228: investigated: true affected_versions: - - 'Vertica' - - 'Cloudera' - - 'Logstash' + - Vertica + - Cloudera + - Logstash fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -136,7 +136,7 @@ software: investigated: true affected_versions: - '>4.2' - - '<4..2.12' + - <4..2.12 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -182,7 +182,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Netcup product: '' cves: @@ -211,7 +211,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: NetGate PFSense product: '' cves: @@ -240,7 +240,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Netwrix product: '' cves: @@ -269,7 +269,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: New Relic product: Containerized Private Minion (CPM) cves: @@ -282,7 +282,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '3.0.57' + - 3.0.57 unaffected_versions: [] cve-2021-45046: investigated: false @@ -312,7 +312,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '<7.4.3' + - <7.4.3 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -360,7 +360,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Nextflow product: Nextflow cves: @@ -374,7 +374,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '21.04.0.5552' + - 21.04.0.5552 cve-2021-45046: investigated: false affected_versions: [] @@ -448,7 +448,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: NinjaRMM product: '' cves: @@ -478,7 +478,7 @@ software: by CISA references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Nomachine product: '' cves: @@ -507,7 +507,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: NoviFlow product: '' cves: @@ -536,7 +536,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Nulab product: Backlog cves: @@ -566,7 +566,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Nulab product: Backlog Enterprise (On-premises) cves: @@ -596,7 +596,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Nulab product: Cacoo cves: @@ -626,7 +626,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Nulab product: Cacoo Enterprise (On-premises) cves: @@ -656,7 +656,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Nulab product: Typetalk cves: @@ -686,7 +686,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Nutanix product: AHV cves: @@ -1343,7 +1343,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: Nutanix - product: Leap + product: LCM cves: cve-2021-4104: investigated: false @@ -1351,10 +1351,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1367,12 +1368,12 @@ software: unaffected_versions: [] vendor_links: - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf - notes: Saas-Based Procuct. See Advisory. + notes: '' references: - '' last_updated: '2021-12-20T00:00:00' - vendor: Nutanix - product: LCM + product: Leap cves: cve-2021-4104: investigated: false @@ -1380,11 +1381,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1397,7 +1397,7 @@ software: unaffected_versions: [] vendor_links: - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf - notes: '' + notes: Saas-Based Procuct. See Advisory. references: - '' last_updated: '2021-12-20T00:00:00' @@ -1758,7 +1758,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: NXLog product: '' cves: @@ -1787,5 +1787,5 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' ... diff --git a/data/cisagov_O.yml b/data/cisagov_O.yml index 4751f7c..bf866b1 100644 --- a/data/cisagov_O.yml +++ b/data/cisagov_O.yml @@ -32,7 +32,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: OCLC product: '' cves: @@ -61,7 +61,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Octopus product: '' cves: @@ -90,7 +90,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Okta product: Advanced Server Access cves: @@ -295,7 +295,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: Okta - product: Okta RADIUS Server Agent + product: Okta On-Prem MFA Agent cves: cve-2021-4104: investigated: false @@ -305,7 +305,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - < 2.17.0 + - < 1.4.6 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -319,13 +319,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://trust.okta.com/security-advisories/okta-radius-server-agent-cve-2021-44228 + - https://trust.okta.com/security-advisories/okta-on-prem-mfa-agent-cve-2021-44228 notes: '' references: - '' last_updated: '2021-12-12T00:00:00' - vendor: Okta - product: Okta Verify + product: Okta RADIUS Server Agent cves: cve-2021-4104: investigated: false @@ -333,8 +333,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - < 2.17.0 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -348,13 +349,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://sec.okta.com/articles/2021/12/log4shell + - https://trust.okta.com/security-advisories/okta-radius-server-agent-cve-2021-44228 notes: '' references: - '' last_updated: '2021-12-12T00:00:00' - vendor: Okta - product: Okta Workflows + product: Okta Verify cves: cve-2021-4104: investigated: false @@ -383,7 +384,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: Okta - product: Okta On-Prem MFA Agent + product: Okta Workflows cves: cve-2021-4104: investigated: false @@ -391,9 +392,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - < 1.4.6 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -407,7 +407,7 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://trust.okta.com/security-advisories/okta-on-prem-mfa-agent-cve-2021-44228 + - https://sec.okta.com/articles/2021/12/log4shell notes: '' references: - '' @@ -440,7 +440,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Opengear product: '' cves: @@ -469,7 +469,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: OpenMRS TALK product: '' cves: @@ -498,7 +498,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: OpenNMS product: '' cves: @@ -527,7 +527,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: OpenSearch product: '' cves: @@ -556,7 +556,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: OpenText product: '' cves: @@ -587,7 +587,7 @@ software: - '' last_updated: '2021-12-23T00:00:00' - vendor: Opto 22 - product: GRV-EPIC-PR1, GRV-EPIC-PR2 + product: GROOV-AR1, GROOV-AR1-BASE, GROOV-AR1-SNAP cves: cve-2021-4104: investigated: false @@ -597,9 +597,9 @@ software: cve-2021-44228: investigated: true affected_versions: - - < 3.3.2 + - < 4.3g fixed_versions: - - 3.3.2 + - 4.3g unaffected_versions: [] cve-2021-45046: investigated: false @@ -618,7 +618,7 @@ software: - '' last_updated: '2022-01-13T00:00:00' - vendor: Opto 22 - product: GROOV-AR1, GROOV-AR1-BASE, GROOV-AR1-SNAP + product: GROOV-AT1, GROOV-AT1-SNAP cves: cve-2021-4104: investigated: false @@ -649,7 +649,7 @@ software: - '' last_updated: '2022-01-13T00:00:00' - vendor: Opto 22 - product: GROOV-AT1, GROOV-AT1-SNAP + product: GROOV-SVR-WIN, GROOV-SVR-WIN-BASE, GROOV-SVR-WIN-SNAP cves: cve-2021-4104: investigated: false @@ -680,7 +680,7 @@ software: - '' last_updated: '2022-01-13T00:00:00' - vendor: Opto 22 - product: GROOV-SVR-WIN, GROOV-SVR-WIN-BASE, GROOV-SVR-WIN-SNAP + product: GRV-EPIC-PR1, GRV-EPIC-PR2 cves: cve-2021-4104: investigated: false @@ -690,9 +690,9 @@ software: cve-2021-44228: investigated: true affected_versions: - - < 4.3g + - < 3.3.2 fixed_versions: - - 4.3g + - 3.3.2 unaffected_versions: [] cve-2021-45046: investigated: false @@ -741,7 +741,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Oracle - product: Exadata + product: Enterprise Manager cves: cve-2021-4104: investigated: false @@ -751,7 +751,8 @@ software: cve-2021-44228: investigated: true affected_versions: - - <21.3.4 + - '13.5' + - 13.4 & 13.3.2 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -773,7 +774,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Oracle - product: Enterprise Manager + product: Exadata cves: cve-2021-4104: investigated: false @@ -783,8 +784,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '13.5' - - 13.4 & 13.3.2 + - <21.3.4 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -833,7 +833,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Osirium product: PAM cves: @@ -862,7 +862,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Osirium product: PEM cves: @@ -891,7 +891,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Osirium product: PPA cves: @@ -920,7 +920,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: OTRS product: '' cves: @@ -949,7 +949,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: OVHCloud product: '' cves: @@ -978,7 +978,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: OwnCloud product: '' cves: @@ -1007,7 +1007,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: OxygenXML product: Author cves: diff --git a/data/cisagov_P.yml b/data/cisagov_P.yml index 4dbb587..c0bd941 100644 --- a/data/cisagov_P.yml +++ b/data/cisagov_P.yml @@ -36,4 +36,2752 @@ software: references: - '' last_updated: '2021-12-21T00:00:00' + - vendor: Palantir + product: Palantir AI Inference Platform (AIP) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - All + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.palantir.com/security-advisories/log4j-vulnerability/ + notes: Fully remediated as of 1.97.0. Disconnected customer instances may require + manual updates. + references: + - '' + last_updated: '2021-12-19T00:00:00' + - vendor: Palantir + product: Palantir Apollo + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.palantir.com/security-advisories/log4j-vulnerability/ + notes: No impact, and updates have been deployed for full remediation. + references: + - '' + last_updated: '2021-12-19T00:00:00' + - vendor: Palantir + product: Palantir Foundry + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - All + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.palantir.com/security-advisories/log4j-vulnerability/ + notes: No impact to Palantir-hosted or Apollo-connected instances, and updates + have been deployed for full remediation. Disconnected customer instances may + require manual updates. + references: + - '' + last_updated: '2021-12-19T00:00:00' + - vendor: Palantir + product: Palantir Gotham + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - All + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.palantir.com/security-advisories/log4j-vulnerability/ + notes: No impact to Palantir-hosted or Apollo-connected instances, and updates + have been deployed for full remediation. Disconnected customer instances may + require manual updates. + references: + - '' + last_updated: '2021-12-19T00:00:00' + - vendor: Palo-Alto Networks + product: Bridgecrew + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security.paloaltonetworks.com/CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: CloudGenix + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security.paloaltonetworks.com/CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: Cortex Data Lake + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security.paloaltonetworks.com/CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: Cortex XDR Agent + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security.paloaltonetworks.com/CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: Cortex Xpanse + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security.paloaltonetworks.com/CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: Cortex XSOAR + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security.paloaltonetworks.com/CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: Expedition + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security.paloaltonetworks.com/CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: GlobalProtect App + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security.paloaltonetworks.com/CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: IoT Security + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security.paloaltonetworks.com/CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: Okyo Grade + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security.paloaltonetworks.com/CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: Palo-Alto Networks-OS for Firewall and Wildfire + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security.paloaltonetworks.com/CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: Palo-Alto Networks-OS for Panorama + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '9.0' + - '9.1' + - '10.0' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security.paloaltonetworks.com/CVE-2021-44228 + notes: '' + references: + - Upgrade Panorama to PAN-OS 10.1 to remediate this issue. This advisory will + be updated when hot fixes for the affected Panorama versions are available. + PAN-OS for Panorama versions 8.1, 10.1 are not affected. + last_updated: '2021-12-15T00:00:00' + - vendor: Palo-Alto Networks + product: Prisma Access + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security.paloaltonetworks.com/CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: Prisma Cloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security.paloaltonetworks.com/CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: Prisma Cloud Compute + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security.paloaltonetworks.com/CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: SaaS Security + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security.paloaltonetworks.com/CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: User-ID Agent + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security.paloaltonetworks.com/CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: WildFire Appliance + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security.paloaltonetworks.com/CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: WildFire Cloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security.paloaltonetworks.com/CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Panopto + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.panopto.com/s/article/Panopto-Statement-on-the-Log4j2-Zero-Day-Vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PaperCut + product: PaperCut MF + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 21.0 and later + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.papercut.com/support/known-issues/?id=PO-684#ng + notes: Versions 21.0 and later are impacted. Versions 20 and earlier are NOT impacted + by this. Workaround manual steps available in reference. Upgrade to PaperCut + NG/MF version 21.2.3 Now Available to resolve. + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: PaperCut + product: PaperCut NG + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 21.0 and later + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.papercut.com/support/known-issues/?id=PO-684#ng + notes: Versions 21.0 and later are impacted. Versions 20 and earlier are NOT impacted + by this. Workaround manual steps available in reference. Upgrade to PaperCut + NG/MF version 21.2.3 Now Available to resolve. + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Parallels + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.parallels.com/en/128696 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Parse.ly + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blog.parse.ly/parse-ly-log4shell/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PBXMonitor + product: RMM for 3CX PBX + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.pbxmonitor.net/changelog.php + notes: Mirror Servers were also checked to ensure Log4J was not installed or being + used by any of our systems. + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: Pega + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.pega.com/security-advisory/security-advisory-apache-log4j-zero-day-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pentaho + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.pentaho.com/hc/en-us/articles/4416229254541-log4j-2-zero-day-vulnerability-No-impact-to-supported-versions-of-Pentaho- + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pepperl+Fuchs + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.pepperl-fuchs.com/global/en/29079.htm + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Percona + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.percona.com/blog/log4jshell-vulnerability-update/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pexip + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.pexip.com/blog1.0/pexip-statement-on-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Phenix Id + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.phenixid.se/uncategorized/log4j-fix/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Philips + product: Multiple products + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.philips.com/a-w/security/security-advisories.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PHOENIX CONTACT + product: Cloud Services + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://dam-mdc.phoenixcontact.com/asset/156443151564/1a0f6db6bbc86540bfe4f05fd65877f4/Vulnerability_Statement_Log4J_20211215.pdf + notes: Partly affected. Remediations are being implemented. + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: PHOENIX CONTACT + product: Physical products containing firmware + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://dam-mdc.phoenixcontact.com/asset/156443151564/1a0f6db6bbc86540bfe4f05fd65877f4/Vulnerability_Statement_Log4J_20211215.pdf + notes: '' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: PHOENIX CONTACT + product: Software Products + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://dam-mdc.phoenixcontact.com/asset/156443151564/1a0f6db6bbc86540bfe4f05fd65877f4/Vulnerability_Statement_Log4J_20211215.pdf + notes: '' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: Ping Identity + product: PingAccess + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 4.0 <= version <= 6.3.2 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Ping Identity + product: PingCentral + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Ping Identity + product: PingFederate + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 8.0 <= version <= 10.3.4 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Ping Identity + product: PingFederate Java Integration Kit + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - < 2.7.2 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Ping Identity + product: PingFederate OAuth Playground + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - < 4.3.1 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Ping Identity + product: PingIntelligence + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Pitney Bowes + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.pitneybowes.com/us/support/apache-log4j-vulnerability.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Planmeca + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.planmeca.com/apache-log4j-vulnerability-in-planmeca-products/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Planon Software + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://my.planonsoftware.com/uk/news/log4j-impact-on-planon/ + notes: This advisory is available for customers only and has not been reviewed + by CISA + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Platform.SH + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://platform.sh/blog/2021/platformsh-protects-from-apache-log4j/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Plesk + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.plesk.com/hc/en-us/articles/4412182812818-CVE-2021-44228-vulnerability-in-log4j-package-of-Apache + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Plex + product: Plex Industrial IoT + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605 + notes: The product has been updated to Log4j version 2.15. An additional patch + is being developed to update to 2.16. No user interaction is required. + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Polycom + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.polycom.com/content/dam/polycom-support/global/documentation/plygn-21-08-poly-systems-apache.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Portainer + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.portainer.io/blog/portainer-statement-re-log4j-cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PortSwigger + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forum.portswigger.net/thread/are-burp-collaborator-or-burp-enterprise-vulnerable-to-log4j-dc6524e0 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PostGreSQL + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.postgresql.org/about/news/postgresql-jdbc-and-the-log4j-cve-2371/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Postman + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.postman.com/hc/en-us/articles/4415791933335-Is-Postman-impacted-by-the-Log4j-vulnerability-CVE-2021-44228- + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Power Admin LLC + product: PA File Sight + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - NONE + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: [] + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Power Admin LLC + product: PA Server Monitor + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - NONE + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: [] + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Power Admin LLC + product: PA Storage Monitor + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - NONE + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: [] + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Pretix + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://pretix.eu/about/de/blog/20211213-log4j/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PrimeKey + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.primekey.com/news/posts/information-about-primekey-products-and-log4j-vulnerability-cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Progress / IpSwitch + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.progress.com/security + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: ProofPoint + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://proofpointcommunities.force.com/community/s/article/Proofpoint-Statement-Regarding-CVE-2021-44228-Java-logging-package-log4j2 + notes: This advisory is available for customers only and has not been reviewed + by CISA + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: ProSeS + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proses.de/en/2021/12/16/log4shell-cve-2021-44228/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Prosys + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://prosysopc.com/news/important-security-release/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Proxmox + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forum.proxmox.com/threads/log4j-exploit-what-to-do.101254/#post-436880 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PRTG Paessler + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.paessler.com/en/topic/90213-is-prtg-affected-by-cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTC + product: Axeda Platform + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 6.9.2 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358990 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: ThingsWorx Analytics + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '8.5' + - '9.0' + - '9.1' + - '9.2' + - All supported versions + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358901 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: ThingsWorx Platform + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '8.5' + - '9.0' + - '9.1' + - '9.2' + - All supported versions + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358901 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTV Group + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pulse Secure + product: Ivanti Connect Secure (ICS) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pulse Secure + product: Ivanti Neurons for secure Access + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pulse Secure + product: Ivanti Neurons for secure Access + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pulse Secure + product: Ivanti Neurons for ZTA + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pulse Secure + product: Ivanti Neurons for ZTA + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pulse Secure + product: Pulse Connect Secure + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pulse Secure + product: Pulse Desktop Client + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pulse Secure + product: Pulse Mobile Client + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pulse Secure + product: Pulse One + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pulse Secure + product: Pulse Policy Secure + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pulse Secure + product: Pulse Secure Services Director + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pulse Secure + product: Pulse Secure Virtual Traffic Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pulse Secure + product: Pulse Secure Web Application Firewall + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pulse Secure + product: Pulse ZTA + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Puppet + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://puppet.com/blog/puppet-response-to-remote-code-execution-vulnerability-cve-2021-44228/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pure Storage + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_(%22log4j%22) + notes: This advisory is available for customers only and has not been reviewed + by CISA + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pure Storage + product: Cloud Blockstore + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - CBS6.1.x + - CBS6.2.x + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j + notes: Patch expected 12/27/2021 + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Pure Storage + product: Flash Array + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 5.3.x + - 6.0.x + - 6.1.x + - 6.2.x + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j + notes: Patch expected 12/20/2021 + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Pure Storage + product: FlashBlade + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 3.1.x + - 3.2.x + - 3.3.x + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j + notes: Patch expected 12/24/2021 + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Pure Storage + product: PortWorx + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 2.8.0+ + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Pure Storage + product: Pure1 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - N/A + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Pyramid Analytics + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.pyramidanalytics.com/t/83hjjt4/log4j-security-vulnerability-pyramid + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' ... diff --git a/data/cisagov_Q.yml b/data/cisagov_Q.yml index d877f90..7062f16 100644 --- a/data/cisagov_Q.yml +++ b/data/cisagov_Q.yml @@ -32,7 +32,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Qlik product: '' cves: @@ -61,9 +61,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: QMATIC - product: Orchestra Central + product: Appointment Booking cves: cve-2021-4104: investigated: false @@ -72,10 +72,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 2.4+ fixed_versions: [] - unaffected_versions: - - 6.0+ + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -88,7 +88,7 @@ software: unaffected_versions: [] vendor_links: - https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability - notes: '' + notes: Update to v. 2.8.2 which contains log4j 2.16 references: - '' last_updated: '2021-12-21T00:00:00' @@ -103,7 +103,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 2.4+ + - Cloud/Managed Service fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -118,7 +118,7 @@ software: unaffected_versions: [] vendor_links: - https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability - notes: Update to v. 2.8.2 which contains log4j 2.16 + notes: log4j 2.16 applied 2021-12-15 references: - '' last_updated: '2021-12-21T00:00:00' @@ -153,7 +153,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: QMATIC - product: Appointment Booking + product: Orchestra Central cves: cve-2021-4104: investigated: false @@ -162,10 +162,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Cloud/Managed Service + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 6.0+ cve-2021-45046: investigated: false affected_versions: [] @@ -178,7 +178,7 @@ software: unaffected_versions: [] vendor_links: - https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability - notes: log4j 2.16 applied 2021-12-15 + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' @@ -210,7 +210,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: QOPPA product: '' cves: @@ -239,7 +239,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: QSC Q-SYS product: '' cves: @@ -268,7 +268,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: QT product: '' cves: @@ -297,7 +297,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Quest Global product: '' cves: @@ -326,5 +326,5 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' ... diff --git a/data/cisagov_R.yml b/data/cisagov_R.yml index a8df413..ab52902 100644 --- a/data/cisagov_R.yml +++ b/data/cisagov_R.yml @@ -4,6 +4,2861 @@ owners: - name: cisagov url: https://github.com/cisagov/log4j-affected-db software: + - vendor: R + product: R + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 4.1.1 + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.r-project.org/ + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: R2ediviewer + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://r2ediviewer.de/DE/reload.html?Change-log_17858584.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Radware + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.radware.com/app/answers/answer_view/a_id/1029752 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Rapid7 + product: AlcidekArt, kAdvisor, and kAudit + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - on-prem + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: AppSpider Enterprise + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - on-prem + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: AppSpider Pro + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - on-prem + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: Insight Agent + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - on-prem + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: InsightAppSec Scan Engine + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - on-prem + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: InsightAppSec Scan Engine + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - on-prem + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: InsightCloudSec/DivvyCloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - on-prem + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: InsightConnect Orchestrator + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - on-prem + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: InsightIDR Network Sensor + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - on-prem + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: InsightIDR/InsightOps Collector & Event Sources + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - on-prem + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: InsightOps DataHub + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - InsightOps DataHub <= 2.0 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: Upgrade [DataHub to version 2.0.1](https://rep.logentries.com/datahub/DataHub_2.0.1.deb) + using the [following instructions](https://docs.rapid7.com/insightops/setting-up-datahub/). + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: InsightOps non-Java logging libraries + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - on-prem + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: InsightOps r7insight_java logging library + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - <=3.0.8 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: Upgrade [r7insight_java](https://github.com/rapid7/r7insight_java) to 3.0.9 + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: InsightVM Kubernetes Monitor + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - on-prem + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: InsightVM/Nexpose + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - on-prem + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: InsightVM/Nexpose Console + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - on-prem + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: Installations of the InsightVM/Nexpose have “log4j-over-slf4j-1.7.7.jar” + packaged in them. This is a different library than log4j-core and is not vulnerable + to Log4Shell. + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: InsightVM/Nexpose Engine + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - on-prem + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: Installations of the InsightVM/Nexpose have “log4j-over-slf4j-1.7.7.jar” + packaged in them. This is a different library than log4j-core and is not vulnerable + to Log4Shell. + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: IntSights virtual appliance + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - on-prem + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: Logentries DataHub + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - Linux version <= 1.2.0.820; Windows version <= 1.2.0.820 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: 'Linux: Install DataHub_1.2.0.822.deb using the following [instructions](https://docs.logentries.com/docs/datahub-linux). + Windows: Run version 1.2.0.822 in a Docker container or as a Java command per + these [instructions](https://docs.logentries.com/docs/datahub-windows). You + can find more details [here](https://docs.logentries.com/docs/datahub-linux).' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: Logentries le_java logging library + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 'All versions: this is a deprecated component' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: Migrate to version 3.0.9 of [r7insight_java](https://github.com/rapid7/r7insight_java) + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: Metasploit Framework + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - on-prem + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: Metasploit Pro + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - on-prem + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: Metasploit Pro ships with log4j but has specific configurations applied + to it that mitigate Log4Shell. A future update will contain a fully patched + version of log4j. + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: tCell Java Agent + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - on-prem + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: Velociraptor + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - on-prem + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Raritan + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.raritan.com/support + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Ravelin + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://syslog.ravelin.com/log4shell-cve-2021-44228-4338bb8da67b + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Real-Time Innovations (RTI) + product: Distributed Logger + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Real-Time Innovations (RTI) + product: Recording Console + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Real-Time Innovations (RTI) + product: RTI Administration Console + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Real-Time Innovations (RTI) + product: RTI Code Generator + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Real-Time Innovations (RTI) + product: RTI Code Generator Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Real-Time Innovations (RTI) + product: RTI Micro Application Generator (MAG) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - as part of RTI Connext Micro 3.0.0 + - 3.0.1 + - 3.0.2 + - 3.0.3 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Real-Time Innovations (RTI) + product: RTI Micro Application Generator (MAG) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - as part of RTI Connext Professional 6.0.0 and 6.0.1 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Real-Time Innovations (RTI) + product: RTI Monitor + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Red Hat + product: log4j-core + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat + product: Red Hat Integration Camel K + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '[RHSA-2021:5130](https://access.redhat.com/errata/RHSA-2021:5130)' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat + product: Red Hat build of Quarkus + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Red Hat + product: Red Hat CodeReady Studio + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 12.21.0 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '[CRS 12.21.1 Patch](https://developers.redhat.com/products/codeready-studio/download?source=sso)' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat + product: Red Hat Data Grid + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '8' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '[RHSA-2021:5132](http://access.redhat.com/errata/RHSA-2021:5132)' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat + product: Red Hat Decision Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '7' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Red Hat + product: Red Hat Enterprise Linux + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '6' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Red Hat + product: Red Hat Enterprise Linux + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '7' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Red Hat + product: Red Hat Enterprise Linux + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '8' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Red Hat + product: Red Hat Integration Camel Quarkus + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '[RHSA-2021:5126](https://access.redhat.com/errata/RHSA-2021:5126)' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat + product: Red Hat JBoss A-MQ Streaming + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '[RHSA-2021:5138](https://access.redhat.com/errata/RHSA-2021:5138)' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat + product: Red Hat JBoss Enterprise Application Platform + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '7' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: "[Maven Patch](https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform&downloadType=securityPatches&version=7.4)\ + \ - Affects only the Mavenized distribution. Container, Zip and RPM distro aren't\ + \ affected." + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat + product: Red Hat JBoss Enterprise Application Platform Expansion Pack + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '7' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Red Hat + product: Red Hat JBoss Fuse + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '7' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '[RHSA-2021:5134](https://access.redhat.com/errata/RHSA-2021:5134)' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat + product: Red Hat Process Automation + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '7' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: "[Maven Patch](https://access.redhat.com/jbossnetwork/restricted/softwareDetail.html?softwareId=103671&product=rhpam&version=7.11.1&downloadType=patches)\ + \ - Affects only the Mavenized distribution. Container, Zip and RPM distro aren't\ + \ affected." + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat + product: Red Hat Single Sign-On + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '7' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat + product: Red Hat Vert.X + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '4' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '[RHSA-2021:5093](https://access.redhat.com/errata/RHSA-2021:5093)' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat + product: Satellite 5 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat + product: Spacewalk + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat OpenShift Container Platform 3.11 + product: openshift3/ose-logging-elasticsearch5 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '[RHSA-2021:5094](http://access.redhat.com/errata/RHSA-2021:5094)' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat OpenShift Container Platform 4 + product: openshift4/ose-logging-elasticsearch6 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: Please refer to Red Hat Customer Portal to find the right errata for your + version. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat OpenShift Container Platform 4 + product: openshift4/ose-metering-hive + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: Please refer to Red Hat Customer Portal to find the right errata for your + version. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat OpenShift Container Platform 4 + product: openshift4/ose-metering-presto + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: Please refer to Red Hat Customer Portal to find the right errata for your + version. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat OpenShift Logging + product: logging-elasticsearch6-container + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: Please refer to Red Hat Customer Portal to find the right errata for your + version. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat OpenStack Platform 13 (Queens) + product: opendaylight + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: End of Life + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat Software Collections + product: rh-java-common-log4j + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat Software Collections + product: rh-maven35-log4j12 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat Software Collections + product: rh-maven36-log4j12 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red5Pro + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.red5pro.com/blog/red5-marked-safe-from-log4j-and-log4j2-zero-day/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: RedGate + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.red-gate.com/privacy-and-security/vulnerabilities/2021-12-15-log4j-statement + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Redis + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://redis.com/security/notice-apache-log4j2-cve-2021-44228/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Reiner SCT + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forum.reiner-sct.com/index.php?/topic/5973-timecard-und-log4j-schwachstelle/&do=findComment&comment=14933 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: ReportURI + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://scotthelme.co.uk/responding-to-the-log4j-2-vulnerability/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: ResMed + product: AirView + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.resmed.com/en-us/security/ + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: ResMed + product: myAir + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.resmed.com/en-us/security/ + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Respondus + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.respondus.com/support/index.php?/News/NewsItem/View/339 + notes: This advisory is available to customers only and has not been reviewed + by CISA + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Revenera / Flexera + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.flexera.com/t5/Revenera-Company-News/Security-Advisory-Log4j-Java-Vulnerability-CVE-2021-44228/ba-p/216905 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Ricoh + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ricoh.com/info/2021/1215_1/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: RingCentral + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ringcentral.com/trust-center/security-bulletin.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Riverbed + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://supportkb.riverbed.com/support/index?page=content&id=S35645 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Rockwell Automation + product: FactoryTalk Analytics DataFlowML + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 4.00.00 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rockwell Automation + product: FactoryTalk Analytics DataView + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 3.03.00 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rockwell Automation + product: Industrial Data Center + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - Gen 1 + - Gen 2 + - Gen 3 + - Gen 3.5 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rockwell Automation + product: MES EIG + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 3.03.00 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605 + notes: Customers should upgrade to EIG Hub if possible or work with their local + representatives about alternative solutions. + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rockwell Automation + product: VersaVirtual + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - Series A + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rockwell Automation + product: Warehouse Management + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 4.01.00 + - 4.02.00 + - 4.02.01 + - 4.02.02 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rollbar + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://rollbar.com/blog/log4j-zero-day-2021-log4shell/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Rosette.com + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.rosette.com/hc/en-us/articles/4416216525965-Log4j-Vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: RSA + product: SecurID Authentication Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: [] + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: RSA + product: SecurID Authentication Manager Prime + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: [] + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: RSA + product: SecurID Authentication Manager WebTier + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: [] + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: RSA + product: SecurID Governance and Lifecycle + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: [] + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: RSA + product: SecurID Governance and Lifecycle Cloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: [] + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: RSA + product: SecurID Identity Router + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: [] + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: RSA Netwitness + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.rsa.com/t5/netwitness-platform-product/netwitness-apache-vulnerability-log4j2-cve-2021-44228-nbsp/ta-p/660540 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Rstudioapi + product: Rstudioapi + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '0.13' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://github.com/rstudio/rstudioapi + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Rubrik + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.rubrik.com/s/announcementdetail?Id=a406f000001PwOcAAK + notes: This advisory is available to customers only and has not been reviewed + by CISA + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Ruckus + product: Virtual SmartZone (vSZ) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 5.1 to 6.0 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ruckuswireless.com/security_bulletins/313 + notes: '' + references: + - '' + last_updated: '2021-12-13T00:00:00' + - vendor: RunDeck by PagerDuty + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.rundeck.com/docs/history/CVEs/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Runecast product: Runecast Analyzer cves: @@ -33,5 +2888,5 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' ... diff --git a/data/cisagov_S.yml b/data/cisagov_S.yml index 7fc98d8..8959d90 100644 --- a/data/cisagov_S.yml +++ b/data/cisagov_S.yml @@ -32,7 +32,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: SAFE FME Server product: '' cves: @@ -61,7 +61,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: SAGE product: '' cves: @@ -90,7 +90,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: SailPoint product: '' cves: @@ -120,7 +120,7 @@ software: by CISA references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Salesforce product: Analytics Cloud cves: @@ -778,7 +778,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Samsung Electronics America - product: Knox Reseller Portal + product: Knox Admin Portal cves: cve-2021-4104: investigated: false @@ -788,15 +788,15 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - 'Cloud' - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: true affected_versions: [] - fixed_versions: - - 'Cloud' - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45105: investigated: false affected_versions: [] @@ -809,7 +809,7 @@ software: - '' last_updated: '2022-01-17T00:00:00' - vendor: Samsung Electronics America - product: Knox Manage + product: Knox Asset Intelligence cves: cve-2021-4104: investigated: false @@ -819,15 +819,15 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - 'Cloud' - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: true affected_versions: [] - fixed_versions: - - 'Cloud' - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45105: investigated: false affected_versions: [] @@ -840,7 +840,7 @@ software: - '' last_updated: '2022-01-17T00:00:00' - vendor: Samsung Electronics America - product: Knox Admin Portal + product: Knox Configure cves: cve-2021-4104: investigated: false @@ -852,13 +852,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45105: investigated: false affected_versions: [] @@ -871,7 +871,7 @@ software: - '' last_updated: '2022-01-17T00:00:00' - vendor: Samsung Electronics America - product: Knox Mobile Enrollment + product: Knox E-FOTA One cves: cve-2021-4104: investigated: false @@ -883,13 +883,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45105: investigated: false affected_versions: [] @@ -902,7 +902,7 @@ software: - '' last_updated: '2022-01-17T00:00:00' - vendor: Samsung Electronics America - product: Knox Configure + product: Knox Guard cves: cve-2021-4104: investigated: false @@ -914,13 +914,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45105: investigated: false affected_versions: [] @@ -933,7 +933,7 @@ software: - '' last_updated: '2022-01-17T00:00:00' - vendor: Samsung Electronics America - product: Knox Asset Intelligence + product: Knox License Management cves: cve-2021-4104: investigated: false @@ -945,13 +945,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45105: investigated: false affected_versions: [] @@ -964,7 +964,7 @@ software: - '' last_updated: '2022-01-17T00:00:00' - vendor: Samsung Electronics America - product: Knox E-FOTA One + product: Knox Manage cves: cve-2021-4104: investigated: false @@ -974,15 +974,15 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - 'All' + fixed_versions: + - Cloud + unaffected_versions: [] cve-2021-45046: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - 'All' + fixed_versions: + - Cloud + unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] @@ -1007,13 +1007,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45105: investigated: false affected_versions: [] @@ -1026,7 +1026,7 @@ software: - '' last_updated: '2022-01-17T00:00:00' - vendor: Samsung Electronics America - product: Knox Guard + product: Knox Mobile Enrollment cves: cve-2021-4104: investigated: false @@ -1038,13 +1038,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45105: investigated: false affected_versions: [] @@ -1057,7 +1057,7 @@ software: - '' last_updated: '2022-01-17T00:00:00' - vendor: Samsung Electronics America - product: Knox License Management + product: Knox Reseller Portal cves: cve-2021-4104: investigated: false @@ -1067,15 +1067,15 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - 'All' + fixed_versions: + - Cloud + unaffected_versions: [] cve-2021-45046: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - 'All' + fixed_versions: + - Cloud + unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] @@ -1115,7 +1115,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: SAP product: '' cves: @@ -1234,7 +1234,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: SASSAFRAS product: '' cves: @@ -1263,7 +1263,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Savignano software solutions product: '' cves: @@ -1292,7 +1292,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: SBT product: SBT cves: @@ -1352,7 +1352,7 @@ software: by CISA references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: ScaleFusion MobileLock Pro product: '' cves: @@ -1381,9 +1381,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Schneider Electric - product: EcoStruxure IT Gateway + product: EASYFIT cves: cve-2021-4104: investigated: false @@ -1392,9 +1392,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: - - V1.5.0 to V1.13.0 + affected_versions: + - Current software and earlier + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -1407,13 +1407,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://ecostruxureit.com/download-and-set-upecostruxureit-gateway/ + - https://www.se.com/us/en/download/document/7EN52-0390/ notes: '' references: - '' last_updated: '2021-12-20T00:00:00' - vendor: Schneider Electric - product: EcoStruxure IT Expert + product: Ecoreal XL cves: cve-2021-4104: investigated: false @@ -1422,9 +1422,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: - - Cloud + affected_versions: + - Current software and earlier + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -1436,13 +1436,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://www.se.com/us/en/download/document/7EN52-0390/ notes: '' references: - '' last_updated: '2021-12-20T00:00:00' - vendor: Schneider Electric - product: Facility Expert Small Business + product: EcoStruxure IT Expert cves: cve-2021-4104: investigated: false @@ -1465,14 +1466,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.se.com/us/en/download/document/7EN52-0390/ + vendor_links: [] notes: '' references: - '' last_updated: '2021-12-20T00:00:00' - vendor: Schneider Electric - product: Wiser by SE platform + product: EcoStruxure IT Gateway cves: cve-2021-4104: investigated: false @@ -1483,7 +1483,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - Cloud + - V1.5.0 to V1.13.0 unaffected_versions: [] cve-2021-45046: investigated: false @@ -1495,13 +1495,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://ecostruxureit.com/download-and-set-upecostruxureit-gateway/ notes: '' references: - '' last_updated: '2021-12-20T00:00:00' - vendor: Schneider Electric - product: EASYFIT + product: Eurotherm Data Reviewer cves: cve-2021-4104: investigated: false @@ -1511,7 +1512,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - Current software and earlier + - V3.0.2 and prior fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -1531,7 +1532,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: Schneider Electric - product: Ecoreal XL + product: Facility Expert Small Business cves: cve-2021-4104: investigated: false @@ -1540,9 +1541,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Current software and earlier - fixed_versions: [] + affected_versions: [] + fixed_versions: + - Cloud unaffected_versions: [] cve-2021-45046: investigated: false @@ -1561,7 +1562,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: Schneider Electric - product: Eurotherm Data Reviewer + product: MSE cves: cve-2021-4104: investigated: false @@ -1571,7 +1572,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - V3.0.2 and prior + - Current software and earlier fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -1591,7 +1592,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: Schneider Electric - product: MSE + product: NetBotz750/755 cves: cve-2021-4104: investigated: false @@ -1601,7 +1602,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - Current software and earlier + - Software versions 5.0 through 5.3.0 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -1621,7 +1622,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: Schneider Electric - product: NetBotz750/755 + product: NEW630 cves: cve-2021-4104: investigated: false @@ -1631,7 +1632,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - Software versions 5.0 through 5.3.0 + - Current software and earlier fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -1651,7 +1652,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: Schneider Electric - product: NEW630 + product: SDK BOM cves: cve-2021-4104: investigated: false @@ -1681,7 +1682,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: Schneider Electric - product: SDK BOM + product: SDK-Docgen cves: cve-2021-4104: investigated: false @@ -1711,7 +1712,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: Schneider Electric - product: SDK-Docgen + product: SDK-TNC cves: cve-2021-4104: investigated: false @@ -1741,7 +1742,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: Schneider Electric - product: SDK-TNC + product: SDK-UMS cves: cve-2021-4104: investigated: false @@ -1771,7 +1772,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: Schneider Electric - product: SDK-UMS + product: SDK3D2DRenderer cves: cve-2021-4104: investigated: false @@ -1801,7 +1802,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: Schneider Electric - product: SDK3D2DRenderer + product: SDK3D360Widget cves: cve-2021-4104: investigated: false @@ -1831,7 +1832,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: Schneider Electric - product: SDK3D360Widget + product: Select and Config DATA cves: cve-2021-4104: investigated: false @@ -1861,7 +1862,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: Schneider Electric - product: Select and Config DATA + product: SNC-API cves: cve-2021-4104: investigated: false @@ -1891,7 +1892,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: Schneider Electric - product: SNC-API + product: SNC-CMM cves: cve-2021-4104: investigated: false @@ -1921,7 +1922,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: Schneider Electric - product: SNC-CMM + product: SNCSEMTECH cves: cve-2021-4104: investigated: false @@ -1951,7 +1952,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: Schneider Electric - product: SNCSEMTECH + product: SPIMV3 cves: cve-2021-4104: investigated: false @@ -1981,7 +1982,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: Schneider Electric - product: SPIMV3 + product: SWBEditor cves: cve-2021-4104: investigated: false @@ -2011,7 +2012,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: Schneider Electric - product: SWBEditor + product: SWBEngine cves: cve-2021-4104: investigated: false @@ -2041,7 +2042,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: Schneider Electric - product: SWBEngine + product: Wiser by SE platform cves: cve-2021-4104: investigated: false @@ -2050,9 +2051,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Current software and earlier - fixed_versions: [] + affected_versions: [] + fixed_versions: + - Cloud unaffected_versions: [] cve-2021-45046: investigated: false @@ -2064,8 +2065,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.se.com/us/en/download/document/7EN52-0390/ + vendor_links: [] notes: '' references: - '' @@ -2127,7 +2127,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: ScreenBeam product: '' cves: @@ -2156,7 +2156,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: SDL worldServer product: '' cves: @@ -2185,7 +2185,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Seagull Scientific product: '' cves: @@ -2214,7 +2214,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: SecurePoint product: '' cves: @@ -2243,7 +2243,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Security Onion product: '' cves: @@ -2272,9 +2272,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Securonix - product: SNYPR Application + product: Extended Detection and Response (XDR) cves: cve-2021-4104: investigated: false @@ -2282,8 +2282,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -2297,8 +2298,8 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.securonix.com/wp-content/uploads/2021/12/CVE-2021-44228-Securonix-OnPrem-Customer-Update.pdf - notes: '' + - https://www.securonix.com/wp-content/uploads/2021/12/CVE-2021-44228-Securonix-Cloud-Customer-Update.pdf + notes: Patching ongoing as of 12/10/2021 references: - '' last_updated: '2021-12-10T00:00:00' @@ -2333,7 +2334,7 @@ software: - '' last_updated: '2021-12-10T00:00:00' - vendor: Securonix - product: User and Entity Behavior Analytics(UEBA) + product: Security Analytics and Operations Platform (SOAR) cves: cve-2021-4104: investigated: false @@ -2363,7 +2364,7 @@ software: - '' last_updated: '2021-12-10T00:00:00' - vendor: Securonix - product: Security Analytics and Operations Platform (SOAR) + product: SNYPR Application cves: cve-2021-4104: investigated: false @@ -2371,9 +2372,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - All + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -2387,13 +2387,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.securonix.com/wp-content/uploads/2021/12/CVE-2021-44228-Securonix-Cloud-Customer-Update.pdf - notes: Patching ongoing as of 12/10/2021 + - https://www.securonix.com/wp-content/uploads/2021/12/CVE-2021-44228-Securonix-OnPrem-Customer-Update.pdf + notes: '' references: - '' last_updated: '2021-12-10T00:00:00' - vendor: Securonix - product: Extended Detection and Response (XDR) + product: User and Entity Behavior Analytics(UEBA) cves: cve-2021-4104: investigated: false @@ -2451,7 +2451,7 @@ software: by CISA. references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: SentinelOne product: '' cves: @@ -2480,7 +2480,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Sentry product: '' cves: @@ -2509,7 +2509,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: SEP product: '' cves: @@ -2538,7 +2538,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Server Eye product: '' cves: @@ -2567,7 +2567,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: ServiceNow product: '' cves: @@ -2596,7 +2596,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Shibboleth product: '' cves: @@ -2625,7 +2625,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Shibboleth product: All Products cves: @@ -2685,7 +2685,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Siebel product: '' cves: @@ -2714,7 +2714,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Siemens product: Affected Products cves: @@ -2928,7 +2928,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Siemens Healthineers - product: DICOM Proxy VB10A + product: Cios Flow S1 / Alpha / Spin VA30 cves: cve-2021-4104: investigated: false @@ -2952,12 +2952,12 @@ software: unaffected_versions: [] vendor_links: - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'Workaround: remove the vulnerable class from the .jar file' + notes: evaluation ongoing references: - '' last_updated: '2021-12-22T00:00:00' - vendor: Siemens Healthineers - product: Somatom Scope Som5 VC50 + product: Cios Select FD/I.I. VA21 / VA21-S3P cves: cve-2021-4104: investigated: false @@ -2986,7 +2986,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Siemens Healthineers - product: Somatom Emotion Som5 VC50 + product: DICOM Proxy VB10A cves: cve-2021-4104: investigated: false @@ -3010,7 +3010,7 @@ software: unaffected_versions: [] vendor_links: - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: evaluation ongoing + notes: 'Workaround: remove the vulnerable class from the .jar file' references: - '' last_updated: '2021-12-22T00:00:00' @@ -3568,7 +3568,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Siemens Healthineers - product: Syngo Carbon Space VA10A / VA10A-CUT2 / VA20A + product: SENSIS DMCC / DMCM / TS / VM / PPWS / DS VD12A cves: cve-2021-4104: investigated: false @@ -3592,12 +3592,12 @@ software: unaffected_versions: [] vendor_links: - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'Workaround: remove the vulnerable class from the .jar file' + notes: evaluation ongoing references: - '' last_updated: '2021-12-22T00:00:00' - vendor: Siemens Healthineers - product: Syngo MobileViewer VA10A + product: Somatom Emotion Som5 VC50 cves: cve-2021-4104: investigated: false @@ -3621,13 +3621,12 @@ software: unaffected_versions: [] vendor_links: - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: The vulnerability will be patch/mitigated in upcoming releases\patches. + notes: evaluation ongoing references: - '' last_updated: '2021-12-22T00:00:00' - vendor: Siemens Healthineers - product: syngo Plaza VB20A / VB20A_HF01 - HF07 / VB30A / VB30A_HF01 / VB30A_HF02 - / VB30B / VB30C / VB30C_HF01 - HF06 / VB30C_HF91 + product: Somatom Scope Som5 VC50 cves: cve-2021-4104: investigated: false @@ -3651,13 +3650,12 @@ software: unaffected_versions: [] vendor_links: - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'Workaround: remove the vulnerable class from the .jar file' + notes: evaluation ongoing references: - '' last_updated: '2021-12-22T00:00:00' - vendor: Siemens Healthineers - product: syngo Workflow MLR VB37A / VB37A_HF01 / VB37A_HF02 / VB37B / VB37B_HF01 - - HF07 / VB37B_HF93 / VB37B_HF94 / VB37B_HF96 + product: Syngo Carbon Space VA10A / VA10A-CUT2 / VA20A cves: cve-2021-4104: investigated: false @@ -3681,15 +3679,12 @@ software: unaffected_versions: [] vendor_links: - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: Please contact your Customer Service to get support on mitigating the vulnerability. + notes: 'Workaround: remove the vulnerable class from the .jar file' references: - '' last_updated: '2021-12-22T00:00:00' - vendor: Siemens Healthineers - product: syngo.via VB20A / VB20A_HF01 - HF08 / VB20A_HF91 / VB20B / VB30A / VB30A_HF01 - - VB30A_HF08 / VB30A_HF91VB30B / VB30B_HF01 / VB40A / VB40A_HF01 - HF02 /VB40B - / VB40B_HF01 - HF05 / VB50A / VB50A_CUT / VB50A_D4VB50B / VB50B_HF01 - HF03 - / VB60A / VB60A_CUT / VB60A_D4 / VB60A_HF01 + product: Syngo MobileViewer VA10A cves: cve-2021-4104: investigated: false @@ -3713,12 +3708,13 @@ software: unaffected_versions: [] vendor_links: - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'Workaround: remove the vulnerable class from the .jar file' + notes: The vulnerability will be patch/mitigated in upcoming releases\patches. references: - '' last_updated: '2021-12-22T00:00:00' - vendor: Siemens Healthineers - product: SENSIS DMCC / DMCM / TS / VM / PPWS / DS VD12A + product: syngo Plaza VB20A / VB20A_HF01 - HF07 / VB30A / VB30A_HF01 / VB30A_HF02 + / VB30B / VB30C / VB30C_HF01 - HF06 / VB30C_HF91 cves: cve-2021-4104: investigated: false @@ -3742,12 +3738,13 @@ software: unaffected_versions: [] vendor_links: - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: evaluation ongoing + notes: 'Workaround: remove the vulnerable class from the .jar file' references: - '' last_updated: '2021-12-22T00:00:00' - vendor: Siemens Healthineers - product: Cios Select FD/I.I. VA21 / VA21-S3P + product: syngo Workflow MLR VB37A / VB37A_HF01 / VB37A_HF02 / VB37B / VB37B_HF01 + - HF07 / VB37B_HF93 / VB37B_HF94 / VB37B_HF96 cves: cve-2021-4104: investigated: false @@ -3771,12 +3768,15 @@ software: unaffected_versions: [] vendor_links: - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: evaluation ongoing + notes: Please contact your Customer Service to get support on mitigating the vulnerability. references: - '' last_updated: '2021-12-22T00:00:00' - vendor: Siemens Healthineers - product: Cios Flow S1 / Alpha / Spin VA30 + product: syngo.via VB20A / VB20A_HF01 - HF08 / VB20A_HF91 / VB20B / VB30A / VB30A_HF01 + - VB30A_HF08 / VB30A_HF91VB30B / VB30B_HF01 / VB40A / VB40A_HF01 - HF02 /VB40B + / VB40B_HF01 - HF05 / VB50A / VB50A_CUT / VB50A_D4VB50B / VB50B_HF01 - HF03 + / VB60A / VB60A_CUT / VB60A_D4 / VB60A_HF01 cves: cve-2021-4104: investigated: false @@ -3800,7 +3800,7 @@ software: unaffected_versions: [] vendor_links: - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: evaluation ongoing + notes: 'Workaround: remove the vulnerable class from the .jar file' references: - '' last_updated: '2021-12-22T00:00:00' @@ -3921,9 +3921,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Sierra Wireless - product: AM/AMM servers + product: AirVantage and Octave cloud platforms cves: cve-2021-4104: investigated: false @@ -3947,12 +3947,13 @@ software: unaffected_versions: [] vendor_links: - https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2021-007/#sthash.iT98k4HP.dpbs - notes: '' + notes: These systems do not operate with the specific non-standard configuration + required for CVE-2021-25046 and hence were not vulnerable to it. references: - '' last_updated: '2022-01-05T00:00:00' - vendor: Sierra Wireless - product: AirVantage and Octave cloud platforms + product: AM/AMM servers cves: cve-2021-4104: investigated: false @@ -3976,8 +3977,7 @@ software: unaffected_versions: [] vendor_links: - https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2021-007/#sthash.iT98k4HP.dpbs - notes: These systems do not operate with the specific non-standard configuration - required for CVE-2021-25046 and hence were not vulnerable to it. + notes: '' references: - '' last_updated: '2022-01-05T00:00:00' @@ -4009,7 +4009,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Silver Peak product: Orchestrator, Silver Peak GMS cves: @@ -4071,7 +4071,7 @@ software: by CISA references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: SISCO product: '' cves: @@ -4129,7 +4129,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Skillable product: '' cves: @@ -4158,7 +4158,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: SLF4J product: '' cves: @@ -4187,7 +4187,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Slurm product: Slurm cves: @@ -4275,7 +4275,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: SmileCDR product: '' cves: @@ -4304,9 +4304,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: Snakemake - product: Snakemake + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Sn0m + product: '' cves: cve-2021-4104: investigated: false @@ -4314,11 +4314,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - 6.12.1 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -4330,13 +4329,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://snakemake.readthedocs.io/en/stable/ + - https://www.snom.com/en/press/log4j-poses-no-threat-snom-phones/ notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Sn0m - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Snakemake + product: Snakemake cves: cve-2021-4104: investigated: false @@ -4344,10 +4343,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 6.12.1 cve-2021-45046: investigated: false affected_versions: [] @@ -4359,11 +4359,11 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.snom.com/en/press/log4j-poses-no-threat-snom-phones/ + - https://snakemake.readthedocs.io/en/stable/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2021-12-21T00:00:00' - vendor: Snow Software product: Snow Commander cves: @@ -4393,7 +4393,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Snow Software product: VM Access Proxy cves: @@ -4423,7 +4423,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Snowflake product: '' cves: @@ -4452,7 +4452,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Snyk product: Cloud Platform cves: @@ -4481,7 +4481,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Software AG product: '' cves: @@ -4510,7 +4510,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: SolarWinds product: Database Performance Analyzer (DPA) cves: @@ -4631,7 +4631,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Sonatype product: All Products cves: @@ -4667,7 +4667,7 @@ software: - '' last_updated: '2021-12-29T00:00:00' - vendor: SonicWall - product: Capture Client & Capture Client Portal + product: Access Points cves: cve-2021-4104: investigated: false @@ -4691,12 +4691,12 @@ software: unaffected_versions: [] vendor_links: - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - notes: Log4j2 not used in the Capture Client. + notes: Log4j2 not used in the SonicWall Access Points references: - '' last_updated: '2021-12-12T00:00:00' - vendor: SonicWall - product: Access Points + product: Analytics cves: cve-2021-4104: investigated: false @@ -4720,12 +4720,12 @@ software: unaffected_versions: [] vendor_links: - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - notes: Log4j2 not used in the SonicWall Access Points + notes: Under Review references: - '' last_updated: '2021-12-12T00:00:00' - vendor: SonicWall - product: Analytics + product: Analyzer cves: cve-2021-4104: investigated: false @@ -4754,7 +4754,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: SonicWall - product: Analyzer + product: Capture Client & Capture Client Portal cves: cve-2021-4104: investigated: false @@ -4778,7 +4778,7 @@ software: unaffected_versions: [] vendor_links: - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - notes: Under Review + notes: Log4j2 not used in the Capture Client. references: - '' last_updated: '2021-12-12T00:00:00' @@ -5573,9 +5573,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Spacelabs Healthcare - product: XprezzNet + product: ABP cves: cve-2021-4104: investigated: false @@ -5587,7 +5587,9 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '96190' + - OnTrak + - 90217A + - and 90207 cve-2021-45046: investigated: false affected_versions: [] @@ -5605,7 +5607,7 @@ software: - '' last_updated: '2022-01-05T00:00:00' - vendor: Spacelabs Healthcare - product: Intesys Clinical Suite (ICS) + product: CardioExpress cves: cve-2021-4104: investigated: false @@ -5613,10 +5615,13 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - SL6A + - SL12A + - and SL18A cve-2021-45046: investigated: false affected_versions: [] @@ -5634,7 +5639,7 @@ software: - '' last_updated: '2022-01-05T00:00:00' - vendor: Spacelabs Healthcare - product: Intesys Clinical Suite (ICS) Clinical Access Workstations + product: DM3 and DM4 Monitors cves: cve-2021-4104: investigated: false @@ -5663,7 +5668,7 @@ software: - '' last_updated: '2022-01-05T00:00:00' - vendor: Spacelabs Healthcare - product: Xhibit Telemetry Receiver (XTR) + product: Eclipse Pro cves: cve-2021-4104: investigated: false @@ -5671,11 +5676,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '96280' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -5693,7 +5697,7 @@ software: - '' last_updated: '2022-01-05T00:00:00' - vendor: Spacelabs Healthcare - product: Xhibit, XC4 + product: EVO cves: cve-2021-4104: investigated: false @@ -5701,12 +5705,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - Xhibit 96102 - - XC4 96501 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -5724,7 +5726,7 @@ software: - '' last_updated: '2022-01-05T00:00:00' - vendor: Spacelabs Healthcare - product: Xprezzon + product: Intesys Clinical Suite (ICS) cves: cve-2021-4104: investigated: false @@ -5732,11 +5734,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '91393' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -5754,7 +5755,7 @@ software: - '' last_updated: '2022-01-05T00:00:00' - vendor: Spacelabs Healthcare - product: Qube + product: Intesys Clinical Suite (ICS) Clinical Access Workstations cves: cve-2021-4104: investigated: false @@ -5762,11 +5763,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '91390' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -5784,7 +5784,7 @@ software: - '' last_updated: '2022-01-05T00:00:00' - vendor: Spacelabs Healthcare - product: Qube Mini + product: Lifescreen Pro cves: cve-2021-4104: investigated: false @@ -5792,11 +5792,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '91389' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -5814,7 +5813,7 @@ software: - '' last_updated: '2022-01-05T00:00:00' - vendor: Spacelabs Healthcare - product: Ultraview SL + product: Pathfinder SL cves: cve-2021-4104: investigated: false @@ -5822,14 +5821,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '91367' - - '91369' - - '91370' - - and 91387 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -5847,7 +5842,7 @@ software: - '' last_updated: '2022-01-05T00:00:00' - vendor: Spacelabs Healthcare - product: DM3 and DM4 Monitors + product: Qube cves: cve-2021-4104: investigated: false @@ -5855,10 +5850,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '91390' cve-2021-45046: investigated: false affected_versions: [] @@ -5876,7 +5872,7 @@ software: - '' last_updated: '2022-01-05T00:00:00' - vendor: Spacelabs Healthcare - product: Sentinel + product: Qube Mini cves: cve-2021-4104: investigated: false @@ -5884,10 +5880,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '91389' cve-2021-45046: investigated: false affected_versions: [] @@ -5905,7 +5902,7 @@ software: - '' last_updated: '2022-01-05T00:00:00' - vendor: Spacelabs Healthcare - product: Pathfinder SL + product: SafeNSound cves: cve-2021-4104: investigated: false @@ -5913,9 +5910,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 4.3.1 unaffected_versions: [] cve-2021-45046: investigated: false @@ -5929,12 +5927,12 @@ software: unaffected_versions: [] vendor_links: - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ - notes: '' + notes: Version >4.3.1 - Not Affected references: - '' last_updated: '2022-01-05T00:00:00' - vendor: Spacelabs Healthcare - product: Lifescreen Pro + product: Sentinel cves: cve-2021-4104: investigated: false @@ -5963,7 +5961,7 @@ software: - '' last_updated: '2022-01-05T00:00:00' - vendor: Spacelabs Healthcare - product: EVO + product: Spacelabs Cloud cves: cve-2021-4104: investigated: false @@ -5992,7 +5990,7 @@ software: - '' last_updated: '2022-01-05T00:00:00' - vendor: Spacelabs Healthcare - product: Eclipse Pro + product: Ultraview SL cves: cve-2021-4104: investigated: false @@ -6000,10 +5998,14 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '91367' + - '91369' + - '91370' + - and 91387 cve-2021-45046: investigated: false affected_versions: [] @@ -6021,7 +6023,7 @@ software: - '' last_updated: '2022-01-05T00:00:00' - vendor: Spacelabs Healthcare - product: CardioExpress + product: Xhibit Telemetry Receiver (XTR) cves: cve-2021-4104: investigated: false @@ -6033,9 +6035,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - SL6A - - SL12A - - and SL18A + - '96280' cve-2021-45046: investigated: false affected_versions: [] @@ -6053,7 +6053,7 @@ software: - '' last_updated: '2022-01-05T00:00:00' - vendor: Spacelabs Healthcare - product: ABP + product: Xhibit, XC4 cves: cve-2021-4104: investigated: false @@ -6065,9 +6065,8 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - OnTrak - - 90217A - - and 90207 + - Xhibit 96102 + - XC4 96501 cve-2021-45046: investigated: false affected_versions: [] @@ -6085,7 +6084,7 @@ software: - '' last_updated: '2022-01-05T00:00:00' - vendor: Spacelabs Healthcare - product: Spacelabs Cloud + product: XprezzNet cves: cve-2021-4104: investigated: false @@ -6093,10 +6092,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '96190' cve-2021-45046: investigated: false affected_versions: [] @@ -6114,7 +6114,7 @@ software: - '' last_updated: '2022-01-05T00:00:00' - vendor: Spacelabs Healthcare - product: SafeNSound + product: Xprezzon cves: cve-2021-4104: investigated: false @@ -6124,9 +6124,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - 4.3.1 - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '91393' cve-2021-45046: investigated: false affected_versions: [] @@ -6139,7 +6139,7 @@ software: unaffected_versions: [] vendor_links: - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ - notes: Version >4.3.1 - Not Affected + notes: '' references: - '' last_updated: '2022-01-05T00:00:00' @@ -6171,7 +6171,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Spigot product: '' cves: @@ -6200,9 +6200,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Splunk - product: Splunk Add-On for Java Management Extensions [App ID 2647](https://splunkbase.splunk.com/app/2647) + product: Data Stream Processor cves: cve-2021-4104: investigated: false @@ -6212,7 +6212,9 @@ software: cve-2021-44228: investigated: true affected_versions: - - 5.2.0 and older + - DSP 1.0.x + - DSP 1.1.x + - DSP 1.2.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -6232,7 +6234,7 @@ software: - '' last_updated: '2021-12-30T08:20:00-08:00' - vendor: Splunk - product: Splunk Splunk Add-On for JBoss [App ID 2954](https://splunkbase.splunk.com/app/2954/) + product: IT Essentials Work [App ID 5403](https://splunkbase.splunk.com/app/5403/) cves: cve-2021-4104: investigated: false @@ -6242,7 +6244,9 @@ software: cve-2021-44228: investigated: true affected_versions: - - 3.0.0 and older + - '4.11' + - 4.10.x (Cloud only) + - 4.9.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -6262,7 +6266,7 @@ software: - '' last_updated: '2021-12-30T08:20:00-08:00' - vendor: Splunk - product: Splunk Add-On for Tomcat [App ID 2911](https://splunkbase.splunk.com/app/2911/) + product: IT Service Intelligence (ITSI) [App ID 1841](https://splunkbase.splunk.com/app/1841/) cves: cve-2021-4104: investigated: false @@ -6272,7 +6276,13 @@ software: cve-2021-44228: investigated: true affected_versions: - - 3.0.0 and older + - 4.11.0 + - 4.10.x (Cloud only) + - 4.9.x + - 4.8.x (Cloud only) + - 4.7.x + - 4.6.x + - 4.5.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -6292,7 +6302,7 @@ software: - '' last_updated: '2021-12-30T08:20:00-08:00' - vendor: Splunk - product: Data Stream Processor + product: Splunk Add-On for Java Management Extensions [App ID 2647](https://splunkbase.splunk.com/app/2647) cves: cve-2021-4104: investigated: false @@ -6302,9 +6312,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - DSP 1.0.x - - DSP 1.1.x - - DSP 1.2.x + - 5.2.0 and older fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -6324,7 +6332,7 @@ software: - '' last_updated: '2021-12-30T08:20:00-08:00' - vendor: Splunk - product: IT Essentials Work [App ID 5403](https://splunkbase.splunk.com/app/5403/) + product: Splunk Add-On for Tomcat [App ID 2911](https://splunkbase.splunk.com/app/2911/) cves: cve-2021-4104: investigated: false @@ -6334,9 +6342,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '4.11' - - 4.10.x (Cloud only) - - 4.9.x + - 3.0.0 and older fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -6356,7 +6362,7 @@ software: - '' last_updated: '2021-12-30T08:20:00-08:00' - vendor: Splunk - product: IT Service Intelligence (ITSI) [App ID 1841](https://splunkbase.splunk.com/app/1841/) + product: Splunk Application Performance Monitoring cves: cve-2021-4104: investigated: false @@ -6366,13 +6372,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 4.11.0 - - 4.10.x (Cloud only) - - 4.9.x - - 4.8.x (Cloud only) - - 4.7.x - - 4.6.x - - 4.5.x + - Current fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -6514,7 +6514,7 @@ software: - '' last_updated: '2021-12-30T08:20:00-08:00' - vendor: Splunk - product: Splunk Logging Library for Java + product: Splunk Infrastructure Monitoring cves: cve-2021-4104: investigated: false @@ -6524,7 +6524,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 1.11.0 and older + - Current fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -6544,7 +6544,7 @@ software: - '' last_updated: '2021-12-30T08:20:00-08:00' - vendor: Splunk - product: Splunk OVA for VMWare [App ID 3216](https://splunkbase.splunk.com/app/3216/) + product: Splunk Log Observer cves: cve-2021-4104: investigated: false @@ -6554,7 +6554,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 4.0.3 and older + - Current fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -6574,7 +6574,7 @@ software: - '' last_updated: '2021-12-30T08:20:00-08:00' - vendor: Splunk - product: Splunk OVA for VMWare Metrics [App ID 5096](https://splunkbase.splunk.com/app/5096/) + product: Splunk Logging Library for Java cves: cve-2021-4104: investigated: false @@ -6584,7 +6584,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 4.2.1 and older + - 1.11.0 and older fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -6604,7 +6604,7 @@ software: - '' last_updated: '2021-12-30T08:20:00-08:00' - vendor: Splunk - product: Splunk VMWare OVA for ITSI [App ID 4760](https://splunkbase.splunk.com/app/4760/) + product: Splunk On-call / VictorOps cves: cve-2021-4104: investigated: false @@ -6614,7 +6614,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 1.1.1 and older + - Current fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -6634,7 +6634,7 @@ software: - '' last_updated: '2021-12-30T08:20:00-08:00' - vendor: Splunk - product: Splunk On-call / VictorOps + product: Splunk OVA for VMWare [App ID 3216](https://splunkbase.splunk.com/app/3216/) cves: cve-2021-4104: investigated: false @@ -6644,7 +6644,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - Current + - 4.0.3 and older fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -6664,7 +6664,7 @@ software: - '' last_updated: '2021-12-30T08:20:00-08:00' - vendor: Splunk - product: Splunk Real User Monitoring + product: Splunk OVA for VMWare Metrics [App ID 5096](https://splunkbase.splunk.com/app/5096/) cves: cve-2021-4104: investigated: false @@ -6674,7 +6674,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - Current + - 4.2.1 and older fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -6694,7 +6694,7 @@ software: - '' last_updated: '2021-12-30T08:20:00-08:00' - vendor: Splunk - product: Splunk Application Performance Monitoring + product: Splunk Real User Monitoring cves: cve-2021-4104: investigated: false @@ -6724,7 +6724,7 @@ software: - '' last_updated: '2021-12-30T08:20:00-08:00' - vendor: Splunk - product: Splunk Infrastructure Monitoring + product: Splunk Splunk Add-On for JBoss [App ID 2954](https://splunkbase.splunk.com/app/2954/) cves: cve-2021-4104: investigated: false @@ -6734,7 +6734,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - Current + - 3.0.0 and older fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -6754,7 +6754,7 @@ software: - '' last_updated: '2021-12-30T08:20:00-08:00' - vendor: Splunk - product: Splunk Log Observer + product: Splunk Synthetics cves: cve-2021-4104: investigated: false @@ -6784,7 +6784,7 @@ software: - '' last_updated: '2021-12-30T08:20:00-08:00' - vendor: Splunk - product: Splunk Synthetics + product: Splunk UBA OVA Software cves: cve-2021-4104: investigated: false @@ -6794,7 +6794,8 @@ software: cve-2021-44228: investigated: true affected_versions: - - Current + - 5.0.3a + - 5.0.0 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -6814,7 +6815,7 @@ software: - '' last_updated: '2021-12-30T08:20:00-08:00' - vendor: Splunk - product: Splunk UBA OVA Software + product: Splunk VMWare OVA for ITSI [App ID 4760](https://splunkbase.splunk.com/app/4760/) cves: cve-2021-4104: investigated: false @@ -6824,8 +6825,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 5.0.3a - - 5.0.0 + - 1.1.1 and older fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -6872,7 +6872,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Spring product: Spring Boot cves: @@ -6902,7 +6902,7 @@ software: switched the default logging system to Log4J2 references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Spring Boot product: '' cves: @@ -6931,7 +6931,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: StarDog product: '' cves: @@ -6960,7 +6960,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: STERIS product: Advantage cves: @@ -7020,7 +7020,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: DSD Edge + product: AMSCO 2000 SERIES WASHER DISINFECTORS cves: cve-2021-4104: investigated: false @@ -7049,7 +7049,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: EndoDry + product: AMSCO 3000 SERIES WASHER DISINFECTORS cves: cve-2021-4104: investigated: false @@ -7078,7 +7078,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: RapidAER + product: AMSCO 400 MEDIUM STEAM STERILIZER cves: cve-2021-4104: investigated: false @@ -7107,7 +7107,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: Endora + product: AMSCO 400 SMALL STEAM STERILIZERS cves: cve-2021-4104: investigated: false @@ -7136,7 +7136,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: Canexis 1.0 + product: AMSCO 5000 SERIES WASHER DISINFECTORS cves: cve-2021-4104: investigated: false @@ -7165,7 +7165,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: ConnectoHIS + product: AMSCO 600 MEDIUM STEAM STERILIZER cves: cve-2021-4104: investigated: false @@ -7194,7 +7194,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: ScopeBuddy+ + product: AMSCO 7000 SERIES WASHER DISINFECTORS cves: cve-2021-4104: investigated: false @@ -7223,7 +7223,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: DSD-201, + product: AMSCO CENTURY MEDIUM STEAM STERILIZER cves: cve-2021-4104: investigated: false @@ -7252,7 +7252,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: CER Optima + product: AMSCO CENTURY SMALL STEAM STERILIZER cves: cve-2021-4104: investigated: false @@ -7281,7 +7281,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: Renatron + product: AMSCO EAGLE 3000 SERIES STAGE 3 STEAM STERILIZERS cves: cve-2021-4104: investigated: false @@ -7310,7 +7310,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: ConnectAssure Technology + product: AMSCO EVOLUTION FLOOR LOADER STEAM STERILIZER cves: cve-2021-4104: investigated: false @@ -7339,7 +7339,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: SPM Surgical Asset Tracking Software + product: AMSCO EVOLUTION MEDIUM STEAM STERILIZER cves: cve-2021-4104: investigated: false @@ -7368,7 +7368,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: CS-iQ Sterile Processing Workflow + product: Canexis 1.0 cves: cve-2021-4104: investigated: false @@ -7397,7 +7397,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: AMSCO 2000 SERIES WASHER DISINFECTORS + product: CELERITY HP INCUBATOR cves: cve-2021-4104: investigated: false @@ -7426,7 +7426,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: AMSCO 3000 SERIES WASHER DISINFECTORS + product: CELERITY STEAM INCUBATOR cves: cve-2021-4104: investigated: false @@ -7455,7 +7455,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: AMSCO 5000 SERIES WASHER DISINFECTORS + product: CER Optima cves: cve-2021-4104: investigated: false @@ -7484,7 +7484,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: AMSCO 7000 SERIES WASHER DISINFECTORS + product: Clarity Software cves: cve-2021-4104: investigated: false @@ -7513,7 +7513,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: RELIANCE 444 WASHER DISINFECTOR + product: Connect Software cves: cve-2021-4104: investigated: false @@ -7542,7 +7542,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: RELIANCE SYNERGY WASHER DISINFECTOR + product: ConnectAssure Technology cves: cve-2021-4104: investigated: false @@ -7571,7 +7571,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: RELIANCE VISION 1300 SERIES CART AND UTENSIL WASHER DISINFECTORS + product: ConnectoHIS cves: cve-2021-4104: investigated: false @@ -7600,7 +7600,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: RELIANCE VISION MULTI- CHAMBER WASHER DISINFECTOR + product: CS-iQ Sterile Processing Workflow cves: cve-2021-4104: investigated: false @@ -7629,7 +7629,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: RELIANCE VISION SINGLE CHAMBER WASHER DISINFECTOR + product: DSD Edge cves: cve-2021-4104: investigated: false @@ -7658,7 +7658,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: AMSCO 400 MEDIUM STEAM STERILIZER + product: DSD-201, cves: cve-2021-4104: investigated: false @@ -7687,7 +7687,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: AMSCO 400 SMALL STEAM STERILIZERS + product: EndoDry cves: cve-2021-4104: investigated: false @@ -7716,7 +7716,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: AMSCO 600 MEDIUM STEAM STERILIZER + product: Endora cves: cve-2021-4104: investigated: false @@ -7745,7 +7745,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: AMSCO CENTURY MEDIUM STEAM STERILIZER + product: Harmony iQ Integration Systems cves: cve-2021-4104: investigated: false @@ -7774,7 +7774,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: AMSCO CENTURY SMALL STEAM STERILIZER + product: Harmony iQ Perspectives Image Management System cves: cve-2021-4104: investigated: false @@ -7803,7 +7803,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: AMSCO EAGLE 3000 SERIES STAGE 3 STEAM STERILIZERS + product: HexaVue cves: cve-2021-4104: investigated: false @@ -7832,7 +7832,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: AMSCO EVOLUTION FLOOR LOADER STEAM STERILIZER + product: HexaVue Integration System cves: cve-2021-4104: investigated: false @@ -7861,7 +7861,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: AMSCO EVOLUTION MEDIUM STEAM STERILIZER + product: IDSS Integration System cves: cve-2021-4104: investigated: false @@ -7890,7 +7890,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: CELERITY HP INCUBATOR + product: RapidAER cves: cve-2021-4104: investigated: false @@ -7919,7 +7919,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: CELERITY STEAM INCUBATOR + product: ReadyTracker cves: cve-2021-4104: investigated: false @@ -7948,7 +7948,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: VERIFY INCUBATOR FOR ASSERT SELF-CONTAINED BIOLOGICAL INDICATORS + product: RealView Visual Workflow Management System cves: cve-2021-4104: investigated: false @@ -7977,7 +7977,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: SYSTEM 1 endo LIQUID CHEMICAL STERILANT PROCESSING SYSTEM + product: RELIANCE 444 WASHER DISINFECTOR cves: cve-2021-4104: investigated: false @@ -8006,7 +8006,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: V-PRO 1 LOW TEMPERATURE STERILIZATION SYSTEM + product: RELIANCE SYNERGY WASHER DISINFECTOR cves: cve-2021-4104: investigated: false @@ -8035,7 +8035,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: V-PRO 1 PLUS LOW TEMPERATURE STERILIZATION SYSTEM + product: RELIANCE VISION 1300 SERIES CART AND UTENSIL WASHER DISINFECTORS cves: cve-2021-4104: investigated: false @@ -8064,7 +8064,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: V-PRO MAX 2 LOW TEMPERATURE STERILIZATION SYSTEM + product: RELIANCE VISION MULTI- CHAMBER WASHER DISINFECTOR cves: cve-2021-4104: investigated: false @@ -8093,7 +8093,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: V-PRO MAX LOW TEMPERATURE STERILIZATION SYSTEM + product: RELIANCE VISION SINGLE CHAMBER WASHER DISINFECTOR cves: cve-2021-4104: investigated: false @@ -8122,7 +8122,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: V-PRO S2 LOW TEMPERATURE STERILIZATION SYSTEM + product: Renatron cves: cve-2021-4104: investigated: false @@ -8151,7 +8151,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: SecureCare ProConnect Technical Support Services + product: ScopeBuddy+ cves: cve-2021-4104: investigated: false @@ -8180,7 +8180,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: HexaVue Integration System + product: SecureCare ProConnect Technical Support Services cves: cve-2021-4104: investigated: false @@ -8209,7 +8209,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: IDSS Integration System + product: Situational Awareness for Everyone Display (S.A.F.E.) cves: cve-2021-4104: investigated: false @@ -8238,7 +8238,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: Harmony iQ Integration Systems + product: SPM Surgical Asset Tracking Software cves: cve-2021-4104: investigated: false @@ -8267,7 +8267,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: HexaVue + product: SYSTEM 1 endo LIQUID CHEMICAL STERILANT PROCESSING SYSTEM cves: cve-2021-4104: investigated: false @@ -8296,7 +8296,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: Connect Software + product: V-PRO 1 LOW TEMPERATURE STERILIZATION SYSTEM cves: cve-2021-4104: investigated: false @@ -8325,7 +8325,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: Harmony iQ Perspectives Image Management System + product: V-PRO 1 PLUS LOW TEMPERATURE STERILIZATION SYSTEM cves: cve-2021-4104: investigated: false @@ -8354,7 +8354,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: Clarity Software + product: V-PRO MAX 2 LOW TEMPERATURE STERILIZATION SYSTEM cves: cve-2021-4104: investigated: false @@ -8383,7 +8383,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: Situational Awareness for Everyone Display (S.A.F.E.) + product: V-PRO MAX LOW TEMPERATURE STERILIZATION SYSTEM cves: cve-2021-4104: investigated: false @@ -8412,7 +8412,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: RealView Visual Workflow Management System + product: V-PRO S2 LOW TEMPERATURE STERILIZATION SYSTEM cves: cve-2021-4104: investigated: false @@ -8441,7 +8441,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: ReadyTracker + product: VERIFY INCUBATOR FOR ASSERT SELF-CONTAINED BIOLOGICAL INDICATORS cves: cve-2021-4104: investigated: false @@ -8497,7 +8497,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Storagement product: '' cves: @@ -8526,7 +8526,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: StormShield product: '' cves: @@ -8555,7 +8555,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: StrangeBee TheHive & Cortex product: '' cves: @@ -8584,7 +8584,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Stratodesk product: '' cves: @@ -8613,7 +8613,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Strimzi product: '' cves: @@ -8642,7 +8642,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Stripe product: '' cves: @@ -8671,7 +8671,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Styra product: '' cves: @@ -8700,7 +8700,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Sumologic product: '' cves: @@ -8729,7 +8729,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: SumoLogic product: '' cves: @@ -8758,7 +8758,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Superna EYEGLASS product: '' cves: @@ -8787,7 +8787,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Suprema Inc product: '' cves: @@ -8816,7 +8816,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: SUSE product: '' cves: @@ -8845,7 +8845,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Sweepwidget product: '' cves: @@ -8874,7 +8874,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Swyx product: '' cves: @@ -8903,7 +8903,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Synchro MSP product: '' cves: @@ -8932,7 +8932,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Syncplify product: '' cves: @@ -8961,7 +8961,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Synology product: '' cves: @@ -8990,7 +8990,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Synopsys product: '' cves: @@ -9019,7 +9019,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Syntevo product: '' cves: @@ -9048,7 +9048,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: SysAid product: '' cves: @@ -9077,7 +9077,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Sysdig product: '' cves: @@ -9106,5 +9106,5 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' ... diff --git a/data/cisagov_T.yml b/data/cisagov_T.yml index ff7a99e..4b0134c 100644 --- a/data/cisagov_T.yml +++ b/data/cisagov_T.yml @@ -5,7 +5,7 @@ owners: url: https://github.com/cisagov/log4j-affected-db software: - vendor: Tableau - product: Tableau Server + product: Tableau Bridge cves: cve-2021-4104: investigated: false @@ -15,19 +15,19 @@ software: cve-2021-44228: investigated: true affected_versions: - - 'The following versions and lower: 2021.4' - - 2021.3.4 - - 2021.2.5 - - 2021.1.8 - - 2020.4.11 - - 2020.3.14 - - 2020.2.19 - - 2020.1.22 - - 2019.4.25 - - 2019.3.26 - - 2019.2.29 - - 2019.1.29 - - 2018.3.29 + - 'The following versions and lower: 20214.21.1109.1748' + - 20213.21.1112.1434 + - 20212.21.0818.1843 + - 20211.21.0617.1133 + - 20204.21.0217.1203 + - 20203.20.0913.2112 + - 20202.20.0721.1350 + - 20201.20.0614.2321 + - 20194.20.0614.2307 + - 20193.20.0614.2306 + - 20192.19.0917.1648 + - 20191.19.0402.1911 + - 20183.19.0115.1143 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -191,7 +191,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Tableau - product: Tableau Bridge + product: Tableau Server cves: cve-2021-4104: investigated: false @@ -201,19 +201,19 @@ software: cve-2021-44228: investigated: true affected_versions: - - 'The following versions and lower: 20214.21.1109.1748' - - 20213.21.1112.1434 - - 20212.21.0818.1843 - - 20211.21.0617.1133 - - 20204.21.0217.1203 - - 20203.20.0913.2112 - - 20202.20.0721.1350 - - 20201.20.0614.2321 - - 20194.20.0614.2307 - - 20193.20.0614.2306 - - 20192.19.0917.1648 - - 20191.19.0402.1911 - - 20183.19.0115.1143 + - 'The following versions and lower: 2021.4' + - 2021.3.4 + - 2021.2.5 + - 2021.1.8 + - 2020.4.11 + - 2020.3.14 + - 2020.2.19 + - 2020.1.22 + - 2019.4.25 + - 2019.3.26 + - 2019.2.29 + - 2019.1.29 + - 2018.3.29 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -260,7 +260,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Tanium product: All cves: @@ -319,7 +319,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: TeamPasswordManager product: '' cves: @@ -348,7 +348,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Teamviewer product: '' cves: @@ -377,7 +377,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Tech Software product: OneAegis (f/k/a IRBManager) cves: @@ -496,7 +496,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Telestream product: '' cves: @@ -525,7 +525,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Tenable product: Tenable.io / Nessus cves: @@ -555,9 +555,9 @@ software: to CVE-2021-44228 or CVE-2021-45046 at this time references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Thales - product: CipherTrust Application Data Protection (CADP) – CAPI.net & Net Core + product: CADP/SafeNet Protect App (PA) - JCE cves: cve-2021-4104: investigated: false @@ -586,7 +586,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: CipherTrust Cloud Key Manager (CCKM) Embedded + product: CipherTrust Application Data Protection (CADP) – CAPI.net & Net Core cves: cve-2021-4104: investigated: false @@ -615,7 +615,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: CipherTrust Database Protection + product: CipherTrust Batch Data Transformation (BDT) 2.3 cves: cve-2021-4104: investigated: false @@ -644,7 +644,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: CipherTrust Manager + product: CipherTrust Cloud Key Manager (CCKM) Appliance cves: cve-2021-4104: investigated: false @@ -673,7 +673,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: CipherTrust Transparent Encryption (CTE/VTE/CTE-U) + product: CipherTrust Cloud Key Manager (CCKM) Embedded cves: cve-2021-4104: investigated: false @@ -702,7 +702,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: CipherTrust Vaultless Tokenization (CTS, CT-VL) + product: CipherTrust Database Protection cves: cve-2021-4104: investigated: false @@ -731,7 +731,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: Data Protection on Demand + product: CipherTrust Manager cves: cve-2021-4104: investigated: false @@ -760,7 +760,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: Data Security Manager (DSM) + product: CipherTrust Transparent Encryption (CTE/VTE/CTE-U) cves: cve-2021-4104: investigated: false @@ -789,7 +789,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: KeySecure + product: CipherTrust Vaulted Tokenization (CT-V) / SafeNet Tokenization Manager cves: cve-2021-4104: investigated: false @@ -818,7 +818,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: Luna EFT + product: CipherTrust Vaultless Tokenization (CTS, CT-VL) cves: cve-2021-4104: investigated: false @@ -847,7 +847,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: Luna Network, PCIe, Luna USB HSM and backup devices + product: CipherTrust/SafeNet PDBCTL cves: cve-2021-4104: investigated: false @@ -876,7 +876,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: Luna SP + product: Crypto Command Center (CCC) cves: cve-2021-4104: investigated: false @@ -905,7 +905,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: ProtectServer HSMs + product: Data Protection on Demand cves: cve-2021-4104: investigated: false @@ -934,7 +934,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: SafeNet Authentication Client + product: Data Security Manager (DSM) cves: cve-2021-4104: investigated: false @@ -963,7 +963,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: SafeNet IDPrime Virtual + product: KeySecure cves: cve-2021-4104: investigated: false @@ -992,7 +992,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: SafeNet eToken (all products) + product: Luna EFT cves: cve-2021-4104: investigated: false @@ -1021,7 +1021,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: SafeNet IDPrime(all products) + product: Luna Network, PCIe, Luna USB HSM and backup devices cves: cve-2021-4104: investigated: false @@ -1050,7 +1050,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: SafeNet LUKS + product: Luna SP cves: cve-2021-4104: investigated: false @@ -1079,7 +1079,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: SafeNet ProtectApp (PA) CAPI, .Net & Net Core + product: payShield Monitor cves: cve-2021-4104: investigated: false @@ -1108,7 +1108,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: SafeNet ProtectDB (PDB) + product: ProtectServer HSMs cves: cve-2021-4104: investigated: false @@ -1137,7 +1137,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: SafeNet ProtectV + product: SafeNet Authentication Client cves: cve-2021-4104: investigated: false @@ -1166,7 +1166,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: Safenet ProtectFile and ProtectFile- Fuse + product: SafeNet eToken (all products) cves: cve-2021-4104: investigated: false @@ -1195,7 +1195,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: SafeNet Transform Utility (TU) + product: SafeNet IDPrime Virtual cves: cve-2021-4104: investigated: false @@ -1224,7 +1224,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: SafeNet Trusted Access (STA) + product: SafeNet IDPrime(all products) cves: cve-2021-4104: investigated: false @@ -1253,7 +1253,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: SafeNet PKCS#11 and TDE + product: SafeNet LUKS cves: cve-2021-4104: investigated: false @@ -1282,7 +1282,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: SafeNet SQL EKM + product: SafeNet PKCS#11 and TDE cves: cve-2021-4104: investigated: false @@ -1311,7 +1311,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: SAS on Prem (SPE/PCE) + product: SafeNet ProtectApp (PA) CAPI, .Net & Net Core cves: cve-2021-4104: investigated: false @@ -1340,7 +1340,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: Sentinel EMS Enterprise OnPremise + product: SafeNet ProtectDB (PDB) cves: cve-2021-4104: investigated: false @@ -1369,7 +1369,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: Sentinel ESDaaS + product: Safenet ProtectFile and ProtectFile- Fuse cves: cve-2021-4104: investigated: false @@ -1398,7 +1398,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: Sentinel Up + product: SafeNet ProtectV cves: cve-2021-4104: investigated: false @@ -1427,7 +1427,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: Sentinel RMS + product: SafeNet SQL EKM cves: cve-2021-4104: investigated: false @@ -1456,7 +1456,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: Sentinel Connect + product: SafeNet Transform Utility (TU) cves: cve-2021-4104: investigated: false @@ -1485,7 +1485,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: Sentinel Superdog, SuperPro, UltraPro, SHK + product: SafeNet Trusted Access (STA) cves: cve-2021-4104: investigated: false @@ -1514,7 +1514,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: Sentinel HASP, Legacy dog, Maze, Hardlock + product: SafeNet Vaultless Tokenization cves: cve-2021-4104: investigated: false @@ -1543,7 +1543,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: Sentinel Envelope + product: SAS on Prem (SPE/PCE) cves: cve-2021-4104: investigated: false @@ -1572,7 +1572,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: Thales payShield 9000 + product: Sentinel Connect cves: cve-2021-4104: investigated: false @@ -1601,7 +1601,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: Thales payShield 10k + product: Sentinel EMS Enterprise aaS cves: cve-2021-4104: investigated: false @@ -1630,7 +1630,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: Thales payShield Manager + product: Sentinel EMS Enterprise OnPremise cves: cve-2021-4104: investigated: false @@ -1659,7 +1659,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: Vormetirc Key Manager (VKM) + product: Sentinel Envelope cves: cve-2021-4104: investigated: false @@ -1688,7 +1688,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: Vormetric Application Encryption (VAE) + product: Sentinel ESDaaS cves: cve-2021-4104: investigated: false @@ -1717,7 +1717,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: Vormetric Protection for Terradata Database (VPTD) + product: Sentinel HASP, Legacy dog, Maze, Hardlock cves: cve-2021-4104: investigated: false @@ -1746,7 +1746,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: Vormetric Tokenization Server (VTS) + product: Sentinel LDK EMS (LDK-EMS) cves: cve-2021-4104: investigated: false @@ -1775,7 +1775,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: payShield Monitor + product: Sentinel LDKaas (LDK-EMS) cves: cve-2021-4104: investigated: false @@ -1804,7 +1804,8 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: CADP/SafeNet Protect App (PA) - JCE + product: Sentinel Professional Services components (both Thales hosted & hosted + on-premises by customers) cves: cve-2021-4104: investigated: false @@ -1833,7 +1834,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: CipherTrust Batch Data Transformation (BDT) 2.3 + product: Sentinel RMS cves: cve-2021-4104: investigated: false @@ -1862,7 +1863,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: CipherTrust Cloud Key Manager (CCKM) Appliance + product: Sentinel SCL cves: cve-2021-4104: investigated: false @@ -1891,7 +1892,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: CipherTrust Vaulted Tokenization (CT-V) / SafeNet Tokenization Manager + product: Sentinel Superdog, SuperPro, UltraPro, SHK cves: cve-2021-4104: investigated: false @@ -1920,7 +1921,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: CipherTrust/SafeNet PDBCTL + product: Sentinel Up cves: cve-2021-4104: investigated: false @@ -1949,7 +1950,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: Crypto Command Center (CCC) + product: Thales Data Platform (TDP)(DDC) cves: cve-2021-4104: investigated: false @@ -1978,7 +1979,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: SafeNet Vaultless Tokenization + product: Thales payShield 10k cves: cve-2021-4104: investigated: false @@ -2007,7 +2008,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: Sentinel LDK EMS (LDK-EMS) + product: Thales payShield 9000 cves: cve-2021-4104: investigated: false @@ -2036,7 +2037,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: Sentinel LDKaas (LDK-EMS) + product: Thales payShield Manager cves: cve-2021-4104: investigated: false @@ -2065,7 +2066,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: Sentinel EMS Enterprise aaS + product: Vormetirc Key Manager (VKM) cves: cve-2021-4104: investigated: false @@ -2094,8 +2095,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: Sentinel Professional Services components (both Thales hosted & hosted - on-premises by customers) + product: Vormetric Application Encryption (VAE) cves: cve-2021-4104: investigated: false @@ -2124,7 +2124,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: Sentinel SCL + product: Vormetric Protection for Terradata Database (VPTD) cves: cve-2021-4104: investigated: false @@ -2153,7 +2153,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: Thales Data Platform (TDP)(DDC) + product: Vormetric Tokenization Server (VTS) cves: cve-2021-4104: investigated: false @@ -2181,8 +2181,8 @@ software: references: - '' last_updated: '2021-12-17T00:00:00' - - vendor: Thermo-Calc - product: Thermo-Calc + - vendor: Thermo Fisher Scientific + product: '' cves: cve-2021-4104: investigated: false @@ -2190,11 +2190,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - 2022a + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2206,8 +2205,8 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://thermocalc.com/blog/thermo-calc-response-to-apache-log4j-2-vulnerability/ - notes: Use the program as normal, Install the 2022a patch when available + - https://corporate.thermofisher.com/us/en/index/about/information-security/Protecting-Our-Products.html + notes: '' references: - '' last_updated: '2021-12-22T00:00:00' @@ -2224,7 +2223,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 2021b + - 2022a cve-2021-45046: investigated: false affected_versions: [] @@ -2237,7 +2236,7 @@ software: unaffected_versions: [] vendor_links: - https://thermocalc.com/blog/thermo-calc-response-to-apache-log4j-2-vulnerability/ - notes: Use the program as normal + notes: Use the program as normal, Install the 2022a patch when available references: - '' last_updated: '2021-12-22T00:00:00' @@ -2254,7 +2253,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 2018b to 2021a + - 2021b cve-2021-45046: investigated: false affected_versions: [] @@ -2267,8 +2266,7 @@ software: unaffected_versions: [] vendor_links: - https://thermocalc.com/blog/thermo-calc-response-to-apache-log4j-2-vulnerability/ - notes: Use the program as normal, delete the Log4j 2 files in the program installation - if required, see advisory for instructions. + notes: Use the program as normal references: - '' last_updated: '2021-12-22T00:00:00' @@ -2285,7 +2283,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 2018a and earlier + - 2018b to 2021a cve-2021-45046: investigated: false affected_versions: [] @@ -2298,12 +2296,13 @@ software: unaffected_versions: [] vendor_links: - https://thermocalc.com/blog/thermo-calc-response-to-apache-log4j-2-vulnerability/ - notes: Use the program as normal + notes: Use the program as normal, delete the Log4j 2 files in the program installation + if required, see advisory for instructions. references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Thermo Fisher Scientific - product: '' + - vendor: Thermo-Calc + product: Thermo-Calc cves: cve-2021-4104: investigated: false @@ -2311,10 +2310,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 2018a and earlier cve-2021-45046: investigated: false affected_versions: [] @@ -2326,8 +2326,8 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://corporate.thermofisher.com/us/en/index/about/information-security/Protecting-Our-Products.html - notes: '' + - https://thermocalc.com/blog/thermo-calc-response-to-apache-log4j-2-vulnerability/ + notes: Use the program as normal references: - '' last_updated: '2021-12-22T00:00:00' @@ -2391,9 +2391,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: ThycoticCentrify - product: Secret Server + product: Account Lifecycle Manager cves: cve-2021-4104: investigated: false @@ -2423,7 +2423,7 @@ software: - '' last_updated: '2021-12-10T00:00:00' - vendor: ThycoticCentrify - product: Privilege Manager + product: Cloud Suite cves: cve-2021-4104: investigated: false @@ -2453,7 +2453,7 @@ software: - '' last_updated: '2021-12-10T00:00:00' - vendor: ThycoticCentrify - product: Account Lifecycle Manager + product: Connection Manager cves: cve-2021-4104: investigated: false @@ -2483,7 +2483,7 @@ software: - '' last_updated: '2021-12-10T00:00:00' - vendor: ThycoticCentrify - product: Privileged Behavior Analytics + product: DevOps Secrets Vault cves: cve-2021-4104: investigated: false @@ -2513,7 +2513,7 @@ software: - '' last_updated: '2021-12-10T00:00:00' - vendor: ThycoticCentrify - product: DevOps Secrets Vault + product: Password Reset Server cves: cve-2021-4104: investigated: false @@ -2543,7 +2543,7 @@ software: - '' last_updated: '2021-12-10T00:00:00' - vendor: ThycoticCentrify - product: Connection Manager + product: Privilege Manager cves: cve-2021-4104: investigated: false @@ -2573,7 +2573,7 @@ software: - '' last_updated: '2021-12-10T00:00:00' - vendor: ThycoticCentrify - product: Password Reset Server + product: Privileged Behavior Analytics cves: cve-2021-4104: investigated: false @@ -2603,7 +2603,7 @@ software: - '' last_updated: '2021-12-10T00:00:00' - vendor: ThycoticCentrify - product: Cloud Suite + product: Secret Server cves: cve-2021-4104: investigated: false @@ -2690,7 +2690,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Top Gun Technology (TGT) product: '' cves: @@ -2719,7 +2719,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: TopDesk product: '' cves: @@ -2748,7 +2748,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Topicus Security product: Topicus KeyHub cves: @@ -2807,7 +2807,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Tosibox product: '' cves: @@ -2836,7 +2836,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: TPLink product: Omega Controller cves: @@ -2897,7 +2897,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Tricentis Tosca product: '' cves: @@ -2926,7 +2926,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Tridium product: '' cves: @@ -2952,13 +2952,13 @@ software: unaffected_versions: [] vendor_links: - https://docs.niagara-community.com/bundle/TechBulletin2021/resource/Dec_13_2021_NiagaraNotExposed_Apache_log4j.pdf - notes: Document access requires authentication. CISA is not able to validate vulnerability status. + notes: Document access requires authentication. CISA is not able to validate vulnerability + status. references: - '' last_updated: '2022-01-19T00:00:00' - - vendor: Tripp Lite - product: LX Platform devices (includes WEBCARDLX, WEBCARDLXMINI, SRCOOLNETLX, - SRCOOLNET2LX and devices with pre-installed or embedded WEBCARDLX interfaces) + - vendor: Trimble + product: eCognition cves: cve-2021-4104: investigated: false @@ -2966,8 +2966,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 10.2.0 Build 4618 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -2980,15 +2981,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf - notes: '' + vendor_links: [] + notes: Remediation steps provided by Trimble references: - '' - last_updated: '2022-01-04T00:00:00' + last_updated: '2021-12-23T00:00:00' - vendor: Tripp Lite - product: SNMPWEBCARD, SRCOOLNET, SRCOOLNET2 and devices with pre-installed or - embedded SNMPWEBCARD + product: LX Platform devices (includes WEBCARDLX, WEBCARDLXMINI, SRCOOLNETLX, + SRCOOLNET2LX and devices with pre-installed or embedded WEBCARDLX interfaces) cves: cve-2021-4104: investigated: false @@ -3047,7 +3047,7 @@ software: - '' last_updated: '2022-01-04T00:00:00' - vendor: Tripp Lite - product: PowerAlert Network Shutdown Agent (PANSA) + product: PowerAlert Network Management System (PANMS) cves: cve-2021-4104: investigated: false @@ -3071,13 +3071,13 @@ software: unaffected_versions: [] vendor_links: - https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf - notes: Some versions of PANSA use log4j v1 which is NOT AFFECTED by the CVE-2021-44228 + notes: Some versions of PAL use log4j v1 which is NOT AFFECTED by the CVE-2021-44228 vulnerability. references: - '' last_updated: '2022-01-04T00:00:00' - vendor: Tripp Lite - product: PowerAlert Network Management System (PANMS) + product: PowerAlert Network Shutdown Agent (PANSA) cves: cve-2021-4104: investigated: false @@ -3101,13 +3101,13 @@ software: unaffected_versions: [] vendor_links: - https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf - notes: Some versions of PAL use log4j v1 which is NOT AFFECTED by the CVE-2021-44228 + notes: Some versions of PANSA use log4j v1 which is NOT AFFECTED by the CVE-2021-44228 vulnerability. references: - '' last_updated: '2022-01-04T00:00:00' - vendor: Tripp Lite - product: TLNETCARD and associated software + product: PowerAlertElement Manager (PAEM) cves: cve-2021-4104: investigated: false @@ -3115,8 +3115,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 1.0.0 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -3131,12 +3132,14 @@ software: unaffected_versions: [] vendor_links: - https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf - notes: '' + notes: Tripp Lite will soon be issuing a patch in the form of PAEM 1.0.1 which + will contain a patched version of Log4j2 references: - '' last_updated: '2022-01-04T00:00:00' - vendor: Tripp Lite - product: PowerAlertElement Manager (PAEM) + product: SNMPWEBCARD, SRCOOLNET, SRCOOLNET2 and devices with pre-installed or + embedded SNMPWEBCARD cves: cve-2021-4104: investigated: false @@ -3144,9 +3147,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 1.0.0 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -3161,13 +3163,12 @@ software: unaffected_versions: [] vendor_links: - https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf - notes: Tripp Lite will soon be issuing a patch in the form of PAEM 1.0.1 which - will contain a patched version of Log4j2 + notes: '' references: - '' last_updated: '2022-01-04T00:00:00' - - vendor: Tripwire - product: '' + - vendor: Tripp Lite + product: TLNETCARD and associated software cves: cve-2021-4104: investigated: false @@ -3190,13 +3191,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.tripwire.com/log4j + - https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' - - vendor: Trimble - product: eCognition + last_updated: '2022-01-04T00:00:00' + - vendor: Tripwire + product: '' cves: cve-2021-4104: investigated: false @@ -3204,9 +3205,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 10.2.0 Build 4618 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -3219,11 +3219,12 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] - notes: Remediation steps provided by Trimble + vendor_links: + - https://www.tripwire.com/log4j + notes: '' references: - '' - last_updated: '2021-12-23T00:00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: TrueNAS product: '' cves: @@ -3252,7 +3253,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Tufin product: '' cves: @@ -3281,7 +3282,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: TYPO3 product: '' cves: @@ -3310,5 +3311,5 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' ... diff --git a/data/cisagov_U.yml b/data/cisagov_U.yml index 7240ee1..5a679fc 100644 --- a/data/cisagov_U.yml +++ b/data/cisagov_U.yml @@ -33,7 +33,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Ubiquiti product: UniFi Network Controller cves: @@ -93,9 +93,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' - - vendor: Umbraco - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: UiPath + product: InSights cves: cve-2021-4104: investigated: false @@ -103,8 +103,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '20.10' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -118,12 +119,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://umbraco.com/blog/security-advisory-december-15-2021-umbraco-cms-and-cloud-not-affected-by-cve-2021-44228-log4j-rce-0-day-mitigation/ + - https://www.uipath.com/legal/trust-and-security/cve-2021-44228 notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' - - vendor: UniFlow + last_updated: '2021-12-15T00:00:00' + - vendor: Umbraco product: '' cves: cve-2021-4104: @@ -147,12 +148,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.uniflow.global/en/security/security-and-maintenance/ + - https://umbraco.com/blog/security-advisory-december-15-2021-umbraco-cms-and-cloud-not-affected-by-cve-2021-44228-log4j-rce-0-day-mitigation/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' - - vendor: Unify ATOS + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: UniFlow product: '' cves: cve-2021-4104: @@ -176,12 +177,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://networks.unify.com/security/advisories/OBSO-2112-01.pdf + - https://www.uniflow.global/en/security/security-and-maintenance/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' - - vendor: Unimus + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Unify ATOS product: '' cves: cve-2021-4104: @@ -205,13 +206,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forum.unimus.net/viewtopic.php?f=7&t=1390#top + - https://networks.unify.com/security/advisories/OBSO-2112-01.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' - - vendor: UiPath - product: InSights + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Unimus + product: '' cves: cve-2021-4104: investigated: false @@ -219,9 +220,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - '20.10' + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -235,11 +235,11 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.uipath.com/legal/trust-and-security/cve-2021-44228 + - https://forum.unimus.net/viewtopic.php?f=7&t=1390#top notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: USSIGNAL MSP product: '' cves: @@ -268,5 +268,5 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' ... diff --git a/data/cisagov_V.yml b/data/cisagov_V.yml index 4d2e58d..c3555b7 100644 --- a/data/cisagov_V.yml +++ b/data/cisagov_V.yml @@ -4,35 +4,6 @@ owners: - name: cisagov url: https://github.com/cisagov/log4j-affected-db software: - - vendor: VArmour - product: '' - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://support.varmour.com/hc/en-us/articles/4416396248717-Log4j2-Emergency-Configuration-Change-for-Critical-Auth-Free-Code-Execution-in-Logging-Utility - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:56+00:00' - vendor: Varian product: Acuity cves: @@ -64,7 +35,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Varian - product: DITC + product: ARIA Connect (Cloverleaf) cves: cve-2021-4104: investigated: false @@ -72,11 +43,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: - - All + investigated: true + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -94,7 +65,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Varian - product: ARIA Connect (Cloverleaf) + product: ARIA eDOC cves: cve-2021-4104: investigated: false @@ -154,7 +125,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Varian - product: XMediusFax for ARIA oncology information system for Medical Oncology + product: ARIA oncology information system for Radiation Oncology cves: cve-2021-4104: investigated: false @@ -162,11 +133,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: - - All + investigated: true + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -184,7 +155,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Varian - product: ARIA oncology information system for Radiation Oncology + product: ARIA Radiation Therapy Management System (RTM) cves: cve-2021-4104: investigated: false @@ -214,7 +185,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Varian - product: ARIA eDOC + product: Bravos Console cves: cve-2021-4104: investigated: false @@ -244,7 +215,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Varian - product: XMediusFax for ARIA oncology information system for Radiation Oncology + product: Clinac cves: cve-2021-4104: investigated: false @@ -274,37 +245,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Varian - product: ARIA Radiation Therapy Management System (RTM) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities - notes: '' - references: - - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: Bravos Console + product: Cloud Planner cves: cve-2021-4104: investigated: false @@ -334,7 +275,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Varian - product: Clinac + product: DITC cves: cve-2021-4104: investigated: false @@ -364,7 +305,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Varian - product: Cloud Planner + product: DoseLab cves: cve-2021-4104: investigated: false @@ -394,7 +335,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Varian - product: DoseLab + product: Eclipse treatment planning software cves: cve-2021-4104: investigated: false @@ -424,7 +365,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Varian - product: Eclipse treatment planning software + product: ePeerReview cves: cve-2021-4104: investigated: false @@ -432,11 +373,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: + investigated: false + affected_versions: - All + fixed_versions: [] + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -454,7 +395,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Varian - product: ePeerReview + product: Ethos cves: cve-2021-4104: investigated: false @@ -462,11 +403,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: - - All + investigated: true + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -484,7 +425,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Varian - product: Ethos + product: FullScale oncology IT solutions cves: cve-2021-4104: investigated: false @@ -492,11 +433,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: + investigated: false + affected_versions: - All + fixed_versions: [] + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -514,7 +455,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Varian - product: FullScale oncology IT solutions + product: Halcyon system cves: cve-2021-4104: investigated: false @@ -544,7 +485,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Varian - product: Halcyon system + product: ICAP cves: cve-2021-4104: investigated: false @@ -552,11 +493,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: - - All + investigated: true + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -694,7 +635,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Varian - product: ICAP + product: Mobius3D platform cves: cve-2021-4104: investigated: false @@ -724,7 +665,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Varian - product: Mobius3D platform + product: PaaS cves: cve-2021-4104: investigated: false @@ -934,7 +875,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Varian - product: PaaS + product: TrueBeam radiotherapy system cves: cve-2021-4104: investigated: false @@ -964,7 +905,37 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Varian - product: TrueBeam radiotherapy system + product: UNIQUE system + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: + - All + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + notes: '' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: Varian Authentication and Identity Server (VAIS) cves: cve-2021-4104: investigated: false @@ -994,7 +965,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Varian - product: UNIQUE system + product: Varian Managed Services Cloud cves: cve-2021-4104: investigated: false @@ -1024,7 +995,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Varian - product: Varian Authentication and Identity Server (VAIS) + product: Varian Mobile App cves: cve-2021-4104: investigated: false @@ -1036,7 +1007,8 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '2.0' + - '2.5' cve-2021-45046: investigated: false affected_versions: [] @@ -1054,7 +1026,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Varian - product: Varian Managed Services Cloud + product: VariSeed cves: cve-2021-4104: investigated: false @@ -1062,11 +1034,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: - - All + investigated: true + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1084,7 +1056,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Varian - product: Varian Mobile App + product: Velocity cves: cve-2021-4104: investigated: false @@ -1096,8 +1068,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '2.0' - - '2.5' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1115,7 +1086,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Varian - product: VariSeed + product: VitalBeam radiotherapy system cves: cve-2021-4104: investigated: false @@ -1145,7 +1116,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Varian - product: Velocity + product: Vitesse cves: cve-2021-4104: investigated: false @@ -1175,7 +1146,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Varian - product: VitalBeam radiotherapy system + product: XMediusFax for ARIA oncology information system for Medical Oncology cves: cve-2021-4104: investigated: false @@ -1183,11 +1154,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: + investigated: false + affected_versions: - All + fixed_versions: [] + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1205,7 +1176,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Varian - product: Vitesse + product: XMediusFax for ARIA oncology information system for Radiation Oncology cves: cve-2021-4104: investigated: false @@ -1213,11 +1184,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: + investigated: false + affected_versions: - All + fixed_versions: [] + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1234,6 +1205,35 @@ software: references: - '' last_updated: '2021-12-22T00:00:00' + - vendor: VArmour + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.varmour.com/hc/en-us/articles/4416396248717-Log4j2-Emergency-Configuration-Change-for-Critical-Auth-Free-Code-Execution-in-Logging-Utility + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Varnish Software product: '' cves: @@ -1262,7 +1262,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Varonis product: '' cves: @@ -1291,7 +1291,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Veeam product: '' cves: @@ -1320,7 +1320,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Venafi product: '' cves: @@ -1349,7 +1349,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Veritas NetBackup product: '' cves: @@ -1378,7 +1378,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Vertica product: '' cves: @@ -1421,7 +1421,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -1466,7 +1466,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: VMware product: API Portal for VMware Tanzu cves: @@ -1678,6 +1678,71 @@ software: references: - '' last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: vCenter Server - OVA + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 7.x + - 6.7.x + - 6.5.x + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + notes: '[Workaround @ KB87081 (vmware.com)](https://kb.vmware.com/s/article/87081 + )' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: VMware + product: vCenter Server - Windows + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 6.7.x + - 6.5.x + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + notes: '[Workaround @ KB87096 (vmware.com)](https://kb.vmware.com/s/article/87096 + )' + references: + - '' + last_updated: '2021-12-17T00:00:00' - vendor: VMware product: VMware Carbon Black Cloud Workload Appliance cves: @@ -2291,71 +2356,6 @@ software: references: - '' last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: vCenter Server - OVA - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: - - 7.x - - 6.7.x - - 6.5.x - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html - notes: '[Workaround @ KB87081 (vmware.com)](https://kb.vmware.com/s/article/87081 - )' - references: - - '' - last_updated: '2021-12-17T00:00:00' - - vendor: VMware - product: vCenter Server - Windows - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: - - 6.7.x - - 6.5.x - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html - notes: '[Workaround @ KB87096 (vmware.com)](https://kb.vmware.com/s/article/87096 - )' - references: - - '' - last_updated: '2021-12-17T00:00:00' - vendor: VMware product: VMware vRealize Automation cves: @@ -2614,7 +2614,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] diff --git a/data/cisagov_W.yml b/data/cisagov_W.yml index f8b1dae..b2629d1 100644 --- a/data/cisagov_W.yml +++ b/data/cisagov_W.yml @@ -62,7 +62,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Wasp Barcode technologies product: '' cves: @@ -91,7 +91,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: WatchGuard product: Secplicity cves: @@ -120,7 +120,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Western Digital product: '' cves: @@ -149,9 +149,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: WIBU Systems - product: CodeMeter Keyring for TIA Portal + product: CodeMeter Cloud Lite cves: cve-2021-4104: investigated: false @@ -161,7 +161,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 1.30 and prior + - 2.2 and prior fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -176,12 +176,12 @@ software: unaffected_versions: [] vendor_links: - https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-211213-01.pdf - notes: Only the Password Manager is affected + notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - vendor: WIBU Systems - product: CodeMeter Cloud Lite + product: CodeMeter Keyring for TIA Portal cves: cve-2021-4104: investigated: false @@ -191,7 +191,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 2.2 and prior + - 1.30 and prior fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -206,39 +206,283 @@ software: unaffected_versions: [] vendor_links: - https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-211213-01.pdf - notes: '' + notes: Only the Password Manager is affected references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: WindRiver - product: '' + - vendor: Wind River + product: LTS17 cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All + vendor_links: + - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 + notes: '' + references: + - '' + last_updated: '2022-01-21T00:00:00' + - vendor: Wind River + product: LTS18 + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + vendor_links: + - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 + notes: '' + references: + - '' + last_updated: '2022-01-21T00:00:00' + - vendor: Wind River + product: LTS19 + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + vendor_links: + - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 + notes: '' + references: + - '' + last_updated: '2022-01-21T00:00:00' + - vendor: Wind River + product: LTS21 + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + vendor_links: + - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Wind River + product: WRL-6 + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + vendor_links: + - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 + notes: The Wind River Linux Product Versions 8.0 and prior contains the log4j1.2 + and JMSAppender components, however, JMSAppender is deactivated in the release + package and not affected by CVE-2021-4104 customers are advised to NOT manually + activate the JMSAppender component. + references: + - '' + last_updated: '2022-01-21T00:00:00' + - vendor: Wind River + product: WRL-7 + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + vendor_links: + - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 + notes: The Wind River Linux Product Versions 8.0 and prior contains the log4j1.2 + and JMSAppender components, however, JMSAppender is deactivated in the release + package and not affected by CVE-2021-4104 customers are advised to NOT manually + activate the JMSAppender component. + references: + - '' + last_updated: '2022-01-21T00:00:00' + - vendor: Wind River + product: WRL-8 + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + vendor_links: + - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 + notes: The Wind River Linux Product Versions 8.0 and prior contains the log4j1.2 + and JMSAppender components, however, JMSAppender is deactivated in the release + package and not affected by CVE-2021-4104 customers are advised to NOT manually + activate the JMSAppender component. + references: + - '' + last_updated: '2022-01-21T00:00:00' + - vendor: Wind River + product: WRL-9 + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All vendor_links: - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-21T00:00:00' - vendor: WireShark product: '' cves: @@ -267,7 +511,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Wistia product: '' cves: @@ -296,7 +540,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: WitFoo product: '' cves: @@ -325,7 +569,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: WordPress product: '' cves: @@ -354,7 +598,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Worksphere product: '' cves: @@ -383,7 +627,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Wowza product: '' cves: @@ -412,7 +656,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: WSO2 product: WSO2 Enterprise Integrator cves: @@ -442,5 +686,5 @@ software: notes: A temporary mitigation is available while vendor works on update references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' ... diff --git a/data/cisagov_X.yml b/data/cisagov_X.yml index 1235c42..b107a72 100644 --- a/data/cisagov_X.yml +++ b/data/cisagov_X.yml @@ -32,7 +32,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: XenForo product: '' cves: @@ -61,7 +61,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Xerox product: '' cves: @@ -90,7 +90,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: XPertDoc product: '' cves: @@ -119,7 +119,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: XPLG product: '' cves: @@ -148,7 +148,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: XWIKI product: '' cves: @@ -177,7 +177,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Xylem product: Aquatalk cves: @@ -237,7 +237,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Xylem - product: Sensus Analytics + product: Configuration change complete cves: cve-2021-4104: investigated: false @@ -266,7 +266,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Xylem - product: Sensus Automation Control Configuration change complete + product: Sensus Analytics cves: cve-2021-4104: investigated: false @@ -295,7 +295,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Xylem - product: Sensus Cathodic Protection Mitigation in process Mitigation in process + product: Sensus Automation Control Configuration change complete cves: cve-2021-4104: investigated: false @@ -324,7 +324,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Xylem - product: Sensus FieldLogic LogServer + product: Sensus Cathodic Protection Mitigation in process Mitigation in process cves: cve-2021-4104: investigated: false @@ -353,7 +353,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Xylem - product: Sensus Lighting Control + product: Sensus FieldLogic LogServer cves: cve-2021-4104: investigated: false @@ -382,7 +382,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Xylem - product: Sensus NetMetrics Configuration change complete + product: Sensus Lighting Control cves: cve-2021-4104: investigated: false @@ -411,7 +411,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Xylem - product: Sensus RNI Saas + product: Sensus NetMetrics Configuration change complete cves: cve-2021-4104: investigated: false @@ -419,11 +419,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 4.7 through 4.10 - - 4.4 through 4.6 - - '4.2' + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -475,7 +472,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Xylem - product: Sensus SCS + product: Sensus RNI Saas cves: cve-2021-4104: investigated: false @@ -483,8 +480,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 4.7 through 4.10 + - 4.4 through 4.6 + - '4.2' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -504,7 +504,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Xylem - product: Smart Irrigation + product: Sensus SCS cves: cve-2021-4104: investigated: false @@ -533,7 +533,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Xylem - product: Water Loss Management (Visenti) + product: Smart Irrigation cves: cve-2021-4104: investigated: false @@ -562,7 +562,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Xylem - product: Configuration change complete + product: Water Loss Management (Visenti) cves: cve-2021-4104: investigated: false diff --git a/data/cisagov_Y.yml b/data/cisagov_Y.yml index 982c73c..cc2fe73 100644 --- a/data/cisagov_Y.yml +++ b/data/cisagov_Y.yml @@ -32,7 +32,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: YellowFin product: '' cves: @@ -61,7 +61,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: YOKOGAWA product: '' cves: @@ -119,5 +119,5 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' ... diff --git a/data/cisagov_Z.yml b/data/cisagov_Z.yml index 5a92727..13f553c 100644 --- a/data/cisagov_Z.yml +++ b/data/cisagov_Z.yml @@ -32,7 +32,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: ZAMMAD product: '' cves: @@ -61,7 +61,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Zaproxy product: '' cves: @@ -90,7 +90,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Zebra product: '' cves: @@ -119,7 +119,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Zendesk product: All Products cves: @@ -180,7 +180,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Zentera Systems, Inc. product: CoIP Access Platform cves: @@ -239,7 +239,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Zesty product: '' cves: @@ -268,7 +268,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Zimbra product: '' cves: @@ -297,7 +297,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Zix product: '' cves: @@ -355,7 +355,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: ZPE systems Inc product: '' cves: @@ -384,7 +384,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Zscaler product: See Link (Multiple Products) cves: @@ -442,7 +442,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Zyxel product: Security Firewall/Gateways cves: