diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md index 4a4947c..f62ff18 100644 --- a/SOFTWARE-LIST.md +++ b/SOFTWARE-LIST.md @@ -415,14 +415,16 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Campbell Scientific | All | | | Unknown | [link](https://s.campbellsci.com/documents/us/miscellaneous/log4j2-vulnerability.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-23 | | Camunda | | | | Unknown | [link](https://forum.camunda.org/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228/31910) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Canary Labs | All | | | Unknown | [link](https://helpcenter.canarylabs.com/t/83hjjk0/log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Canon | Alphenix (Angio Workstation) | | | Unknown | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Canon | CT Medical Imaging Products | | | Unknown | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Canon | Infinix-i (Angio Workstation) | | | Unknown | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Canon | MR Medical Imaging Products | | | Unknown | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Canon | NM Medical Imaging Products | | | Unknown | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Canon | UL Medical Imaging Products | | | Unknown | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Canon | Vitrea Advanced 7.x | | | Unknown | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Canon | XR Medical Imaging Products | | | Unknown | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| Canon | Canon DR Products CXDI_NE) | | | Not Affected | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | Such as Omnera, FlexPro, Soltus | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Canon | CT Medical Imaging Products | | | Not Affected | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Canon | Eye-Care Products | | | Not Affected | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Canon | MR Medical Imaging Products | | | Not Affected | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Canon | NM Medical Imaging Products | | | Not Affected | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Canon | UL Medical Imaging Products | | | Not Affected | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Canon | Vitrea Advanced 7.x | All | | Affected | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Canon | VL Alphenix Angio Workstation (AWS) | All | | Affected | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Canon | VL Infinix-i Angio Workstation (AWS) | | | Not Affected | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Canon | XR Medical Imaging Products | | | Not Affected | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | | CapStorm | Copystorm | | | Unknown | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | | CarbonBlack | | | | Unknown | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Carestream | | | | Unknown | [link](https://www.carestream.com/en/us/services-and-support/cybersecurity-and-privacy) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | @@ -1227,6 +1229,14 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Fortinet | FortiWeb Cloud | | | Unknown | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Fortinet | ShieldX | | | Unknown | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | FTAPI | | | | Unknown | [link](https://www.ftapi.com/blog/kritische-sicherheitslucke-in-log4j-ftapi-reagiert/#) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fuji Electric | MONITOUCH TS1000 series | | | Not Affected | [link](https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Fuji Electric | MONITOUCH TS1000S series | | | Not Affected | [link](https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Fuji Electric | MONITOUCH TS2000 series | | | Not Affected | [link](https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Fuji Electric | MONITOUCH V8 series | | | Not Affected | [link](https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Fuji Electric | MONITOUCH V9 series | | | Not Affected | [link](https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Fuji Electric | MONITOUCH X1 series | | | Not Affected | [link](https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Fuji Electric | TELLUS and V-Server | | | Not Affected | [link](https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Fuji Electric | V-SFT | | | Not Affected | [link](https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | | Fujitsu | | | | Unknown | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | FusionAuth | FusionAuth | | | Not Affected | [link](https://fusionauth.io/blog/2021/12/10/log4j-fusionauth/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | GE Digital | All | | | Unknown | [link](https://digitalsupport.ge.com/communities/en_US/Alert/GE-Security-Advisories) | This advisory is available to customers only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | @@ -1994,17 +2004,35 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Jump Desktop | | | | Unknown | [link](https://support.jumpdesktop.com/hc/en-us/articles/4416720395021-Log4j-CVE-2021-44228-CVE-2021-45046-Statement) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Juniper Networks | | | | Unknown | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Justice Systems | | | | Unknown | [link](https://www.justicesystems.com/services/support/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| K15t | | | | Unknown | [link](https://help.k15t.com/k15t-apps-and-log4shell-193401141.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| K6 | | | | Unknown | [link](https://k6.io/blog/k6-products-not-impacted-by-cve-2021-44228/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Karakun | | | | Unknown | [link](https://board.karakun.com/viewtopic.php?f=21&t=8351) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Kaseya | | | | Unknown | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Keeper Security | | | | Unknown | [link](https://www.keepersecurity.com/blog/2021/12/15/public-notice-regarding-the-apache-foundation-log4j-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| KEMP | | | | Unknown | [link](https://support.kemptechnologies.com/hc/en-us/articles/4416430695437-CVE-2021-44228-Log4j2-Exploit) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| KEMP 2 | | | | Unknown | [link](https://support.kemptechnologies.com/hc/en-us/articles/4416473820045-Progress-Kemp-LoadMaster-protects-from-security-vulnerability-Apache-Log4j-2-CVE-2021-44228-) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Kofax | | | | Unknown | [link](https://knowledge.kofax.com/MFD_Productivity/SafeCom/Product_Information/SafeCom_and_Log4j_vulnerability_(CVE-2021-44228)) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Konica Minolta | | | | Unknown | [link](https://www.konicaminolta.de/de-de/support/log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Kronos UKG | | | | Unknown | [link](https://community.kronos.com/s/feed/0D54M00004wJKHiSAO?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Kyberna | | | | Unknown | [link](https://www.kyberna.com/detail/log4j-sicherheitsluecke) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| K15t | All | | | Unknown | [link](https://help.k15t.com/k15t-apps-and-log4shell-193401141.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| K6 | All | | | Unknown | [link](https://k6.io/blog/k6-products-not-impacted-by-cve-2021-44228/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Kaltura | Blackboard Learn SaaS in the classic Learn experience | | v3900.28.x | Fixed | [link](https://knowledge.kaltura.com/help/blackboard-learn-release-notes#blackboard-learn-december-2021-release-notes-v5412) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-23 | +| Kaltura | Blackboard Learn Self- and Managed-Hosting | | v3900.26.x | Fixed | [link](https://knowledge.kaltura.com/help/blackboard-learn-release-notes#blackboard-learn-december-2021-release-notes-v5412) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-23 | +| Karakun | All | | | Unknown | [link](https://board.karakun.com/viewtopic.php?f=21&t=8351) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Kaseya | AuthAnvil | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Kaseya | BMS | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Kaseya | ID Agent DarkWeb ID and BullPhish ID | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Kaseya | IT Glue | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Kaseya | MyGlue | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Kaseya | Network Glue | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Kaseya | Passly | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Kaseya | RocketCyber | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Kaseya | Spannign Salesforce Backup | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Kaseya | Spanning O365 Backup | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Kaseya | Unitrends | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Kaseya | Vorex | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Kaseya | VSA SaaS and VSA On-Premises | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| KeePass | All | | | Not Affected | [link](https://sourceforge.net/p/keepass/discussion/329220/thread/4643c5ec4f/?limit=250) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Keeper | All | | | Fixed | [link](https://www.keepersecurity.com/blog/2021/12/15/public-notice-regarding-the-apache-foundation-log4j-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Kemp | All | | | Unknown | [link](https://support.kemptechnologies.com/hc/en-us/articles/4416430695437-CVE-2021-44228-Log4j2-Exploit) | | [Additional Link](https://support.kemptechnologies.com/hc/en-us/articles/4416473820045-Progress-Kemp-LoadMaster-protects-from-security-vulnerability-Apache-Log4j-2-CVE-2021-44228-) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Keycloak | All | | | Not Affected | [link](https://github.com/keycloak/keycloak/discussions/9078) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Kofax | Capture | | | Not Affected | [link](https://knowledge.kofax.com/Capture/Kofax_Capture/Reference/Log4J_Vulnerability_CVE-2021-44228_Does_Not_Affect_Kofax_Capture) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Kofax | Communication Manager | | 5.3 - 5.5 | Fixed | [link](https://knowledge.kofax.com/Communications_Manager/Troubleshooting/log4j_vulnerability_in_Kofax_Communications_Manager) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Kofax | Robot File System (RFS) | | >=10.7 | Fixed | [link](https://knowledge.kofax.com/Robotic_Process_Automation/Troubleshooting) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Kofax | Robotic Process Automation (RPA) | | 11.1, 11.2 | Fixed | [link](https://knowledge.kofax.com/Robotic_Process_Automation/Troubleshooting) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Konica Minolta | All | | | Unknown | [link](https://www.konicaminolta.de/de-de/support/log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Kronos UKG | All | | | Unknown | [link](https://community.kronos.com/s/feed/0D54M00004wJKHiSAO?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Kyberna | All | | | Unknown | [link](https://www.kyberna.com/detail/log4j-sicherheitsluecke) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | L-Soft | | | | Unknown | [link](http://www.lsoft.com/news/log4jinfo.asp) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | L3Harris Geospatial | | | | Unknown | [link](https://www.l3harrisgeospatial.com/Support/Self-Help-Tools/Help-Articles/Help-Articles-Detail/ArtMID/10220/ArticleID/24141/Impact-of-Log4j-Java-Security-Vulnerability-CVE-2021-44228-on-L3Harris-Geospatial-software) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Lancom Systems | | | | Unknown | [link](https://www.lancom-systems.com/service-support/instant-help/general-security-information/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | diff --git a/data/cisagov.yml b/data/cisagov.yml index 07c89c9..c586742 100644 --- a/data/cisagov.yml +++ b/data/cisagov.yml @@ -11696,7 +11696,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Canon - product: Alphenix (Angio Workstation) + product: Canon DR Products CXDI_NE) cves: cve-2021-4104: investigated: false @@ -11704,10 +11704,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -11720,10 +11721,10 @@ software: unaffected_versions: [] vendor_links: - https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability - notes: '' + notes: Such as Omnera, FlexPro, Soltus references: - '' - last_updated: '2021-12-22T00:00:00' + last_updated: '2022-02-02T00:00:00' - vendor: Canon product: CT Medical Imaging Products cves: @@ -11733,10 +11734,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -11752,9 +11754,9 @@ software: notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' + last_updated: '2022-02-02T00:00:00' - vendor: Canon - product: Infinix-i (Angio Workstation) + product: Eye-Care Products cves: cve-2021-4104: investigated: false @@ -11762,10 +11764,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -11781,7 +11784,7 @@ software: notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' + last_updated: '2022-02-02T00:00:00' - vendor: Canon product: MR Medical Imaging Products cves: @@ -11791,10 +11794,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -11810,7 +11814,7 @@ software: notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' + last_updated: '2022-02-02T00:00:00' - vendor: Canon product: NM Medical Imaging Products cves: @@ -11820,10 +11824,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -11839,7 +11844,7 @@ software: notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' + last_updated: '2022-02-02T00:00:00' - vendor: Canon product: UL Medical Imaging Products cves: @@ -11849,10 +11854,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -11868,7 +11874,7 @@ software: notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' + last_updated: '2022-02-02T00:00:00' - vendor: Canon product: Vitrea Advanced 7.x cves: @@ -11878,8 +11884,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -11897,9 +11904,9 @@ software: notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' + last_updated: '2022-02-02T00:00:00' - vendor: Canon - product: XR Medical Imaging Products + product: VL Alphenix Angio Workstation (AWS) cves: cve-2021-4104: investigated: false @@ -11907,8 +11914,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -11926,9 +11934,9 @@ software: notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: CapStorm - product: Copystorm + last_updated: '2022-02-02T00:00:00' + - vendor: Canon + product: VL Infinix-i Angio Workstation (AWS) cves: cve-2021-4104: investigated: false @@ -11936,10 +11944,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -11950,13 +11959,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: CarbonBlack - product: '' + last_updated: '2022-02-02T00:00:00' + - vendor: Canon + product: XR Medical Imaging Products cves: cve-2021-4104: investigated: false @@ -11964,10 +11974,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -11979,13 +11990,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Carestream - product: '' + last_updated: '2022-02-02T00:00:00' + - vendor: CapStorm + product: Copystorm cves: cve-2021-4104: investigated: false @@ -12007,13 +12018,12 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.carestream.com/en/us/services-and-support/cybersecurity-and-privacy + vendor_links: [] notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Carrier + last_updated: '2021-12-22T00:00:00' + - vendor: CarbonBlack product: '' cves: cve-2021-4104: @@ -12037,12 +12047,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.corporate.carrier.com/product-security/advisories-resources/ + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: CAS genesisWorld + - vendor: Carestream product: '' cves: cve-2021-4104: @@ -12066,12 +12076,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://helpdesk.cas.de/CASHelpdesk/FAQDetails.aspx?gguid=0x79F9E881EE3C46C1A71BE9EB3E480446 + - https://www.carestream.com/en/us/services-and-support/cybersecurity-and-privacy notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cato Networks + last_updated: '2021-12-20T00:00:00' + - vendor: Carrier product: '' cves: cve-2021-4104: @@ -12095,42 +12105,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.catonetworks.com/blog/cato-networks-rapid-response-to-the-apache-log4j-remote-code-execution-vulnerability/ + - https://www.corporate.carrier.com/product-security/advisories-resources/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cepheid - product: C360 - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.cepheid.com/en_US/legal/product-security-updates - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Cepheid - product: GeneXpert + - vendor: CAS genesisWorld + product: '' cves: cve-2021-4104: investigated: false @@ -12153,12 +12134,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.cepheid.com/en_US/legal/product-security-updates + - https://helpdesk.cas.de/CASHelpdesk/FAQDetails.aspx?gguid=0x79F9E881EE3C46C1A71BE9EB3E480446 notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Cerberus FTP + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cato Networks product: '' cves: cve-2021-4104: @@ -12182,43 +12163,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.cerberusftp.com/hc/en-us/articles/4412448183571-Cerberus-is-not-affected-by-CVE-2021-44228-log4j-0-day-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Chaser Systems - product: discrimiNAT Firewall - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://chasersystems.com/discrimiNAT/blog/log4shell-and-its-traces-in-a-network-egress-filter/#are-chasers-products-affected + - https://www.catonetworks.com/blog/cato-networks-rapid-response-to-the-apache-log4j-remote-code-execution-vulnerability/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Check Point - product: CloudGuard + - vendor: Cepheid + product: C360 cves: cve-2021-4104: investigated: false @@ -12226,41 +12177,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://supportcontent.checkpoint.com/solutions?id=sk176865 - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Check Point - product: Harmony Endpoint & Harmony Mobile - cves: - cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All cve-2021-45046: investigated: false affected_versions: [] @@ -12272,13 +12192,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportcontent.checkpoint.com/solutions?id=sk176865 + - https://www.cepheid.com/en_US/legal/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Check Point - product: Infinity Portal + last_updated: '2021-12-20T00:00:00' + - vendor: Cepheid + product: GeneXpert cves: cve-2021-4104: investigated: false @@ -12301,13 +12221,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportcontent.checkpoint.com/solutions?id=sk176865 + - https://www.cepheid.com/en_US/legal/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Check Point - product: Quantum Security Gateway + last_updated: '2021-12-20T00:00:00' + - vendor: Cerberus FTP + product: '' cves: cve-2021-4104: investigated: false @@ -12315,41 +12235,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://supportcontent.checkpoint.com/solutions?id=sk176865 - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Check Point - product: Quantum Security Management - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All cve-2021-45046: investigated: false affected_versions: [] @@ -12361,14 +12250,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportcontent.checkpoint.com/solutions?id=sk176865 - notes: Where used, uses the 1.8.0\_u241 version of the JRE that protects against - this attack by default. + - https://support.cerberusftp.com/hc/en-us/articles/4412448183571-Cerberus-is-not-affected-by-CVE-2021-44228-log4j-0-day-vulnerability + notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Check Point - product: SMB + - vendor: Chaser Systems + product: discrimiNAT Firewall cves: cve-2021-4104: investigated: false @@ -12392,13 +12280,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportcontent.checkpoint.com/solutions?id=sk176865 + - https://chasersystems.com/discrimiNAT/blog/log4shell-and-its-traces-in-a-network-egress-filter/#are-chasers-products-affected notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Check Point - product: ThreatCloud + product: CloudGuard cves: cve-2021-4104: investigated: false @@ -12406,10 +12294,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -12426,8 +12315,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: CheckMK - product: '' + - vendor: Check Point + product: Harmony Endpoint & Harmony Mobile cves: cve-2021-4104: investigated: false @@ -12435,10 +12324,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -12450,13 +12340,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forum.checkmk.com/t/checkmk-not-affected-by-log4shell/28643/3 + - https://supportcontent.checkpoint.com/solutions?id=sk176865 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Ciphermail - product: '' + - vendor: Check Point + product: Infinity Portal cves: cve-2021-4104: investigated: false @@ -12479,13 +12369,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ciphermail.com/blog/ciphermail-gateway-and-webmail-messenger-are-not-vulnerable-to-cve-2021-44228.html + - https://supportcontent.checkpoint.com/solutions?id=sk176865 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: CircleCI - product: CircleCI + - vendor: Check Point + product: Quantum Security Gateway cves: cve-2021-4104: investigated: false @@ -12493,10 +12383,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -12508,13 +12399,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.circleci.com/t/circleci-log4j-information-cve-2021-4422 + - https://supportcontent.checkpoint.com/solutions?id=sk176865 notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: CIS - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Check Point + product: Quantum Security Management cves: cve-2021-4104: investigated: false @@ -12522,10 +12413,42 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://supportcontent.checkpoint.com/solutions?id=sk176865 + notes: Where used, uses the 1.8.0\_u241 version of the JRE that protects against + this attack by default. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Check Point + product: SMB + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -12537,13 +12460,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cisecurity.atlassian.net/servicedesk/customer/portal/15/article/2434301961 + - https://supportcontent.checkpoint.com/solutions?id=sk176865 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: AppDynamics + - vendor: Check Point + product: ThreatCloud cves: cve-2021-4104: investigated: false @@ -12566,13 +12489,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://supportcontent.checkpoint.com/solutions?id=sk176865 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco ACI Multi-Site Orchestrator + - vendor: CheckMK + product: '' cves: cve-2021-4104: investigated: false @@ -12595,13 +12518,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://forum.checkmk.com/t/checkmk-not-affected-by-log4shell/28643/3 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco ACI Virtual Edge + - vendor: Ciphermail + product: '' cves: cve-2021-4104: investigated: false @@ -12624,13 +12547,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://www.ciphermail.com/blog/ciphermail-gateway-and-webmail-messenger-are-not-vulnerable-to-cve-2021-44228.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco Adaptive Security Appliance (ASA) Software + - vendor: CircleCI + product: CircleCI cves: cve-2021-4104: investigated: false @@ -12653,13 +12576,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://discuss.circleci.com/t/circleci-log4j-information-cve-2021-4422 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco Advanced Web Security Reporting Application + last_updated: '2021-12-21T00:00:00' + - vendor: CIS + product: '' cves: cve-2021-4104: investigated: false @@ -12682,13 +12605,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://cisecurity.atlassian.net/servicedesk/customer/portal/15/article/2434301961 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco AMP Virtual Private Cloud Appliance + product: AppDynamics cves: cve-2021-4104: investigated: false @@ -12717,7 +12640,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco AnyConnect Secure Mobility Client + product: Cisco ACI Multi-Site Orchestrator cves: cve-2021-4104: investigated: false @@ -12746,7 +12669,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Application Policy Infrastructure Controller (APIC) + product: Cisco ACI Virtual Edge cves: cve-2021-4104: investigated: false @@ -12775,7 +12698,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco ASR 5000 Series Routers + product: Cisco Adaptive Security Appliance (ASA) Software cves: cve-2021-4104: investigated: false @@ -12804,7 +12727,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Broadcloud Calling + product: Cisco Advanced Web Security Reporting Application cves: cve-2021-4104: investigated: false @@ -12833,7 +12756,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco BroadWorks + product: Cisco AMP Virtual Private Cloud Appliance cves: cve-2021-4104: investigated: false @@ -12862,7 +12785,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Catalyst 9800 Series Wireless Controllers + product: Cisco AnyConnect Secure Mobility Client cves: cve-2021-4104: investigated: false @@ -12891,7 +12814,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco CloudCenter Suite Admin + product: Cisco Application Policy Infrastructure Controller (APIC) cves: cve-2021-4104: investigated: false @@ -12920,7 +12843,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco CloudCenter Workload Manager + product: Cisco ASR 5000 Series Routers cves: cve-2021-4104: investigated: false @@ -12949,7 +12872,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Cognitive Intelligence + product: Cisco Broadcloud Calling cves: cve-2021-4104: investigated: false @@ -12978,7 +12901,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Common Services Platform Collector + product: Cisco BroadWorks cves: cve-2021-4104: investigated: false @@ -13007,7 +12930,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Computer Telephony Integration Object Server (CTIOS) + product: Cisco Catalyst 9800 Series Wireless Controllers cves: cve-2021-4104: investigated: false @@ -13036,7 +12959,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Connected Grid Device Manager + product: Cisco CloudCenter Suite Admin cves: cve-2021-4104: investigated: false @@ -13065,7 +12988,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Connected Mobile Experiences + product: Cisco CloudCenter Workload Manager cves: cve-2021-4104: investigated: false @@ -13094,7 +13017,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Connectivity + product: Cisco Cognitive Intelligence cves: cve-2021-4104: investigated: false @@ -13123,7 +13046,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Contact Center Domain Manager (CCDM) + product: Cisco Common Services Platform Collector cves: cve-2021-4104: investigated: false @@ -13152,7 +13075,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Contact Center Management Portal (CCMP) + product: Cisco Computer Telephony Integration Object Server (CTIOS) cves: cve-2021-4104: investigated: false @@ -13181,7 +13104,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Crosswork Change Automation + product: Cisco Connected Grid Device Manager cves: cve-2021-4104: investigated: false @@ -13210,7 +13133,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco CX Cloud Agent Software + product: Cisco Connected Mobile Experiences cves: cve-2021-4104: investigated: false @@ -13239,7 +13162,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Data Center Network Manager (DCNM) + product: Cisco Connectivity cves: cve-2021-4104: investigated: false @@ -13268,7 +13191,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Defense Orchestrator + product: Cisco Contact Center Domain Manager (CCDM) cves: cve-2021-4104: investigated: false @@ -13297,7 +13220,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco DNA Assurance + product: Cisco Contact Center Management Portal (CCMP) cves: cve-2021-4104: investigated: false @@ -13326,7 +13249,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco DNA Center + product: Cisco Crosswork Change Automation cves: cve-2021-4104: investigated: false @@ -13355,7 +13278,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco DNA Spaces + product: Cisco CX Cloud Agent Software cves: cve-2021-4104: investigated: false @@ -13384,7 +13307,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Elastic Services Controller (ESC) + product: Cisco Data Center Network Manager (DCNM) cves: cve-2021-4104: investigated: false @@ -13413,7 +13336,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Emergency Responder + product: Cisco Defense Orchestrator cves: cve-2021-4104: investigated: false @@ -13442,7 +13365,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Enterprise Chat and Email + product: Cisco DNA Assurance cves: cve-2021-4104: investigated: false @@ -13471,7 +13394,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Enterprise NFV Infrastructure Software (NFVIS) + product: Cisco DNA Center cves: cve-2021-4104: investigated: false @@ -13500,7 +13423,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Evolved Programmable Network Manager + product: Cisco DNA Spaces cves: cve-2021-4104: investigated: false @@ -13529,7 +13452,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Extensible Network Controller (XNC) + product: Cisco Elastic Services Controller (ESC) cves: cve-2021-4104: investigated: false @@ -13558,7 +13481,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Finesse + product: Cisco Emergency Responder cves: cve-2021-4104: investigated: false @@ -13587,7 +13510,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Firepower Management Center + product: Cisco Enterprise Chat and Email cves: cve-2021-4104: investigated: false @@ -13616,7 +13539,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Firepower Threat Defense (FTD) + product: Cisco Enterprise NFV Infrastructure Software (NFVIS) cves: cve-2021-4104: investigated: false @@ -13645,7 +13568,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco GGSN Gateway GPRS Support Node + product: Cisco Evolved Programmable Network Manager cves: cve-2021-4104: investigated: false @@ -13674,7 +13597,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco HyperFlex System + product: Cisco Extensible Network Controller (XNC) cves: cve-2021-4104: investigated: false @@ -13703,7 +13626,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Identity Services Engine (ISE) + product: Cisco Finesse cves: cve-2021-4104: investigated: false @@ -13732,7 +13655,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Integrated Management Controller (IMC) Supervisor + product: Cisco Firepower Management Center cves: cve-2021-4104: investigated: false @@ -13761,7 +13684,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Intersight + product: Cisco Firepower Threat Defense (FTD) cves: cve-2021-4104: investigated: false @@ -13790,7 +13713,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Intersight Virtual Appliance + product: Cisco GGSN Gateway GPRS Support Node cves: cve-2021-4104: investigated: false @@ -13819,7 +13742,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco IOS and IOS XE Software + product: Cisco HyperFlex System cves: cve-2021-4104: investigated: false @@ -13848,8 +13771,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco IoT Field Network Director (formerly Cisco Connected Grid Network - Management System) + product: Cisco Identity Services Engine (ISE) cves: cve-2021-4104: investigated: false @@ -13878,7 +13800,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco IoT Operations Dashboard + product: Cisco Integrated Management Controller (IMC) Supervisor cves: cve-2021-4104: investigated: false @@ -13907,7 +13829,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco IOx Fog Director + product: Cisco Intersight cves: cve-2021-4104: investigated: false @@ -13936,7 +13858,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco IP Services Gateway (IPSG) + product: Cisco Intersight Virtual Appliance cves: cve-2021-4104: investigated: false @@ -13965,7 +13887,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Kinetic for Cities + product: Cisco IOS and IOS XE Software cves: cve-2021-4104: investigated: false @@ -13994,7 +13916,8 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco MDS 9000 Series Multilayer Switches + product: Cisco IoT Field Network Director (formerly Cisco Connected Grid Network + Management System) cves: cve-2021-4104: investigated: false @@ -14023,7 +13946,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Meeting Server + product: Cisco IoT Operations Dashboard cves: cve-2021-4104: investigated: false @@ -14052,7 +13975,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco MME Mobility Management Entity + product: Cisco IOx Fog Director cves: cve-2021-4104: investigated: false @@ -14081,7 +14004,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Modeling Labs + product: Cisco IP Services Gateway (IPSG) cves: cve-2021-4104: investigated: false @@ -14110,7 +14033,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Network Assessment (CNA) Tool + product: Cisco Kinetic for Cities cves: cve-2021-4104: investigated: false @@ -14139,7 +14062,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Network Assurance Engine + product: Cisco MDS 9000 Series Multilayer Switches cves: cve-2021-4104: investigated: false @@ -14168,7 +14091,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Network Convergence System 2000 Series + product: Cisco Meeting Server cves: cve-2021-4104: investigated: false @@ -14197,7 +14120,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Network Planner + product: Cisco MME Mobility Management Entity cves: cve-2021-4104: investigated: false @@ -14226,7 +14149,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Network Services Orchestrator (NSO) + product: Cisco Modeling Labs cves: cve-2021-4104: investigated: false @@ -14255,7 +14178,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Nexus 5500 Platform Switches + product: Cisco Network Assessment (CNA) Tool cves: cve-2021-4104: investigated: false @@ -14284,7 +14207,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Nexus 5600 Platform Switches + product: Cisco Network Assurance Engine cves: cve-2021-4104: investigated: false @@ -14313,7 +14236,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Nexus 6000 Series Switches + product: Cisco Network Convergence System 2000 Series cves: cve-2021-4104: investigated: false @@ -14342,7 +14265,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Nexus 7000 Series Switches + product: Cisco Network Planner cves: cve-2021-4104: investigated: false @@ -14371,8 +14294,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure - (ACI) mode + product: Cisco Network Services Orchestrator (NSO) cves: cve-2021-4104: investigated: false @@ -14401,7 +14323,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Nexus Dashboard (formerly Cisco Application Services Engine) + product: Cisco Nexus 5500 Platform Switches cves: cve-2021-4104: investigated: false @@ -14430,7 +14352,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Nexus Data Broker + product: Cisco Nexus 5600 Platform Switches cves: cve-2021-4104: investigated: false @@ -14459,7 +14381,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Nexus Insights + product: Cisco Nexus 6000 Series Switches cves: cve-2021-4104: investigated: false @@ -14488,7 +14410,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Optical Network Planner + product: Cisco Nexus 7000 Series Switches cves: cve-2021-4104: investigated: false @@ -14517,7 +14439,8 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Packaged Contact Center Enterprise + product: Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure + (ACI) mode cves: cve-2021-4104: investigated: false @@ -14546,7 +14469,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Paging Server + product: Cisco Nexus Dashboard (formerly Cisco Application Services Engine) cves: cve-2021-4104: investigated: false @@ -14575,7 +14498,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Paging Server (InformaCast) + product: Cisco Nexus Data Broker cves: cve-2021-4104: investigated: false @@ -14604,7 +14527,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco PDSN/HA Packet Data Serving Node and Home Agent + product: Cisco Nexus Insights cves: cve-2021-4104: investigated: false @@ -14633,7 +14556,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco PGW Packet Data Network Gateway + product: Cisco Optical Network Planner cves: cve-2021-4104: investigated: false @@ -14662,7 +14585,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Policy Suite + product: Cisco Packaged Contact Center Enterprise cves: cve-2021-4104: investigated: false @@ -14691,7 +14614,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Prime Central for Service Providers + product: Cisco Paging Server cves: cve-2021-4104: investigated: false @@ -14720,7 +14643,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Prime Collaboration Manager + product: Cisco Paging Server (InformaCast) cves: cve-2021-4104: investigated: false @@ -14749,7 +14672,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Prime Collaboration Provisioning + product: Cisco PDSN/HA Packet Data Serving Node and Home Agent cves: cve-2021-4104: investigated: false @@ -14778,7 +14701,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Prime Infrastructure + product: Cisco PGW Packet Data Network Gateway cves: cve-2021-4104: investigated: false @@ -14807,7 +14730,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Prime License Manager + product: Cisco Policy Suite cves: cve-2021-4104: investigated: false @@ -14836,7 +14759,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Prime Network + product: Cisco Prime Central for Service Providers cves: cve-2021-4104: investigated: false @@ -14865,7 +14788,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Prime Optical for Service Providers + product: Cisco Prime Collaboration Manager cves: cve-2021-4104: investigated: false @@ -14894,7 +14817,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Prime Provisioning + product: Cisco Prime Collaboration Provisioning cves: cve-2021-4104: investigated: false @@ -14923,7 +14846,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Prime Service Catalog + product: Cisco Prime Infrastructure cves: cve-2021-4104: investigated: false @@ -14952,7 +14875,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Registered Envelope Service + product: Cisco Prime License Manager cves: cve-2021-4104: investigated: false @@ -14981,7 +14904,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco SD-WAN vEdge 1000 Series Routers + product: Cisco Prime Network cves: cve-2021-4104: investigated: false @@ -15010,7 +14933,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco SD-WAN vEdge 2000 Series Routers + product: Cisco Prime Optical for Service Providers cves: cve-2021-4104: investigated: false @@ -15039,7 +14962,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco SD-WAN vEdge 5000 Series Routers + product: Cisco Prime Provisioning cves: cve-2021-4104: investigated: false @@ -15068,7 +14991,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco SD-WAN vEdge Cloud Router Platform + product: Cisco Prime Service Catalog cves: cve-2021-4104: investigated: false @@ -15097,7 +15020,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco SD-WAN vManage + product: Cisco Registered Envelope Service cves: cve-2021-4104: investigated: false @@ -15126,7 +15049,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Secure Network Analytics (SNA), formerly Stealthwatch + product: Cisco SD-WAN vEdge 1000 Series Routers cves: cve-2021-4104: investigated: false @@ -15155,7 +15078,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco SocialMiner + product: Cisco SD-WAN vEdge 2000 Series Routers cves: cve-2021-4104: investigated: false @@ -15184,7 +15107,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco System Architecture Evolution Gateway (SAEGW) + product: Cisco SD-WAN vEdge 5000 Series Routers cves: cve-2021-4104: investigated: false @@ -15213,7 +15136,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco TelePresence Management Suite + product: Cisco SD-WAN vEdge Cloud Router Platform cves: cve-2021-4104: investigated: false @@ -15242,7 +15165,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco UCS Director + product: Cisco SD-WAN vManage cves: cve-2021-4104: investigated: false @@ -15271,7 +15194,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco UCS Performance Manager + product: Cisco Secure Network Analytics (SNA), formerly Stealthwatch cves: cve-2021-4104: investigated: false @@ -15300,7 +15223,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Umbrella + product: Cisco SocialMiner cves: cve-2021-4104: investigated: false @@ -15329,7 +15252,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Unified Attendant Console Advanced + product: Cisco System Architecture Evolution Gateway (SAEGW) cves: cve-2021-4104: investigated: false @@ -15358,7 +15281,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Unified Attendant Console Business Edition + product: Cisco TelePresence Management Suite cves: cve-2021-4104: investigated: false @@ -15387,7 +15310,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Unified Attendant Console Department Edition + product: Cisco UCS Director cves: cve-2021-4104: investigated: false @@ -15416,7 +15339,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Unified Attendant Console Enterprise Edition + product: Cisco UCS Performance Manager cves: cve-2021-4104: investigated: false @@ -15445,7 +15368,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Unified Attendant Console Premium Edition + product: Cisco Umbrella cves: cve-2021-4104: investigated: false @@ -15474,7 +15397,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Unified Communications Manager Cloud + product: Cisco Unified Attendant Console Advanced cves: cve-2021-4104: investigated: false @@ -15503,7 +15426,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Unified Contact Center Enterprise + product: Cisco Unified Attendant Console Business Edition cves: cve-2021-4104: investigated: false @@ -15532,7 +15455,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Unified Contact Center Enterprise - Live Data server + product: Cisco Unified Attendant Console Department Edition cves: cve-2021-4104: investigated: false @@ -15561,7 +15484,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Unified Contact Center Express + product: Cisco Unified Attendant Console Enterprise Edition cves: cve-2021-4104: investigated: false @@ -15590,7 +15513,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Unified Intelligent Contact Management Enterprise + product: Cisco Unified Attendant Console Premium Edition cves: cve-2021-4104: investigated: false @@ -15619,7 +15542,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Unified SIP Proxy Software + product: Cisco Unified Communications Manager Cloud cves: cve-2021-4104: investigated: false @@ -15648,7 +15571,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Video Surveillance Operations Manager + product: Cisco Unified Contact Center Enterprise cves: cve-2021-4104: investigated: false @@ -15677,7 +15600,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Virtual Topology System - Virtual Topology Controller (VTC) VM + product: Cisco Unified Contact Center Enterprise - Live Data server cves: cve-2021-4104: investigated: false @@ -15706,7 +15629,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Virtualized Voice Browser + product: Cisco Unified Contact Center Express cves: cve-2021-4104: investigated: false @@ -15735,7 +15658,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Vision Dynamic Signage Director + product: Cisco Unified Intelligent Contact Management Enterprise cves: cve-2021-4104: investigated: false @@ -15764,7 +15687,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco WAN Automation Engine (WAE) + product: Cisco Unified SIP Proxy Software cves: cve-2021-4104: investigated: false @@ -15793,7 +15716,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Web Security Appliance (WSA) + product: Cisco Video Surveillance Operations Manager cves: cve-2021-4104: investigated: false @@ -15822,7 +15745,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Webex Cloud-Connected UC (CCUC) + product: Cisco Virtual Topology System - Virtual Topology Controller (VTC) VM cves: cve-2021-4104: investigated: false @@ -15851,7 +15774,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Webex Meetings Server + product: Cisco Virtualized Voice Browser cves: cve-2021-4104: investigated: false @@ -15880,7 +15803,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Webex Teams + product: Cisco Vision Dynamic Signage Director cves: cve-2021-4104: investigated: false @@ -15909,7 +15832,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Wide Area Application Services (WAAS) + product: Cisco WAN Automation Engine (WAE) cves: cve-2021-4104: investigated: false @@ -15938,7 +15861,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Duo + product: Cisco Web Security Appliance (WSA) cves: cve-2021-4104: investigated: false @@ -15967,7 +15890,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: DUO network gateway (on-prem/self-hosted) + product: Cisco Webex Cloud-Connected UC (CCUC) cves: cve-2021-4104: investigated: false @@ -15989,13 +15912,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: duo network gateway (on-prem/self-hosted) + product: Cisco Webex Meetings Server cves: cve-2021-4104: investigated: false @@ -16017,13 +15941,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Exony Virtualized Interaction Manager (VIM) + product: Cisco Webex Teams cves: cve-2021-4104: investigated: false @@ -16052,7 +15977,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Managed Services Accelerator (MSX) Network Access Control Service + product: Cisco Wide Area Application Services (WAAS) cves: cve-2021-4104: investigated: false @@ -16080,8 +16005,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Citrix - product: Citrix ADC (NetScaler ADC) and Citrix Gateway (NetScaler Gateway) + - vendor: Cisco + product: Duo cves: cve-2021-4104: investigated: false @@ -16089,11 +16014,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All Platforms + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -16105,17 +16029,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Citrix - product: Citrix Application Delivery Management (NetScaler MAS) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: DUO network gateway (on-prem/self-hosted) cves: cve-2021-4104: investigated: false @@ -16123,11 +16043,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All Platforms + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -16138,18 +16057,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + vendor_links: [] + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Citrix - product: Citrix Cloud Connector + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: duo network gateway (on-prem/self-hosted) cves: cve-2021-4104: investigated: false @@ -16171,18 +16085,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + vendor_links: [] + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Citrix - product: Citrix Connector Appliance for Cloud Services + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Exony Virtualized Interaction Manager (VIM) cves: cve-2021-4104: investigated: false @@ -16205,18 +16114,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Citrix - product: Citrix Content Collaboration (ShareFile Integration) – Citrix Files for - Windows, Citrix Files for Mac, Citrix Files for Outlook + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Managed Services Accelerator (MSX) Network Access Control Service cves: cve-2021-4104: investigated: false @@ -16238,6 +16142,36 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] + vendor_links: + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Citrix + product: Citrix ADC (NetScaler ADC) and Citrix Gateway (NetScaler Gateway) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All Platforms + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] vendor_links: - https://support.citrix.com/article/CTX335705 notes: Citrix continues to investigate any potential impact on Citrix-managed @@ -16249,7 +16183,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Citrix - product: Citrix Endpoint Management (Citrix XenMobile Server) + product: Citrix Application Delivery Management (NetScaler MAS) cves: cve-2021-4104: investigated: false @@ -16257,10 +16191,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45046: investigated: false affected_versions: [] @@ -16273,20 +16208,16 @@ software: unaffected_versions: [] vendor_links: - https://support.citrix.com/article/CTX335705 - notes: 'For CVE-2021-44228 and CVE-2021-45046: Impacted–Customers are advised - to apply the latest CEM rolling patch updates listed below as soon as possible - to reduce the risk of exploitation. [XenMobile Server 10.14 RP2](https://support.citrix.com/article/CTX335763); - [XenMobile Server 10.13 RP5](https://support.citrix.com/article/CTX335753); - and [XenMobile Server 10.12 RP10](https://support.citrix.com/article/CTX335785). - Note: Customers who have upgraded their XenMobile Server to the updated versions - are recommended not to apply the responder policy mentioned in the blog listed - below to the Citrix ADC vserver in front of the XenMobile Server as it may impact - the enrollment of Android devices. For CVE-2021-45105: Investigation in progress.' + notes: Citrix continues to investigate any potential impact on Citrix-managed + cloud services. If, as the investigation continues, any Citrix-managed services + are found to be affected by this issue, Citrix will take immediate action to + remediate the problem. Customers using Citrix-managed cloud services do not + need to take any action. references: - '' last_updated: '2021-12-21T00:00:00' - vendor: Citrix - product: Citrix Hypervisor (XenServer) + product: Citrix Cloud Connector cves: cve-2021-4104: investigated: false @@ -16319,7 +16250,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Citrix - product: Citrix License Server + product: Citrix Connector Appliance for Cloud Services cves: cve-2021-4104: investigated: false @@ -16352,7 +16283,8 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Citrix - product: Citrix SD-WAN + product: Citrix Content Collaboration (ShareFile Integration) – Citrix Files for + Windows, Citrix Files for Mac, Citrix Files for Outlook cves: cve-2021-4104: investigated: false @@ -16360,11 +16292,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All Platforms + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -16386,7 +16317,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Citrix - product: Citrix Virtual Apps and Desktops (XenApp & XenDesktop) + product: Citrix Endpoint Management (Citrix XenMobile Server) cves: cve-2021-4104: investigated: false @@ -16410,19 +16341,20 @@ software: unaffected_versions: [] vendor_links: - https://support.citrix.com/article/CTX335705 - notes: 'IMPACTED: Linux VDA (non-LTSR versions only)- CVE-2021-44228 and CVE-2021-45046: - Customers are advised to apply the latest update as soon as possible to reduce - the risk of exploitation. [Linux Virtual Delivery Agent 2112](https://www.citrix.com/downloads/citrix-virtual-apps-and-desktops/components/linux-vda-2112.html). - See the [Citrix Statement](https://support.citrix.com/article/CTX335705) for - additional mitigations. For CVE-2021-45105: Investigation has shown that Linux - VDA is not impacted. Nonetheless, the Linux VDA 2112 has been updated (21.12.0.30, - released December 20th) to contain Apache log4j version 2.17.0. NOT IMPACTED: - Linux VDA LTSR all versions; All other CVAD components.' + notes: 'For CVE-2021-44228 and CVE-2021-45046: Impacted–Customers are advised + to apply the latest CEM rolling patch updates listed below as soon as possible + to reduce the risk of exploitation. [XenMobile Server 10.14 RP2](https://support.citrix.com/article/CTX335763); + [XenMobile Server 10.13 RP5](https://support.citrix.com/article/CTX335753); + and [XenMobile Server 10.12 RP10](https://support.citrix.com/article/CTX335785). + Note: Customers who have upgraded their XenMobile Server to the updated versions + are recommended not to apply the responder policy mentioned in the blog listed + below to the Citrix ADC vserver in front of the XenMobile Server as it may impact + the enrollment of Android devices. For CVE-2021-45105: Investigation in progress.' references: - '' last_updated: '2021-12-21T00:00:00' - vendor: Citrix - product: Citrix Workspace App + product: Citrix Hypervisor (XenServer) cves: cve-2021-4104: investigated: false @@ -16430,11 +16362,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All Platforms + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -16456,7 +16387,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Citrix - product: ShareFile Storage Zones Controller + product: Citrix License Server cves: cve-2021-4104: investigated: false @@ -16488,8 +16419,8 @@ software: references: - '' last_updated: '2021-12-21T00:00:00' - - vendor: Claris - product: '' + - vendor: Citrix + product: Citrix SD-WAN cves: cve-2021-4104: investigated: false @@ -16497,10 +16428,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45046: investigated: false affected_versions: [] @@ -16512,13 +16444,17 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.claris.com/s/article/CVE-2021-44228-Apache-Log4j-Vulnerability-and-Claris-products?language=en_US - notes: '' + - https://support.citrix.com/article/CTX335705 + notes: Citrix continues to investigate any potential impact on Citrix-managed + cloud services. If, as the investigation continues, any Citrix-managed services + are found to be affected by this issue, Citrix will take immediate action to + remediate the problem. Customers using Citrix-managed cloud services do not + need to take any action. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cloudera - product: AM2CM Tool + last_updated: '2021-12-21T00:00:00' + - vendor: Citrix + product: Citrix Virtual Apps and Desktops (XenApp & XenDesktop) cves: cve-2021-4104: investigated: false @@ -16541,13 +16477,20 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 - notes: '' + - https://support.citrix.com/article/CTX335705 + notes: 'IMPACTED: Linux VDA (non-LTSR versions only)- CVE-2021-44228 and CVE-2021-45046: + Customers are advised to apply the latest update as soon as possible to reduce + the risk of exploitation. [Linux Virtual Delivery Agent 2112](https://www.citrix.com/downloads/citrix-virtual-apps-and-desktops/components/linux-vda-2112.html). + See the [Citrix Statement](https://support.citrix.com/article/CTX335705) for + additional mitigations. For CVE-2021-45105: Investigation has shown that Linux + VDA is not impacted. Nonetheless, the Linux VDA 2112 has been updated (21.12.0.30, + released December 20th) to contain Apache log4j version 2.17.0. NOT IMPACTED: + Linux VDA LTSR all versions; All other CVAD components.' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cloudera - product: Ambari + last_updated: '2021-12-21T00:00:00' + - vendor: Citrix + product: Citrix Workspace App cves: cve-2021-4104: investigated: false @@ -16556,11 +16499,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Only versions 2.x - - 1.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45046: investigated: false affected_versions: [] @@ -16572,13 +16514,17 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 - notes: '' + - https://support.citrix.com/article/CTX335705 + notes: Citrix continues to investigate any potential impact on Citrix-managed + cloud services. If, as the investigation continues, any Citrix-managed services + are found to be affected by this issue, Citrix will take immediate action to + remediate the problem. Customers using Citrix-managed cloud services do not + need to take any action. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cloudera - product: Arcadia Enterprise + last_updated: '2021-12-21T00:00:00' + - vendor: Citrix + product: ShareFile Storage Zones Controller cves: cve-2021-4104: investigated: false @@ -16586,41 +16532,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Only version 7.1.x - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cloudera - product: CDH, HDP, and HDF - cves: - cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: - - Only version 6.x - fixed_versions: [] - unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -16632,13 +16547,17 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 - notes: '' + - https://support.citrix.com/article/CTX335705 + notes: Citrix continues to investigate any potential impact on Citrix-managed + cloud services. If, as the investigation continues, any Citrix-managed services + are found to be affected by this issue, Citrix will take immediate action to + remediate the problem. Customers using Citrix-managed cloud services do not + need to take any action. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cloudera - product: CDP Operational Database (COD) + last_updated: '2021-12-21T00:00:00' + - vendor: Claris + product: '' cves: cve-2021-4104: investigated: false @@ -16661,13 +16580,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://support.claris.com/s/article/CVE-2021-44228-Apache-Log4j-Vulnerability-and-Claris-products?language=en_US notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera - product: CDP Private Cloud Base + product: AM2CM Tool cves: cve-2021-4104: investigated: false @@ -16675,9 +16594,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Only version 7.x + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -16697,7 +16615,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera - product: CDS 3 Powered by Apache Spark + product: Ambari cves: cve-2021-4104: investigated: false @@ -16707,7 +16625,8 @@ software: cve-2021-44228: investigated: true affected_versions: - - All versions + - Only versions 2.x + - 1.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -16727,7 +16646,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera - product: CDS 3.2 for GPUs + product: Arcadia Enterprise cves: cve-2021-4104: investigated: false @@ -16737,7 +16656,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - All versions + - Only version 7.1.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -16757,7 +16676,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera - product: Cloudera Cybersecurity Platform + product: CDH, HDP, and HDF cves: cve-2021-4104: investigated: false @@ -16767,7 +16686,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - All versions + - Only version 6.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -16787,7 +16706,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera - product: Cloudera Data Engineering (CDE) + product: CDP Operational Database (COD) cves: cve-2021-4104: investigated: false @@ -16816,7 +16735,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera - product: Cloudera Data Engineering (CDE) + product: CDP Private Cloud Base cves: cve-2021-4104: investigated: false @@ -16826,7 +16745,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - All versions + - Only version 7.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -16846,7 +16765,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera - product: Cloudera Data Flow (CFM) + product: CDS 3 Powered by Apache Spark cves: cve-2021-4104: investigated: false @@ -16854,8 +16773,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - All versions fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -16875,7 +16795,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera - product: Cloudera Data Science Workbench (CDSW) + product: CDS 3.2 for GPUs cves: cve-2021-4104: investigated: false @@ -16885,8 +16805,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - Only versions 2.x - - 3.x + - All versions fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -16906,7 +16825,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera - product: Cloudera Data Visualization (CDV) + product: Cloudera Cybersecurity Platform cves: cve-2021-4104: investigated: false @@ -16914,8 +16833,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - All versions fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -16935,7 +16855,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera - product: Cloudera Data Warehouse (CDW) + product: Cloudera Data Engineering (CDE) cves: cve-2021-4104: investigated: false @@ -16964,7 +16884,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera - product: Cloudera Data Warehouse (CDW) + product: Cloudera Data Engineering (CDE) cves: cve-2021-4104: investigated: false @@ -16994,7 +16914,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera - product: Cloudera DataFlow (CDF) + product: Cloudera Data Flow (CFM) cves: cve-2021-4104: investigated: false @@ -17023,7 +16943,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera - product: Cloudera Edge Management (CEM) + product: Cloudera Data Science Workbench (CDSW) cves: cve-2021-4104: investigated: false @@ -17033,7 +16953,8 @@ software: cve-2021-44228: investigated: true affected_versions: - - All versions + - Only versions 2.x + - 3.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -17053,7 +16974,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera - product: Cloudera Enterprise + product: Cloudera Data Visualization (CDV) cves: cve-2021-4104: investigated: false @@ -17061,41 +16982,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Only version 6.x - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cloudera - product: Cloudera Flow Management (CFM) - cves: - cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: - - All versions - fixed_versions: [] - unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -17113,7 +17003,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera - product: Cloudera Machine Learning (CML) + product: Cloudera Data Warehouse (CDW) cves: cve-2021-4104: investigated: false @@ -17142,7 +17032,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera - product: Cloudera Machine Learning (CML) + product: Cloudera Data Warehouse (CDW) cves: cve-2021-4104: investigated: false @@ -17172,8 +17062,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera - product: Cloudera Manager (Including Backup Disaster Recovery (BDR) and Replication - Manager) + product: Cloudera DataFlow (CDF) cves: cve-2021-4104: investigated: false @@ -17181,44 +17070,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - All versions - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cloudera - product: Cloudera Manager (Including Backup Disaster Recovery (BDR) and Replication - Manager) - cves: - cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: - - Only versions 7.0.x - - 7.1.x - - 7.2.x - fixed_versions: [] - unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -17236,7 +17091,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera - product: Cloudera Manager (Including Backup Disaster Recovery (BDR)) + product: Cloudera Edge Management (CEM) cves: cve-2021-4104: investigated: false @@ -17244,8 +17099,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - All versions fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -17265,7 +17121,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera - product: Cloudera Runtime (including Cloudera Data Hub and all Data Hub templates) + product: Cloudera Enterprise cves: cve-2021-4104: investigated: false @@ -17275,9 +17131,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - Only versions 7.0.x - - 7.1.x - - 7.2.x + - Only version 6.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -17297,7 +17151,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera - product: Cloudera Stream Processing (CSP) + product: Cloudera Flow Management (CFM) cves: cve-2021-4104: investigated: false @@ -17327,7 +17181,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera - product: Cloudera Streaming Analytics (CSA) + product: Cloudera Machine Learning (CML) cves: cve-2021-4104: investigated: false @@ -17356,7 +17210,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera - product: Cloudera Streaming Analytics (CSA) + product: Cloudera Machine Learning (CML) cves: cve-2021-4104: investigated: false @@ -17364,8 +17218,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - All versions fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -17385,7 +17240,8 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera - product: Data Analytics Studio (DAS) + product: Cloudera Manager (Including Backup Disaster Recovery (BDR) and Replication + Manager) cves: cve-2021-4104: investigated: false @@ -17393,10 +17249,44 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: + - All versions + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + vendor_links: + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cloudera + product: Cloudera Manager (Including Backup Disaster Recovery (BDR) and Replication + Manager) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - Only versions 7.0.x + - 7.1.x + - 7.2.x + fixed_versions: [] + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -17414,7 +17304,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera - product: Data Catalog + product: Cloudera Manager (Including Backup Disaster Recovery (BDR)) cves: cve-2021-4104: investigated: false @@ -17443,7 +17333,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera - product: Data Lifecycle Manager (DLM) + product: Cloudera Runtime (including Cloudera Data Hub and all Data Hub templates) cves: cve-2021-4104: investigated: false @@ -17451,8 +17341,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - Only versions 7.0.x + - 7.1.x + - 7.2.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -17472,7 +17365,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera - product: Data Steward Studio (DSS) + product: Cloudera Stream Processing (CSP) cves: cve-2021-4104: investigated: false @@ -17502,7 +17395,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera - product: Hortonworks Data Flow (HDF) + product: Cloudera Streaming Analytics (CSA) cves: cve-2021-4104: investigated: false @@ -17531,7 +17424,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera - product: Hortonworks Data Platform (HDP) + product: Cloudera Streaming Analytics (CSA) cves: cve-2021-4104: investigated: false @@ -17539,11 +17432,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Only versions 7.1.x - - 2.7.x - - 2.6.x + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -17563,7 +17453,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera - product: Hortonworks DataPlane Platform + product: Data Analytics Studio (DAS) cves: cve-2021-4104: investigated: false @@ -17592,7 +17482,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera - product: Management Console + product: Data Catalog cves: cve-2021-4104: investigated: false @@ -17600,9 +17490,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - All versions + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -17622,7 +17511,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera - product: Management Console for CDP Public Cloud + product: Data Lifecycle Manager (DLM) cves: cve-2021-4104: investigated: false @@ -17651,7 +17540,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera - product: Replication Manager + product: Data Steward Studio (DSS) cves: cve-2021-4104: investigated: false @@ -17659,8 +17548,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - All versions fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -17680,7 +17570,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera - product: SmartSense + product: Hortonworks Data Flow (HDF) cves: cve-2021-4104: investigated: false @@ -17709,7 +17599,39 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera - product: Workload Manager + product: Hortonworks Data Platform (HDP) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - Only versions 7.1.x + - 2.7.x + - 2.6.x + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cloudera + product: Hortonworks DataPlane Platform cves: cve-2021-4104: investigated: false @@ -17738,7 +17660,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera - product: Workload XM + product: Management Console cves: cve-2021-4104: investigated: false @@ -17768,7 +17690,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera - product: Workload XM (SaaS) + product: Management Console for CDP Public Cloud cves: cve-2021-4104: investigated: false @@ -17796,8 +17718,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: CloudFlare - product: '' + - vendor: Cloudera + product: Replication Manager cves: cve-2021-4104: investigated: false @@ -17820,13 +17742,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.cloudflare.com/cve-2021-44228-log4j-rce-0-day-mitigation/ + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cloudian HyperStore - product: '' + - vendor: Cloudera + product: SmartSense cves: cve-2021-4104: investigated: false @@ -17849,13 +17771,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloudian-support.force.com/s/article/SECURITY-Cloudian-HyperStore-Log4j-vulnerability-CVE-2021-44228 + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cloudogu - product: Ecosystem + - vendor: Cloudera + product: Workload Manager cves: cve-2021-4104: investigated: false @@ -17863,9 +17785,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - All + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -17879,13 +17800,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.cloudogu.com/t/security-vulnerability-log4shell-cve-2021-44228/417 + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cloudogu - product: SCM-Manager + - vendor: Cloudera + product: Workload XM cves: cve-2021-4104: investigated: false @@ -17893,8 +17814,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - All versions fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -17908,13 +17830,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://scm-manager.org/blog/posts/2021-12-13-log4shell/ + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cloudron - product: '' + - vendor: Cloudera + product: Workload XM (SaaS) cves: cve-2021-4104: investigated: false @@ -17937,12 +17859,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forum.cloudron.io/topic/6153/log4j-and-log4j2-library-vulnerability?lang=en-US + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Clover + - vendor: CloudFlare product: '' cves: cve-2021-4104: @@ -17966,13 +17888,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.clover.com/articles/35868/apache-log4j-vulnerability-cve-2021-44228.html + - https://blog.cloudflare.com/cve-2021-44228-log4j-rce-0-day-mitigation/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Code42 - product: Code42 App + - vendor: Cloudian HyperStore + product: '' cves: cve-2021-4104: investigated: false @@ -17980,10 +17902,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - 8.8.1 + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -17996,13 +17917,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://success.code42.com/hc/en-us/articles/4416158712343-RELEASE-NOTIFICATION-Code42-Vulnerability-Mitigation-for-CVE-2021-44228-and-other-updates + - https://cloudian-support.force.com/s/article/SECURITY-Cloudian-HyperStore-Log4j-vulnerability-CVE-2021-44228 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Code42 - product: Crashplan + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cloudogu + product: Ecosystem cves: cve-2021-4104: investigated: false @@ -18011,9 +17932,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: + affected_versions: - All + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -18026,14 +17947,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://success.code42.com/hc/en-us/articles/4416158712343-RELEASE-NOTIFICATION-Code42-Vulnerability-Mitigation-for-CVE-2021-44228-and-other-updates - notes: The CrashPlan app is EOL and is now called Code42. If you detect CrashPlan - installed, it is vulnerable. You can update easily to Code42 8.8.1 or newer. + - https://community.cloudogu.com/t/security-vulnerability-log4shell-cve-2021-44228/417 + notes: '' references: - - '[https://www.crashplan.com/en-us/business/resources/crashplan-for-small-business-updates-its-desktop-app/](https://www.crashplan.com/en-us/business/resources/crashplan-for-small-business-updates-its-desktop-app/)' - last_updated: '2021-12-16T00:00:00' - - vendor: CodeBeamer - product: '' + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cloudogu + product: SCM-Manager cves: cve-2021-4104: investigated: false @@ -18056,12 +17976,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://codebeamer.com/cb/wiki/19872365 + - https://scm-manager.org/blog/posts/2021-12-13-log4shell/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Codesys + - vendor: Cloudron product: '' cves: cve-2021-4104: @@ -18085,12 +18005,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.codesys.com/news-events/news/article/log4j-not-used-in-codesys.html + - https://forum.cloudron.io/topic/6153/log4j-and-log4j2-library-vulnerability?lang=en-US notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cohesity + - vendor: Clover product: '' cves: cve-2021-4104: @@ -18114,13 +18034,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.cohesity.com/s/article/Security-Advisory-Apache-Log4j-Remote-Code-Execution-RCE-CVE-2021-44228 + - https://community.clover.com/articles/35868/apache-log4j-vulnerability-cve-2021-44228.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: CommVault - product: '' + - vendor: Code42 + product: Code42 App cves: cve-2021-4104: investigated: false @@ -18128,9 +18048,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 8.8.1 unaffected_versions: [] cve-2021-45046: investigated: false @@ -18143,13 +18064,44 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://documentation.commvault.com/v11/essential/146231_security_vulnerability_and_reporting.html + - https://success.code42.com/hc/en-us/articles/4416158712343-RELEASE-NOTIFICATION-Code42-Vulnerability-Mitigation-for-CVE-2021-44228-and-other-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Concourse - product: Concourse + last_updated: '2021-12-22T00:00:00' + - vendor: Code42 + product: Crashplan + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - All + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://success.code42.com/hc/en-us/articles/4416158712343-RELEASE-NOTIFICATION-Code42-Vulnerability-Mitigation-for-CVE-2021-44228-and-other-updates + notes: The CrashPlan app is EOL and is now called Code42. If you detect CrashPlan + installed, it is vulnerable. You can update easily to Code42 8.8.1 or newer. + references: + - '[https://www.crashplan.com/en-us/business/resources/crashplan-for-small-business-updates-its-desktop-app/](https://www.crashplan.com/en-us/business/resources/crashplan-for-small-business-updates-its-desktop-app/)' + last_updated: '2021-12-16T00:00:00' + - vendor: CodeBeamer + product: '' cves: cve-2021-4104: investigated: false @@ -18172,12 +18124,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://github.com/concourse/concourse/discussions/7887 + - https://codebeamer.com/cb/wiki/19872365 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: ConcreteCMS.com + - vendor: Codesys product: '' cves: cve-2021-4104: @@ -18201,13 +18153,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.concretecms.com/about/blog/security/concrete-log4j-zero-day-exploit + - https://www.codesys.com/news-events/news/article/log4j-not-used-in-codesys.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Confluent - product: Confluent Cloud + - vendor: Cohesity + product: '' cves: cve-2021-4104: investigated: false @@ -18215,10 +18167,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - N/A + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -18231,13 +18182,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.confluent.io/hc/en-us/articles/4412615410580-CVE-2021-44228-log4j2-vulnerability#impact-to-connectors + - https://support.cohesity.com/s/article/Security-Advisory-Apache-Log4j-Remote-Code-Execution-RCE-CVE-2021-44228 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Confluent - product: Confluent ElasticSearch Sink Connector + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: CommVault + product: '' cves: cve-2021-4104: investigated: false @@ -18245,9 +18196,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - <11.1.7 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -18261,13 +18211,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.confluent.io/hc/en-us/articles/4412615410580-CVE-2021-44228-log4j2-vulnerability#impact-to-connectors + - https://documentation.commvault.com/v11/essential/146231_security_vulnerability_and_reporting.html notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Confluent - product: Confluent for Kubernetes + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Concourse + product: Concourse cves: cve-2021-4104: investigated: false @@ -18275,11 +18225,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -18291,13 +18240,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.confluent.io/hc/en-us/articles/4412615410580-CVE-2021-44228-log4j2-vulnerability#impact-to-connectors + - https://github.com/concourse/concourse/discussions/7887 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Confluent - product: Confluent Google DataProc Sink Connector + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: ConcreteCMS.com + product: '' cves: cve-2021-4104: investigated: false @@ -18305,9 +18254,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - <1.1.5 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -18321,13 +18269,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.confluent.io/hc/en-us/articles/4412615410580-CVE-2021-44228-log4j2-vulnerability#impact-to-connectors + - https://www.concretecms.com/about/blog/security/concrete-log4j-zero-day-exploit notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Confluent - product: Confluent HDFS 2 Sink Connector + product: Confluent Cloud cves: cve-2021-4104: investigated: false @@ -18336,9 +18284,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - <10.1.3 - fixed_versions: [] + affected_versions: [] + fixed_versions: + - N/A unaffected_versions: [] cve-2021-45046: investigated: false @@ -18357,7 +18305,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Confluent - product: Confluent HDFS 3 Sink Connector + product: Confluent ElasticSearch Sink Connector cves: cve-2021-4104: investigated: false @@ -18367,7 +18315,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - <1.1.8 + - <11.1.7 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -18387,7 +18335,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Confluent - product: Confluent Kafka Connectors + product: Confluent for Kubernetes cves: cve-2021-4104: investigated: false @@ -18417,7 +18365,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Confluent - product: Confluent Platform + product: Confluent Google DataProc Sink Connector cves: cve-2021-4104: investigated: false @@ -18427,7 +18375,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - <7.0.1 + - <1.1.5 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -18447,7 +18395,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Confluent - product: Confluent Splunk Sink Connector + product: Confluent HDFS 2 Sink Connector cves: cve-2021-4104: investigated: false @@ -18457,7 +18405,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - <2.05 + - <10.1.3 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -18477,7 +18425,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Confluent - product: Confluent VMWare Tanzu GemFire Sink Connector + product: Confluent HDFS 3 Sink Connector cves: cve-2021-4104: investigated: false @@ -18487,7 +18435,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - <1.0.8 + - <1.1.8 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -18506,8 +18454,8 @@ software: references: - '' last_updated: '2021-12-17T00:00:00' - - vendor: Connect2id - product: '' + - vendor: Confluent + product: Confluent Kafka Connectors cves: cve-2021-4104: investigated: false @@ -18515,10 +18463,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -18530,13 +18479,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://connect2id.com/blog/connect2id-server-12-5-1 + - https://support.confluent.io/hc/en-us/articles/4412615410580-CVE-2021-44228-log4j2-vulnerability#impact-to-connectors notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: ConnectWise - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: Confluent + product: Confluent Platform cves: cve-2021-4104: investigated: false @@ -18544,8 +18493,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - <7.0.1 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -18559,13 +18509,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.connectwise.com/company/trust/advisories + - https://support.confluent.io/hc/en-us/articles/4412615410580-CVE-2021-44228-log4j2-vulnerability#impact-to-connectors notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: ContrastSecurity - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: Confluent + product: Confluent Splunk Sink Connector cves: cve-2021-4104: investigated: false @@ -18573,8 +18523,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - <2.05 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -18588,13 +18539,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.contrastsecurity.com/hc/en-us/articles/4412612486548 + - https://support.confluent.io/hc/en-us/articles/4412615410580-CVE-2021-44228-log4j2-vulnerability#impact-to-connectors notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: ControlUp - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: Confluent + product: Confluent VMWare Tanzu GemFire Sink Connector cves: cve-2021-4104: investigated: false @@ -18602,8 +18553,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - <1.0.8 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -18617,13 +18569,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://status.controlup.com/incidents/qqyvh7b1dz8k + - https://support.confluent.io/hc/en-us/articles/4412615410580-CVE-2021-44228-log4j2-vulnerability#impact-to-connectors notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: COPADATA - product: All + last_updated: '2021-12-17T00:00:00' + - vendor: Connect2id + product: '' cves: cve-2021-4104: investigated: false @@ -18646,12 +18598,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.copadata.com/fileadmin/user_upload/faq/files/InformationReport_CVE_2021_44228.pdf + - https://connect2id.com/blog/connect2id-server-12-5-1 notes: '' references: - '' - last_updated: '2022-01-06T00:00:00' - - vendor: CouchBase + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: ConnectWise product: '' cves: cve-2021-4104: @@ -18675,12 +18627,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.couchbase.com/t/ann-elasticsearch-connector-4-3-3-4-2-13-fixes-log4j-vulnerability/32402 + - https://www.connectwise.com/company/trust/advisories notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: CPanel + - vendor: ContrastSecurity product: '' cves: cve-2021-4104: @@ -18704,12 +18656,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.cpanel.net/threads/log4j-cve-2021-44228-does-it-affect-cpanel.696249/ + - https://support.contrastsecurity.com/hc/en-us/articles/4412612486548 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cradlepoint + - vendor: ControlUp product: '' cves: cve-2021-4104: @@ -18733,13 +18685,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cradlepoint.com/vulnerability-alerts/cve-2021-44228-apache-log4j-security-vulnerabilities/ + - https://status.controlup.com/incidents/qqyvh7b1dz8k notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Crestron - product: '' + - vendor: COPADATA + product: All cves: cve-2021-4104: investigated: false @@ -18762,12 +18714,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.crestron.com/Security/Security_Advisories/Apache-Log4j + - https://www.copadata.com/fileadmin/user_upload/faq/files/InformationReport_CVE_2021_44228.pdf notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: CrushFTP + last_updated: '2022-01-06T00:00:00' + - vendor: CouchBase product: '' cves: cve-2021-4104: @@ -18791,12 +18743,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.crushftp.com/download.html + - https://forums.couchbase.com/t/ann-elasticsearch-connector-4-3-3-4-2-13-fixes-log4j-vulnerability/32402 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: CryptShare + - vendor: CPanel product: '' cves: cve-2021-4104: @@ -18820,43 +18772,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.cryptshare.com/en/support/cryptshare-support/#c67572 + - https://forums.cpanel.net/threads/log4j-cve-2021-44228-does-it-affect-cpanel.696249/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: CyberArk - product: Privileged Threat Analytics (PTA) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - N/A - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cyberark-customers.force.com/s/article/Critical-Vulnerability-CVE-2021-44228 - notes: '' - references: - - This advisory is available to customers only and has not been reviewed by - CISA. - last_updated: '2021-12-14T00:00:00' - - vendor: Cybereason + - vendor: Cradlepoint product: '' cves: cve-2021-4104: @@ -18880,12 +18801,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.cybereason.com/blog/cybereason-solutions-are-not-impacted-by-apache-log4j-vulnerability-cve-2021-44228 + - https://cradlepoint.com/vulnerability-alerts/cve-2021-44228-apache-log4j-security-vulnerabilities/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: CyberRes + - vendor: Crestron product: '' cves: cve-2021-4104: @@ -18909,13 +18830,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.microfocus.com/cyberres/b/sws-22/posts/summary-of-cyberres-impact-from-log4j-or-logshell-logjam-cve-2021-44228 + - https://www.crestron.com/Security/Security_Advisories/Apache-Log4j notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Daktronics - product: All Sport Pro + last_updated: '2021-12-20T00:00:00' + - vendor: CrushFTP + product: '' cves: cve-2021-4104: investigated: false @@ -18938,13 +18859,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.daktronics.com/en-us/support/kb/000025337 + - https://www.crushftp.com/download.html notes: '' references: - '' - last_updated: '2022-01-06T00:00:00' - - vendor: Daktronics - product: Dakronics Media Player + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: CryptShare + product: '' cves: cve-2021-4104: investigated: false @@ -18952,41 +18873,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - DMP (any series) - cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.daktronics.com/en-us/support/kb/000025337 - notes: '' - references: - - '' - last_updated: '2022-01-06T00:00:00' - - vendor: Daktronics - product: Dakronics Web Player - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: - - DWP-1000 - fixed_versions: [] - unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -18998,14 +18888,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.daktronics.com/en-us/support/kb/000025337 - notes: 'DWP-1000: Not present in our codebase, but awaiting confirmation from - LG re: webOS platform.' + - https://www.cryptshare.com/en/support/cryptshare-support/#c67572 + notes: '' references: - '' - last_updated: '2022-01-06T00:00:00' - - vendor: Daktronics - product: Data Vision Software (DVS) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: CyberArk + product: Privileged Threat Analytics (PTA) cves: cve-2021-4104: investigated: false @@ -19013,9 +18902,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - N/A unaffected_versions: [] cve-2021-45046: investigated: false @@ -19028,14 +18918,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.daktronics.com/en-us/support/kb/000025337 - notes: DVS has one microservice that uses Log4j, but it uses a version that is - not impacted. + - https://cyberark-customers.force.com/s/article/Critical-Vulnerability-CVE-2021-44228 + notes: '' references: - - '' - last_updated: '2022-01-06T00:00:00' - - vendor: Daktronics - product: Dynamic Messaging System (DMS) + - This advisory is available to customers only and has not been reviewed by + CISA. + last_updated: '2021-12-14T00:00:00' + - vendor: Cybereason + product: '' cves: cve-2021-4104: investigated: false @@ -19058,13 +18948,42 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.daktronics.com/en-us/support/kb/000025337 + - https://www.cybereason.com/blog/cybereason-solutions-are-not-impacted-by-apache-log4j-vulnerability-cve-2021-44228 notes: '' references: - '' - last_updated: '2022-01-06T00:00:00' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: CyberRes + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.microfocus.com/cyberres/b/sws-22/posts/summary-of-cyberres-impact-from-log4j-or-logshell-logjam-cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Daktronics - product: Dynamic Messaging System - DMS Core Player + product: All Sport Pro cves: cve-2021-4104: investigated: false @@ -19072,11 +18991,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - P10 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -19094,7 +19012,7 @@ software: - '' last_updated: '2022-01-06T00:00:00' - vendor: Daktronics - product: Dynamic Messaging System - DMS Player hardware + product: Dakronics Media Player cves: cve-2021-4104: investigated: false @@ -19106,13 +19024,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - AMP-R200 - - AMP-R400 - - AMP-R800 - - AMP-SM100 - - AMP-SE100 - - AMP-SM200 - - AMP-SM400 + - DMP (any series) cve-2021-45046: investigated: false affected_versions: [] @@ -19130,7 +19042,7 @@ software: - '' last_updated: '2022-01-06T00:00:00' - vendor: Daktronics - product: Dynamic Messaging System - DMS Web Player + product: Dakronics Web Player cves: cve-2021-4104: investigated: false @@ -19139,7 +19051,8 @@ software: unaffected_versions: [] cve-2021-44228: investigated: false - affected_versions: [] + affected_versions: + - DWP-1000 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -19154,13 +19067,13 @@ software: unaffected_versions: [] vendor_links: - https://www.daktronics.com/en-us/support/kb/000025337 - notes: 'DMS Web Player: Not present in our codebase, but awaiting confirmation - from LG re: webOS platform.' + notes: 'DWP-1000: Not present in our codebase, but awaiting confirmation from + LG re: webOS platform.' references: - '' last_updated: '2022-01-06T00:00:00' - vendor: Daktronics - product: IBoot - Dataprobe IBoot Devices + product: Data Vision Software (DVS) cves: cve-2021-4104: investigated: false @@ -19168,15 +19081,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - A-3257 - - '3256' - - '2270' - - '2269' - - '1978' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -19189,12 +19097,13 @@ software: unaffected_versions: [] vendor_links: - https://www.daktronics.com/en-us/support/kb/000025337 - notes: '' + notes: DVS has one microservice that uses Log4j, but it uses a version that is + not impacted. references: - '' last_updated: '2022-01-06T00:00:00' - vendor: Daktronics - product: Outdoor Smartlink Devices + product: Dynamic Messaging System (DMS) cves: cve-2021-4104: investigated: false @@ -19202,17 +19111,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - A-3189335 - - '3128' - - '3416' - - '3418' - - '3707' - - '3708' - - '3709' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -19230,7 +19132,7 @@ software: - '' last_updated: '2022-01-06T00:00:00' - vendor: Daktronics - product: Routers - Cisco Meraki Z3/Z3c Routers + product: Dynamic Messaging System - DMS Core Player cves: cve-2021-4104: investigated: false @@ -19242,7 +19144,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - A-4036028 + - P10 cve-2021-45046: investigated: false affected_versions: [] @@ -19260,7 +19162,7 @@ software: - '' last_updated: '2022-01-06T00:00:00' - vendor: Daktronics - product: Routers - Cisco Z1 Routers + product: Dynamic Messaging System - DMS Player hardware cves: cve-2021-4104: investigated: false @@ -19272,7 +19174,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - A-3665 + - AMP-R200 + - AMP-R400 + - AMP-R800 + - AMP-SM100 + - AMP-SE100 + - AMP-SM200 + - AMP-SM400 cve-2021-45046: investigated: false affected_versions: [] @@ -19290,7 +19198,7 @@ software: - '' last_updated: '2022-01-06T00:00:00' - vendor: Daktronics - product: Routers - Sierra Wireless RV50x/RV50 + product: Dynamic Messaging System - DMS Web Player cves: cve-2021-4104: investigated: false @@ -19299,8 +19207,7 @@ software: unaffected_versions: [] cve-2021-44228: investigated: false - affected_versions: - - A-3350704 + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -19315,12 +19222,13 @@ software: unaffected_versions: [] vendor_links: - https://www.daktronics.com/en-us/support/kb/000025337 - notes: '' + notes: 'DMS Web Player: Not present in our codebase, but awaiting confirmation + from LG re: webOS platform.' references: - '' last_updated: '2022-01-06T00:00:00' - vendor: Daktronics - product: Show Control System (SCS) + product: IBoot - Dataprobe IBoot Devices cves: cve-2021-4104: investigated: false @@ -19328,10 +19236,15 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - A-3257 + - '3256' + - '2270' + - '2269' + - '1978' cve-2021-45046: investigated: false affected_versions: [] @@ -19349,7 +19262,7 @@ software: - '' last_updated: '2022-01-06T00:00:00' - vendor: Daktronics - product: Vanguard + product: Outdoor Smartlink Devices cves: cve-2021-4104: investigated: false @@ -19357,10 +19270,17 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - A-3189335 + - '3128' + - '3416' + - '3418' + - '3707' + - '3708' + - '3709' cve-2021-45046: investigated: false affected_versions: [] @@ -19378,7 +19298,7 @@ software: - '' last_updated: '2022-01-06T00:00:00' - vendor: Daktronics - product: Venus 1500 + product: Routers - Cisco Meraki Z3/Z3c Routers cves: cve-2021-4104: investigated: false @@ -19386,10 +19306,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - A-4036028 + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + vendor_links: + - https://www.daktronics.com/en-us/support/kb/000025337 + notes: '' + references: + - '' + last_updated: '2022-01-06T00:00:00' + - vendor: Daktronics + product: Routers - Cisco Z1 Routers + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - A-3665 cve-2021-45046: investigated: false affected_versions: [] @@ -19407,7 +19358,7 @@ software: - '' last_updated: '2022-01-06T00:00:00' - vendor: Daktronics - product: Venus Control Suite (VCS) + product: Routers - Sierra Wireless RV50x/RV50 cves: cve-2021-4104: investigated: false @@ -19416,7 +19367,8 @@ software: unaffected_versions: [] cve-2021-44228: investigated: false - affected_versions: [] + affected_versions: + - A-3350704 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -19436,7 +19388,7 @@ software: - '' last_updated: '2022-01-06T00:00:00' - vendor: Daktronics - product: Video Image Processors + product: Show Control System (SCS) cves: cve-2021-4104: investigated: false @@ -19444,11 +19396,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - VIP-5060/VIP-5160/VIP-4060 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -19466,7 +19417,7 @@ software: - '' last_updated: '2022-01-06T00:00:00' - vendor: Daktronics - product: Webcam - Mobotix + product: Vanguard cves: cve-2021-4104: investigated: false @@ -19474,13 +19425,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - A-2242 - - A-3127 - - A-3719 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -19497,8 +19445,8 @@ software: references: - '' last_updated: '2022-01-06T00:00:00' - - vendor: DarkTrace - product: '' + - vendor: Daktronics + product: Venus 1500 cves: cve-2021-4104: investigated: false @@ -19521,13 +19469,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://customerportal.darktrace.com/inside-the-soc/get-article/201 + - https://www.daktronics.com/en-us/support/kb/000025337 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Dassault Systèmes - product: '' + last_updated: '2022-01-06T00:00:00' + - vendor: Daktronics + product: Venus Control Suite (VCS) cves: cve-2021-4104: investigated: false @@ -19550,13 +19498,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.dsxclient.3ds.com/mashup-ui/page/resultqa?id=QA00000102301e + - https://www.daktronics.com/en-us/support/kb/000025337 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Databricks - product: '' + last_updated: '2022-01-06T00:00:00' + - vendor: Daktronics + product: Video Image Processors cves: cve-2021-4104: investigated: false @@ -19564,10 +19512,43 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - VIP-5060/VIP-5160/VIP-4060 + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.daktronics.com/en-us/support/kb/000025337 + notes: '' + references: + - '' + last_updated: '2022-01-06T00:00:00' + - vendor: Daktronics + product: Webcam - Mobotix + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - A-2242 + - A-3127 + - A-3719 cve-2021-45046: investigated: false affected_versions: [] @@ -19579,13 +19560,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.google.com/document/d/e/2PACX-1vREjwZk17BAHGwj5Phizi4DPFS9EIUbAMX-CswlgbFwqwKXNKZC8MrT-L6wUgfIChsSHtvd_QD3-659/pub + - https://www.daktronics.com/en-us/support/kb/000025337 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Datadog - product: Datadog Agent + last_updated: '2022-01-06T00:00:00' + - vendor: DarkTrace + product: '' cves: cve-2021-4104: investigated: false @@ -19593,13 +19574,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - '>=6.17.0' - - <=6.32.2 - - '>=7.17.0' - - <=7.32.2 + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -19612,12 +19589,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.datadoghq.com/log4j-vulnerability/ + - https://customerportal.darktrace.com/inside-the-soc/get-article/201 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Dataminer + - vendor: Dassault Systèmes product: '' cves: cve-2021-4104: @@ -19641,12 +19618,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.dataminer.services/responding-to-log4shell-vulnerability/ + - https://kb.dsxclient.3ds.com/mashup-ui/page/resultqa?id=QA00000102301e notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Datev + - vendor: Databricks product: '' cves: cve-2021-4104: @@ -19670,13 +19647,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.datev-community.de/t5/Freie-Themen/Log4-J-Schwachstelle/m-p/258185/highlight/true#M14308 + - https://docs.google.com/document/d/e/2PACX-1vREjwZk17BAHGwj5Phizi4DPFS9EIUbAMX-CswlgbFwqwKXNKZC8MrT-L6wUgfIChsSHtvd_QD3-659/pub notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Datto - product: '' + - vendor: Datadog + product: Datadog Agent cves: cve-2021-4104: investigated: false @@ -19684,9 +19661,13 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '>=6.17.0' + - <=6.32.2 + - '>=7.17.0' + - <=7.32.2 unaffected_versions: [] cve-2021-45046: investigated: false @@ -19699,12 +19680,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.datto.com/blog/dattos-response-to-log4shell + - https://www.datadoghq.com/log4j-vulnerability/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: dCache.org + - vendor: Dataminer product: '' cves: cve-2021-4104: @@ -19728,12 +19709,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dcache.org/post/log4j-vulnerability/ + - https://community.dataminer.services/responding-to-log4shell-vulnerability/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Debian + - vendor: Datev product: '' cves: cve-2021-4104: @@ -19757,12 +19738,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://security-tracker.debian.org/tracker/CVE-2021-44228 + - https://www.datev-community.de/t5/Freie-Themen/Log4-J-Schwachstelle/m-p/258185/highlight/true#M14308 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Deepinstinct + - vendor: Datto product: '' cves: cve-2021-4104: @@ -19786,13 +19767,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.deepinstinct.com/blog/log4shell-cve-2021-44228-what-you-need-to-know + - https://www.datto.com/blog/dattos-response-to-log4shell notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Dell - product: '"Dell EMC PowerMax VMAX VMAX3 and VMAX AFA"' + - vendor: dCache.org + product: '' cves: cve-2021-4104: investigated: false @@ -19800,11 +19781,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -19816,13 +19796,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://www.dcache.org/post/log4j-vulnerability/ notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: '"Dell EMC PowerSwitch Z9264F-ON BMC Dell EMC PowerSwitch Z9432F-ON BMC"' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Debian + product: '' cves: cve-2021-4104: investigated: false @@ -19830,11 +19810,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -19846,13 +19825,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://security-tracker.debian.org/tracker/CVE-2021-44228 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Alienware Command Center + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Deepinstinct + product: '' cves: cve-2021-4104: investigated: false @@ -19860,11 +19839,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -19876,13 +19854,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://www.deepinstinct.com/blog/log4shell-cve-2021-44228-what-you-need-to-know notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Dell - product: Alienware OC Controls + product: '"Dell EMC PowerMax VMAX VMAX3 and VMAX AFA"' cves: cve-2021-4104: investigated: false @@ -19912,7 +19890,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Alienware On Screen Display + product: '"Dell EMC PowerSwitch Z9264F-ON BMC Dell EMC PowerSwitch Z9432F-ON BMC"' cves: cve-2021-4104: investigated: false @@ -19942,7 +19920,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Alienware Update + product: Alienware Command Center cves: cve-2021-4104: investigated: false @@ -19972,7 +19950,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: APEX Console + product: Alienware OC Controls cves: cve-2021-4104: investigated: false @@ -19982,38 +19960,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - N/A - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Cloud environment patched - references: - - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: APEX Data Storage Services - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -20026,12 +19975,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Cloud environment patch in progress + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Atmos + product: Alienware On Screen Display cves: cve-2021-4104: investigated: false @@ -20061,7 +20010,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Azure Stack HCI + product: Alienware Update cves: cve-2021-4104: investigated: false @@ -20091,7 +20040,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: CalMAN Powered Calibration Firmware + product: APEX Console cves: cve-2021-4104: investigated: false @@ -20101,9 +20050,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: + fixed_versions: - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -20116,12 +20065,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Cloud environment patched references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: CalMAN Ready for Dell + product: APEX Data Storage Services cves: cve-2021-4104: investigated: false @@ -20129,11 +20078,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -20146,12 +20094,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Cloud environment patch in progress references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Centera + product: Atmos cves: cve-2021-4104: investigated: false @@ -20181,7 +20129,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Chameleon Linux Based Diagnostics + product: Azure Stack HCI cves: cve-2021-4104: investigated: false @@ -20211,7 +20159,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Chassis Management Controller (CMC) + product: CalMAN Powered Calibration Firmware cves: cve-2021-4104: investigated: false @@ -20241,7 +20189,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: China HDD Deluxe + product: CalMAN Ready for Dell cves: cve-2021-4104: investigated: false @@ -20271,7 +20219,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Cloud IQ + product: Centera cves: cve-2021-4104: investigated: false @@ -20279,10 +20227,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -20295,12 +20244,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Cloud environment patched + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Cloud Mobility for Dell EMC Storage + product: Chameleon Linux Based Diagnostics cves: cve-2021-4104: investigated: false @@ -20330,7 +20279,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Cloud Tiering Appliance + product: Chassis Management Controller (CMC) cves: cve-2021-4104: investigated: false @@ -20360,7 +20309,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Connectrix (Cisco MDS 9000 switches) + product: China HDD Deluxe cves: cve-2021-4104: investigated: false @@ -20390,7 +20339,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Connectrix (Cisco MDS DCNM) + product: Cloud IQ cves: cve-2021-4104: investigated: false @@ -20414,72 +20363,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/23/21 - references: - - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Connectrix B-Series SANnav - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: - - 2.1.1 - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 3/31/2022 - references: - - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Connextrix B Series - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - N/A - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Cloud environment patched references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: CyberSecIQ Application + product: Cloud Mobility for Dell EMC Storage cves: cve-2021-4104: investigated: false @@ -20509,7 +20398,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: CyberSense for PowerProtect Cyber Recovery + product: Cloud Tiering Appliance cves: cve-2021-4104: investigated: false @@ -20539,37 +20428,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Data Domain OS - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: - - Versions between 7.3.0.5 and 7.7.0.6;Versions before 7.6.0.30 - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-274 - references: - - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell BSAFE Crypto-C Micro Edition + product: Connectrix (Cisco MDS 9000 switches) cves: cve-2021-4104: investigated: false @@ -20599,7 +20458,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell BSAFE Crypto-J + product: Connectrix (Cisco MDS DCNM) cves: cve-2021-4104: investigated: false @@ -20607,11 +20466,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -20624,12 +20482,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch expected by 12/23/21 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell BSAFE Micro Edition Suite + product: Connectrix B-Series SANnav cves: cve-2021-4104: investigated: false @@ -20638,10 +20496,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 2.1.1 fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -20654,12 +20512,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch expected by 3/31/2022 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Calibration Assistant + product: Connextrix B Series cves: cve-2021-4104: investigated: false @@ -20689,7 +20547,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Cinema Color + product: CyberSecIQ Application cves: cve-2021-4104: investigated: false @@ -20719,7 +20577,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Cloud Command Repository Manager + product: CyberSense for PowerProtect Cyber Recovery cves: cve-2021-4104: investigated: false @@ -20749,7 +20607,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Cloud Management Agent + product: Data Domain OS cves: cve-2021-4104: investigated: false @@ -20758,10 +20616,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - Versions between 7.3.0.5 and 7.7.0.6;Versions before 7.6.0.30 fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -20774,12 +20632,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021-274 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Color Management + product: Dell BSAFE Crypto-C Micro Edition cves: cve-2021-4104: investigated: false @@ -20809,7 +20667,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Command Configure + product: Dell BSAFE Crypto-J cves: cve-2021-4104: investigated: false @@ -20839,7 +20697,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Command Integration Suite for System Center + product: Dell BSAFE Micro Edition Suite cves: cve-2021-4104: investigated: false @@ -20869,7 +20727,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Command Intel vPro Out of Band + product: Dell Calibration Assistant cves: cve-2021-4104: investigated: false @@ -20899,7 +20757,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Command Monitor + product: Dell Cinema Color cves: cve-2021-4104: investigated: false @@ -20929,7 +20787,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Command Power Manager + product: Dell Cloud Command Repository Manager cves: cve-2021-4104: investigated: false @@ -20959,7 +20817,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Command PowerShell Provider + product: Dell Cloud Management Agent cves: cve-2021-4104: investigated: false @@ -20989,7 +20847,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Command Update + product: Dell Color Management cves: cve-2021-4104: investigated: false @@ -21019,7 +20877,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Customer Connect + product: Dell Command Configure cves: cve-2021-4104: investigated: false @@ -21049,7 +20907,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Data Guardian* + product: Dell Command Integration Suite for System Center cves: cve-2021-4104: investigated: false @@ -21079,7 +20937,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Data Protection* + product: Dell Command Intel vPro Out of Band cves: cve-2021-4104: investigated: false @@ -21109,7 +20967,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Data Recovery Environment + product: Dell Command Monitor cves: cve-2021-4104: investigated: false @@ -21139,7 +20997,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Data Vault + product: Dell Command Power Manager cves: cve-2021-4104: investigated: false @@ -21169,7 +21027,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Data Vault for Chrome OS + product: Dell Command PowerShell Provider cves: cve-2021-4104: investigated: false @@ -21199,7 +21057,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Deployment Agent + product: Dell Command Update cves: cve-2021-4104: investigated: false @@ -21229,7 +21087,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Digital Delivery + product: Dell Customer Connect cves: cve-2021-4104: investigated: false @@ -21259,7 +21117,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Direct USB Key + product: Dell Data Guardian* cves: cve-2021-4104: investigated: false @@ -21289,7 +21147,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Display Manager 1.5 for Windows / macOS + product: Dell Data Protection* cves: cve-2021-4104: investigated: false @@ -21319,7 +21177,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Display Manager 2.0 for Windows / macOS + product: Dell Data Recovery Environment cves: cve-2021-4104: investigated: false @@ -21349,7 +21207,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC AppSync + product: Dell Data Vault cves: cve-2021-4104: investigated: false @@ -21379,7 +21237,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Avamar + product: Dell Data Vault for Chrome OS cves: cve-2021-4104: investigated: false @@ -21388,69 +21246,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '"18.2 19.1 19.2 19.3 19.4"' - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/20/21 - references: - - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC BSN Controller Node - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-305 - references: - - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC Cloud Disaster Recovery - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: + unaffected_versions: - N/A - fixed_versions: [] - unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -21463,12 +21262,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Cloudboost + product: Dell Deployment Agent cves: cve-2021-4104: investigated: false @@ -21498,7 +21297,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC CloudLink + product: Dell Digital Delivery cves: cve-2021-4104: investigated: false @@ -21528,7 +21327,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Container Storage Modules + product: Dell Direct USB Key cves: cve-2021-4104: investigated: false @@ -21558,7 +21357,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Data Computing Appliance (DCA) + product: Dell Display Manager 1.5 for Windows / macOS cves: cve-2021-4104: investigated: false @@ -21588,7 +21387,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Data Protection Advisor + product: Dell Display Manager 2.0 for Windows / macOS cves: cve-2021-4104: investigated: false @@ -21618,66 +21417,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Data Protection Central - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021- 269 - references: - - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC Data Protection Search - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: - - Versions before 19.5.0.7 - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-279 - references: - - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC DataIQ + product: Dell EMC AppSync cves: cve-2021-4104: investigated: false @@ -21707,7 +21447,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Disk Library for Mainframe + product: Dell EMC Avamar cves: cve-2021-4104: investigated: false @@ -21716,10 +21456,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - '"18.2 19.1 19.2 19.3 19.4"' fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -21732,12 +21472,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch expected by 12/20/21 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC ECS + product: Dell EMC BSN Controller Node cves: cve-2021-4104: investigated: false @@ -21761,12 +21501,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/18/21 + notes: See DSA-2021-305 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Enterprise Storage Analytics for vRealize Operations + product: Dell EMC Cloud Disaster Recovery cves: cve-2021-4104: investigated: false @@ -21776,7 +21516,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '"<6.0.0 6.1.0 6.2.x"' + - N/A fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -21791,12 +21531,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-278 + notes: Patch pending references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC GeoDrive + product: Dell EMC Cloudboost cves: cve-2021-4104: investigated: false @@ -21826,7 +21566,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Integrated System for Azure Stack HCI + product: Dell EMC CloudLink cves: cve-2021-4104: investigated: false @@ -21835,10 +21575,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - N/A + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -21851,16 +21591,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '"Dell EMC Integrated System for Azure Stack HCI is not impacted by this - advisory. If Dell EMC SupportAssist Enterprise (SAE) or Dell EMC Secure Connect - Gateway (SCG) were optionally installed with Dell EMC Integrated System for - Azure Stack HCI monitor the following advisories. Apply workaround guidance - and remediations as they become [available:](https://www.dell.com/support/kbdoc/en-us/000194622/dsa-2021-307-dell-emc-integrated-system-for-azure-stack-hci-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Integrated System for Microsoft Azure Stack Hub + product: Dell EMC Container Storage Modules cves: cve-2021-4104: investigated: false @@ -21869,10 +21605,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - N/A + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -21885,12 +21621,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Isilon InsightIQ + product: Dell EMC Data Computing Appliance (DCA) cves: cve-2021-4104: investigated: false @@ -21920,7 +21656,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC License Manager + product: Dell EMC Data Protection Advisor cves: cve-2021-4104: investigated: false @@ -21950,7 +21686,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Metro Node + product: Dell EMC Data Protection Central cves: cve-2021-4104: investigated: false @@ -21958,9 +21694,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 7.0.x + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -21975,12 +21710,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-308 + notes: See DSA-2021- 269 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC NetWorker Server + product: Dell EMC Data Protection Search cves: cve-2021-4104: investigated: false @@ -21990,7 +21725,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '"19.5.x 19.4.x 19.3.x"' + - Versions before 19.5.0.7 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -22005,12 +21740,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/20/21 + notes: See DSA-2021-279 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC NetWorker Virtual Edition + product: Dell EMC DataIQ cves: cve-2021-4104: investigated: false @@ -22019,10 +21754,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '"19.5.x 19.4.x 19.3.x"' + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -22035,12 +21770,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/20/21 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Networking Onie + product: Dell EMC Disk Library for Mainframe cves: cve-2021-4104: investigated: false @@ -22070,7 +21805,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Networking Virtual Edge Platform with VersaOS + product: Dell EMC ECS cves: cve-2021-4104: investigated: false @@ -22078,9 +21813,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - '"with Versa Concerto with Versa Analytics with Versa Concero Director"' + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -22095,12 +21829,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-304 + notes: Patch expected by 12/18/21 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC OpenManage Ansible Modules + product: Dell EMC Enterprise Storage Analytics for vRealize Operations cves: cve-2021-4104: investigated: false @@ -22109,10 +21843,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - '"<6.0.0 6.1.0 6.2.x"' fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -22125,12 +21859,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021-278 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC OpenManage integration for Splunk + product: Dell EMC GeoDrive cves: cve-2021-4104: investigated: false @@ -22160,7 +21894,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC OpenManage Integration for VMware vCenter + product: Dell EMC Integrated System for Azure Stack HCI cves: cve-2021-4104: investigated: false @@ -22169,10 +21903,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: + affected_versions: - N/A + fixed_versions: [] + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -22185,12 +21919,16 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: '"Dell EMC Integrated System for Azure Stack HCI is not impacted by this + advisory. If Dell EMC SupportAssist Enterprise (SAE) or Dell EMC Secure Connect + Gateway (SCG) were optionally installed with Dell EMC Integrated System for + Azure Stack HCI monitor the following advisories. Apply workaround guidance + and remediations as they become [available:](https://www.dell.com/support/kbdoc/en-us/000194622/dsa-2021-307-dell-emc-integrated-system-for-azure-stack-hci-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC OpenManage Management pack for vRealize Operations + product: Dell EMC Integrated System for Microsoft Azure Stack Hub cves: cve-2021-4104: investigated: false @@ -22199,10 +21937,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: + affected_versions: - N/A + fixed_versions: [] + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -22215,13 +21953,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch pending references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC OpenManage Operations Connector for Micro Focus Operations Bridge - Manager + product: Dell EMC Isilon InsightIQ cves: cve-2021-4104: investigated: false @@ -22251,7 +21988,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerFlex Appliance + product: Dell EMC License Manager cves: cve-2021-4104: investigated: false @@ -22260,11 +21997,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '"All versions up to Intelligent Catalog 38_356_00_r10.zip All versions - up to Intelligent Catalog 38_362_00_r7.zip"' + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -22277,12 +22013,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerFlex Rack + product: Dell EMC Metro Node cves: cve-2021-4104: investigated: false @@ -22292,7 +22028,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - N/A + - 7.0.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -22307,12 +22043,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + notes: See DSA-2021-308 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerFlex Software (SDS) + product: Dell EMC NetWorker Server cves: cve-2021-4104: investigated: false @@ -22322,7 +22058,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '"3.5 3.5.1 3.5.1.1 3.5.1.2 3.5.1.3 3.5.1.4 3.6 3.6.0.1 3.6.0.2"' + - '"19.5.x 19.4.x 19.3.x"' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -22337,12 +22073,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + notes: Patch expected by 12/20/21 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerPath + product: Dell EMC NetWorker Virtual Edition cves: cve-2021-4104: investigated: false @@ -22351,10 +22087,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - '"19.5.x 19.4.x 19.3.x"' fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -22367,12 +22103,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch expected by 12/20/21 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerPath Management Appliance + product: Dell EMC Networking Onie cves: cve-2021-4104: investigated: false @@ -22402,7 +22138,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerProtect Cyber Recovery + product: Dell EMC Networking Virtual Edge Platform with VersaOS cves: cve-2021-4104: investigated: false @@ -22411,10 +22147,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - '"with Versa Concerto with Versa Analytics with Versa Concero Director"' fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -22427,12 +22163,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021-304 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerProtect Data Manager + product: Dell EMC OpenManage Ansible Modules cves: cve-2021-4104: investigated: false @@ -22441,10 +22177,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - All versions 19.9 and earlier + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -22457,12 +22193,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerProtect DP Series Appliance (iDPA) + product: Dell EMC OpenManage integration for Splunk cves: cve-2021-4104: investigated: false @@ -22471,10 +22207,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 2.7.0 and earlier + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -22487,12 +22223,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerScale OneFS + product: Dell EMC OpenManage Integration for VMware vCenter cves: cve-2021-4104: investigated: false @@ -22522,7 +22258,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerShell for PowerMax + product: Dell EMC OpenManage Management pack for vRealize Operations cves: cve-2021-4104: investigated: false @@ -22552,7 +22288,8 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerShell for Powerstore + product: Dell EMC OpenManage Operations Connector for Micro Focus Operations Bridge + Manager cves: cve-2021-4104: investigated: false @@ -22582,7 +22319,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerShell for Unity + product: Dell EMC PowerFlex Appliance cves: cve-2021-4104: investigated: false @@ -22591,10 +22328,11 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - '"All versions up to Intelligent Catalog 38_356_00_r10.zip All versions + up to Intelligent Catalog 38_362_00_r7.zip"' fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -22607,12 +22345,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch pending references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerStore + product: Dell EMC PowerFlex Rack cves: cve-2021-4104: investigated: false @@ -22620,8 +22358,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - N/A fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -22636,12 +22375,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/23/21 + notes: Patch pending references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerVault MD3 Series Storage Arrays + product: Dell EMC PowerFlex Software (SDS) cves: cve-2021-4104: investigated: false @@ -22650,10 +22389,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - '"3.5 3.5.1 3.5.1.1 3.5.1.2 3.5.1.3 3.5.1.4 3.6 3.6.0.1 3.6.0.2"' fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -22666,12 +22405,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch pending references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerVault ME4 Series Storage Arrays + product: Dell EMC PowerPath cves: cve-2021-4104: investigated: false @@ -22701,7 +22440,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC RecoverPoint Classic + product: Dell EMC PowerPath Management Appliance cves: cve-2021-4104: investigated: false @@ -22710,10 +22449,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - All 5.1.x and later versions + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -22726,12 +22465,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC RecoverPoint for Virtual Machine + product: Dell EMC PowerProtect Cyber Recovery cves: cve-2021-4104: investigated: false @@ -22740,10 +22479,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - All 5.0.x and later versions + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -22756,12 +22495,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Repository Manager (DRM) + product: Dell EMC PowerProtect Data Manager cves: cve-2021-4104: investigated: false @@ -22770,10 +22509,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - All versions 19.9 and earlier fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -22786,12 +22525,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch pending references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Ruckus SmartZone 100 Controller + product: Dell EMC PowerProtect DP Series Appliance (iDPA) cves: cve-2021-4104: investigated: false @@ -22799,8 +22538,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 2.7.0 and earlier fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -22815,12 +22555,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-303 + notes: Patch pending references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Ruckus SmartZone 300 Controller + product: Dell EMC PowerScale OneFS cves: cve-2021-4104: investigated: false @@ -22828,10 +22568,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -22844,12 +22585,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-303 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Ruckus Virtual Software + product: Dell EMC PowerShell for PowerMax cves: cve-2021-4104: investigated: false @@ -22857,10 +22598,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -22873,12 +22615,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-303 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC SourceOne + product: Dell EMC PowerShell for Powerstore cves: cve-2021-4104: investigated: false @@ -22908,7 +22650,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC SRM vApp + product: Dell EMC PowerShell for Unity cves: cve-2021-4104: investigated: false @@ -22917,10 +22659,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Versions before 4.6.0.2 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -22933,12 +22675,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 1/25/2022 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Streaming Data Platform + product: Dell EMC PowerStore cves: cve-2021-4104: investigated: false @@ -22962,12 +22704,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/18/21 + notes: Patch expected by 12/23/21 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Systems Update (DSU) + product: Dell EMC PowerVault MD3 Series Storage Arrays cves: cve-2021-4104: investigated: false @@ -22997,7 +22739,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Unisphere 360 + product: Dell EMC PowerVault ME4 Series Storage Arrays cves: cve-2021-4104: investigated: false @@ -23027,7 +22769,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Unity + product: Dell EMC RecoverPoint Classic cves: cve-2021-4104: investigated: false @@ -23035,8 +22777,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - All 5.1.x and later versions fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -23051,12 +22794,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/29/21 + notes: Patch pending references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Virtual Storage Integrator + product: Dell EMC RecoverPoint for Virtual Machine cves: cve-2021-4104: investigated: false @@ -23065,10 +22808,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - All 5.0.x and later versions fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -23081,12 +22824,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch pending references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC VPLEX + product: Dell EMC Repository Manager (DRM) cves: cve-2021-4104: investigated: false @@ -23116,7 +22859,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC VxRail + product: Dell EMC Ruckus SmartZone 100 Controller cves: cve-2021-4104: investigated: false @@ -23124,9 +22867,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - '"4.5.x 4.7.x 7.0.x"' + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -23141,12 +22883,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + notes: See DSA-2021-303 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC XtremIO + product: Dell EMC Ruckus SmartZone 300 Controller cves: cve-2021-4104: investigated: false @@ -23154,11 +22896,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -23171,12 +22912,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021-303 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Encryption Enterprise* + product: Dell EMC Ruckus Virtual Software cves: cve-2021-4104: investigated: false @@ -23184,11 +22925,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -23201,12 +22941,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021-303 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Encryption Personal* + product: Dell EMC SourceOne cves: cve-2021-4104: investigated: false @@ -23236,7 +22976,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Endpoint Security Suite Enterprise* + product: Dell EMC SRM vApp cves: cve-2021-4104: investigated: false @@ -23245,10 +22985,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - Versions before 4.6.0.2 fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -23261,12 +23001,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch expected by 1/25/2022 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Hybrid Client + product: Dell EMC Streaming Data Platform cves: cve-2021-4104: investigated: false @@ -23274,11 +23014,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -23291,12 +23030,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch expected by 12/18/21 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell ImageAssist + product: Dell EMC Systems Update (DSU) cves: cve-2021-4104: investigated: false @@ -23326,7 +23065,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Insights Client + product: Dell EMC Unisphere 360 cves: cve-2021-4104: investigated: false @@ -23356,7 +23095,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Linux Assistant + product: Dell EMC Unity cves: cve-2021-4104: investigated: false @@ -23364,11 +23103,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -23381,12 +23119,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch expected by 12/29/21 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Mobile Connect + product: Dell EMC Virtual Storage Integrator cves: cve-2021-4104: investigated: false @@ -23416,7 +23154,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Monitor ISP (Windows/Mac/Linux) + product: Dell EMC VPLEX cves: cve-2021-4104: investigated: false @@ -23446,7 +23184,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Monitor SDK + product: Dell EMC VxRail cves: cve-2021-4104: investigated: false @@ -23455,10 +23193,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - '"4.5.x 4.7.x 7.0.x"' fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -23471,12 +23209,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch pending references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Networking X-Series + product: Dell EMC XtremIO cves: cve-2021-4104: investigated: false @@ -23506,7 +23244,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Open Manage Mobile + product: Dell Encryption Enterprise* cves: cve-2021-4104: investigated: false @@ -23536,7 +23274,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Open Manage Server Administrator + product: Dell Encryption Personal* cves: cve-2021-4104: investigated: false @@ -23566,37 +23304,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Open Management Enterprise - Modular - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: - - <1.40.10 - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-268 - references: - - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell OpenManage Change Management + product: Dell Endpoint Security Suite Enterprise* cves: cve-2021-4104: investigated: false @@ -23626,7 +23334,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell OpenManage Enterprise Power Manager Plugin + product: Dell Hybrid Client cves: cve-2021-4104: investigated: false @@ -23656,7 +23364,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Optimizer + product: Dell ImageAssist cves: cve-2021-4104: investigated: false @@ -23686,7 +23394,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell OS Recovery Tool + product: Dell Insights Client cves: cve-2021-4104: investigated: false @@ -23716,7 +23424,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Peripheral Manager 1.4 / 1.5 for Windows + product: Dell Linux Assistant cves: cve-2021-4104: investigated: false @@ -23746,7 +23454,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Platform Service + product: Dell Mobile Connect cves: cve-2021-4104: investigated: false @@ -23776,7 +23484,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Power Manager + product: Dell Monitor ISP (Windows/Mac/Linux) cves: cve-2021-4104: investigated: false @@ -23806,7 +23514,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Power Manager Lite + product: Dell Monitor SDK cves: cve-2021-4104: investigated: false @@ -23836,7 +23544,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Precision Optimizer + product: Dell Networking X-Series cves: cve-2021-4104: investigated: false @@ -23866,7 +23574,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Precision Optimizer for Linux + product: Dell Open Manage Mobile cves: cve-2021-4104: investigated: false @@ -23896,7 +23604,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Premier Color + product: Dell Open Manage Server Administrator cves: cve-2021-4104: investigated: false @@ -23926,7 +23634,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Recovery (Linux) + product: Dell Open Management Enterprise - Modular cves: cve-2021-4104: investigated: false @@ -23935,10 +23643,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - <1.40.10 fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -23951,12 +23659,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021-268 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Remediation Platform + product: Dell OpenManage Change Management cves: cve-2021-4104: investigated: false @@ -23986,7 +23694,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Remote Execution Engine (DRONE) + product: Dell OpenManage Enterprise Power Manager Plugin cves: cve-2021-4104: investigated: false @@ -24016,7 +23724,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Security Advisory Update - DSA-2021-088 + product: Dell Optimizer cves: cve-2021-4104: investigated: false @@ -24046,7 +23754,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Security Management Server & Dell Security Management Server Virtual* + product: Dell OS Recovery Tool cves: cve-2021-4104: investigated: false @@ -24076,7 +23784,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell SupportAssist SOS + product: Dell Peripheral Manager 1.4 / 1.5 for Windows cves: cve-2021-4104: investigated: false @@ -24106,7 +23814,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Thin OS + product: Dell Platform Service cves: cve-2021-4104: investigated: false @@ -24136,7 +23844,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Threat Defense + product: Dell Power Manager cves: cve-2021-4104: investigated: false @@ -24166,7 +23874,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell True Color + product: Dell Power Manager Lite cves: cve-2021-4104: investigated: false @@ -24196,7 +23904,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Trusted Device + product: Dell Precision Optimizer cves: cve-2021-4104: investigated: false @@ -24226,7 +23934,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Update + product: Dell Precision Optimizer for Linux cves: cve-2021-4104: investigated: false @@ -24256,36 +23964,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: DellEMC OpenManage Enterprise Services - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/20/21 - references: - - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dream Catcher + product: Dell Premier Color cves: cve-2021-4104: investigated: false @@ -24315,7 +23994,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: DUP Creation Service + product: Dell Recovery (Linux) cves: cve-2021-4104: investigated: false @@ -24345,7 +24024,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: DUP Framework (ISG) + product: Dell Remediation Platform cves: cve-2021-4104: investigated: false @@ -24375,7 +24054,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Embedded NAS + product: Dell Remote Execution Engine (DRONE) cves: cve-2021-4104: investigated: false @@ -24405,7 +24084,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Embedded Service Enabler + product: Dell Security Advisory Update - DSA-2021-088 cves: cve-2021-4104: investigated: false @@ -24435,7 +24114,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Enterprise Hybrid Cloud + product: Dell Security Management Server & Dell Security Management Server Virtual* cves: cve-2021-4104: investigated: false @@ -24443,10 +24122,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -24459,12 +24139,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '[link](https://www.dell.com/support/kbdoc/en-us/000194490/dsa-2021-270-enterprise-hybrid-cloud-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Equallogic PS + product: Dell SupportAssist SOS cves: cve-2021-4104: investigated: false @@ -24494,7 +24174,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Fluid FS + product: Dell Thin OS cves: cve-2021-4104: investigated: false @@ -24524,7 +24204,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: iDRAC Service Module (iSM) + product: Dell Threat Defense cves: cve-2021-4104: investigated: false @@ -24554,7 +24234,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Infinity MLK (firmware) + product: Dell True Color cves: cve-2021-4104: investigated: false @@ -24584,7 +24264,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Integrated Dell Remote Access Controller (iDRAC) + product: Dell Trusted Device cves: cve-2021-4104: investigated: false @@ -24614,7 +24294,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: ISG Accelerators + product: Dell Update cves: cve-2021-4104: investigated: false @@ -24644,7 +24324,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: ISG Board & Electrical + product: DellEMC OpenManage Enterprise Services cves: cve-2021-4104: investigated: false @@ -24652,11 +24332,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -24669,12 +24348,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch expected by 12/20/21 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: IsilonSD Management Server + product: Dream Catcher cves: cve-2021-4104: investigated: false @@ -24704,7 +24383,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: IVE-WinDiag + product: DUP Creation Service cves: cve-2021-4104: investigated: false @@ -24734,7 +24413,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Mainframe Enablers + product: DUP Framework (ISG) cves: cve-2021-4104: investigated: false @@ -24764,7 +24443,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: My Dell + product: Embedded NAS cves: cve-2021-4104: investigated: false @@ -24794,7 +24473,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: MyDell Mobile + product: Embedded Service Enabler cves: cve-2021-4104: investigated: false @@ -24824,7 +24503,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: NetWorker Management Console + product: Enterprise Hybrid Cloud cves: cve-2021-4104: investigated: false @@ -24832,11 +24511,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -24849,12 +24527,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: '[link](https://www.dell.com/support/kbdoc/en-us/000194490/dsa-2021-270-enterprise-hybrid-cloud-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Networking BIOS + product: Equallogic PS cves: cve-2021-4104: investigated: false @@ -24884,7 +24562,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Networking DIAG + product: Fluid FS cves: cve-2021-4104: investigated: false @@ -24914,7 +24592,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Networking N-Series + product: iDRAC Service Module (iSM) cves: cve-2021-4104: investigated: false @@ -24944,7 +24622,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Networking OS 10 + product: Infinity MLK (firmware) cves: cve-2021-4104: investigated: false @@ -24974,7 +24652,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Networking OS9 + product: Integrated Dell Remote Access Controller (iDRAC) cves: cve-2021-4104: investigated: false @@ -25004,7 +24682,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Networking SD-WAN Edge SD-WAN + product: ISG Accelerators cves: cve-2021-4104: investigated: false @@ -25034,7 +24712,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Networking W-Series + product: ISG Board & Electrical cves: cve-2021-4104: investigated: false @@ -25064,7 +24742,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Networking X-Series + product: IsilonSD Management Server cves: cve-2021-4104: investigated: false @@ -25094,7 +24772,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: OMIMSSC (OpenManage Integration for Microsoft System Center) + product: IVE-WinDiag cves: cve-2021-4104: investigated: false @@ -25124,7 +24802,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: OMNIA + product: Mainframe Enablers cves: cve-2021-4104: investigated: false @@ -25154,7 +24832,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: OpenManage Connections - Nagios + product: My Dell cves: cve-2021-4104: investigated: false @@ -25184,7 +24862,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: OpenManage Connections - ServiceNow + product: MyDell Mobile cves: cve-2021-4104: investigated: false @@ -25214,7 +24892,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: OpenManage Enterprise + product: NetWorker Management Console cves: cve-2021-4104: investigated: false @@ -25222,10 +24900,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -25238,13 +24917,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/19/21 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: OpenManage Integration for Microsoft System Center for System Center - Operations Manager + product: Networking BIOS cves: cve-2021-4104: investigated: false @@ -25274,7 +24952,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: OpenManage Integration with Microsoft Windows Admin Center + product: Networking DIAG cves: cve-2021-4104: investigated: false @@ -25304,7 +24982,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: OpenManage Network Integration + product: Networking N-Series cves: cve-2021-4104: investigated: false @@ -25334,7 +25012,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: PowerConnect N3200 + product: Networking OS 10 cves: cve-2021-4104: investigated: false @@ -25364,7 +25042,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: PowerConnect PC2800 + product: Networking OS9 cves: cve-2021-4104: investigated: false @@ -25394,7 +25072,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: PowerConnect PC8100 + product: Networking SD-WAN Edge SD-WAN cves: cve-2021-4104: investigated: false @@ -25424,7 +25102,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: PowerEdge BIOS + product: Networking W-Series cves: cve-2021-4104: investigated: false @@ -25454,7 +25132,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: PowerEdge Operating Systems + product: Networking X-Series cves: cve-2021-4104: investigated: false @@ -25484,7 +25162,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: PowerTools Agent + product: OMIMSSC (OpenManage Integration for Microsoft System Center) cves: cve-2021-4104: investigated: false @@ -25514,7 +25192,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: PPDM Kubernetes cProxy + product: OMNIA cves: cve-2021-4104: investigated: false @@ -25544,7 +25222,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: PPDM VMware vProxy + product: OpenManage Connections - Nagios cves: cve-2021-4104: investigated: false @@ -25574,7 +25252,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Redtail + product: OpenManage Connections - ServiceNow cves: cve-2021-4104: investigated: false @@ -25604,7 +25282,37 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Remotely Anywhere + product: OpenManage Enterprise + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: Patch expected by 12/19/21 + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: OpenManage Integration for Microsoft System Center for System Center + Operations Manager cves: cve-2021-4104: investigated: false @@ -25634,7 +25342,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Riptide (firmware) + product: OpenManage Integration with Microsoft Windows Admin Center cves: cve-2021-4104: investigated: false @@ -25664,7 +25372,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Rugged Control Center (RCC) + product: OpenManage Network Integration cves: cve-2021-4104: investigated: false @@ -25694,7 +25402,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: SD ROM Utility + product: PowerConnect N3200 cves: cve-2021-4104: investigated: false @@ -25724,7 +25432,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: SDNAS + product: PowerConnect PC2800 cves: cve-2021-4104: investigated: false @@ -25754,7 +25462,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Secure Connect Gateway (SCG) Appliance + product: PowerConnect PC8100 cves: cve-2021-4104: investigated: false @@ -25763,10 +25471,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '"5.00.00 5.00.05 and 4.0.06 and earlier versions (OVF and VHD)"' + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -25779,12 +25487,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-282 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Secure Connect Gateway (SCG) Policy Manager + product: PowerEdge BIOS cves: cve-2021-4104: investigated: false @@ -25793,10 +25501,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '"5.00.00.10 5.00.05.10"' + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -25809,12 +25517,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-281 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Server Storage + product: PowerEdge Operating Systems cves: cve-2021-4104: investigated: false @@ -25844,7 +25552,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Smart Fabric Storage Software + product: PowerTools Agent cves: cve-2021-4104: investigated: false @@ -25874,7 +25582,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: SmartByte + product: PPDM Kubernetes cProxy cves: cve-2021-4104: investigated: false @@ -25904,7 +25612,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: SMI-S + product: PPDM VMware vProxy cves: cve-2021-4104: investigated: false @@ -25934,7 +25642,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Software RAID + product: Redtail cves: cve-2021-4104: investigated: false @@ -25964,7 +25672,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Solutions Enabler + product: Remotely Anywhere cves: cve-2021-4104: investigated: false @@ -25994,7 +25702,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Solutions Enabler vApp + product: Riptide (firmware) cves: cve-2021-4104: investigated: false @@ -26024,7 +25732,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Sonic + product: Rugged Control Center (RCC) cves: cve-2021-4104: investigated: false @@ -26054,7 +25762,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: SRS Policy Manager + product: SD ROM Utility cves: cve-2021-4104: investigated: false @@ -26063,10 +25771,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '7' + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -26079,12 +25787,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: SRS VE + product: SDNAS cves: cve-2021-4104: investigated: false @@ -26114,7 +25822,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Storage Center - Dell Storage Manager + product: Secure Connect Gateway (SCG) Appliance cves: cve-2021-4104: investigated: false @@ -26122,8 +25830,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '"5.00.00 5.00.05 and 4.0.06 and earlier versions (OVF and VHD)"' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -26138,12 +25847,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + notes: See DSA-2021-282 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Storage Center OS and additional SC applications unless otherwise noted + product: Secure Connect Gateway (SCG) Policy Manager cves: cve-2021-4104: investigated: false @@ -26152,10 +25861,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - '"5.00.00.10 5.00.05.10"' fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -26168,12 +25877,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021-281 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: SupportAssist Client Commercial + product: Server Storage cves: cve-2021-4104: investigated: false @@ -26203,7 +25912,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: SupportAssist Client Consumer + product: Smart Fabric Storage Software cves: cve-2021-4104: investigated: false @@ -26233,7 +25942,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: SupportAssist Enterprise + product: SmartByte cves: cve-2021-4104: investigated: false @@ -26241,10 +25950,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -26257,12 +25967,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/23/21 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: UCC Edge + product: SMI-S cves: cve-2021-4104: investigated: false @@ -26292,7 +26002,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Unisphere Central + product: Software RAID cves: cve-2021-4104: investigated: false @@ -26300,10 +26010,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -26316,12 +26027,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 1/10/2022 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Unisphere for PowerMax + product: Solutions Enabler cves: cve-2021-4104: investigated: false @@ -26351,7 +26062,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Unisphere for PowerMax vApp + product: Solutions Enabler vApp cves: cve-2021-4104: investigated: false @@ -26381,7 +26092,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Unisphere for VMAX + product: Sonic cves: cve-2021-4104: investigated: false @@ -26411,7 +26122,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Unisphere for VNX + product: SRS Policy Manager cves: cve-2021-4104: investigated: false @@ -26420,10 +26131,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - '7' fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -26436,12 +26147,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch pending references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Update Manager Plugin + product: SRS VE cves: cve-2021-4104: investigated: false @@ -26471,7 +26182,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Vblock + product: Storage Center - Dell Storage Manager cves: cve-2021-4104: investigated: false @@ -26495,12 +26206,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending See vce6771 (requires customer login) + notes: Patch pending references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: ViPR Controller + product: Storage Center OS and additional SC applications unless otherwise noted cves: cve-2021-4104: investigated: false @@ -26530,7 +26241,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: VMware vRealize Automation 8.x + product: SupportAssist Client Commercial cves: cve-2021-4104: investigated: false @@ -26539,10 +26250,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '"8.2 8.3 8.4 8.5 and 8.6"' + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -26555,12 +26266,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/19/21 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: VMware vRealize Orchestrator 8.x + product: SupportAssist Client Consumer cves: cve-2021-4104: investigated: false @@ -26569,10 +26280,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '"8.2 8.3 8.4 8.5 and 8.6"' + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -26585,12 +26296,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/19/21 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: VNX1 + product: SupportAssist Enterprise cves: cve-2021-4104: investigated: false @@ -26598,11 +26309,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -26615,12 +26325,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch expected by 12/23/21 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: VNX2 + product: UCC Edge cves: cve-2021-4104: investigated: false @@ -26650,7 +26360,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: VNXe 1600 + product: Unisphere Central cves: cve-2021-4104: investigated: false @@ -26658,9 +26368,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Versions 3.1.16.10220572 and earlier + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -26675,12 +26384,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/19/21 + notes: Patch expected by 1/10/2022 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: VNXe 3200 + product: Unisphere for PowerMax cves: cve-2021-4104: investigated: false @@ -26689,10 +26398,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Version 3.1.15.10216415 and earlier + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -26705,12 +26414,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/19/21 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: VPLEX VS2/VS6 / VPLEX Witness + product: Unisphere for PowerMax vApp cves: cve-2021-4104: investigated: false @@ -26740,7 +26449,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: vRealize Data Protection Extension Data Management + product: Unisphere for VMAX cves: cve-2021-4104: investigated: false @@ -26748,10 +26457,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -26764,12 +26474,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/19/21 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: vRealize Data Protection Extension for vRealize Automation (vRA) 8.x + product: Unisphere for VNX cves: cve-2021-4104: investigated: false @@ -26778,10 +26488,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '"version 19.6 version 19.7 version 19.8 and version 19.9"' + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -26794,12 +26504,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/19/21 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: vRealize Orchestrator (vRO) Plug-ins for Dell EMC Storage + product: Update Manager Plugin cves: cve-2021-4104: investigated: false @@ -26808,10 +26518,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Various + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -26824,12 +26534,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-300 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: vRO Plugin for Dell EMC PowerMax + product: Vblock cves: cve-2021-4104: investigated: false @@ -26837,9 +26547,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Version 1.2.3 or earlier + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -26854,12 +26563,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-300 + notes: Patch pending See vce6771 (requires customer login) references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: vRO Plugin for Dell EMC PowerScale + product: ViPR Controller cves: cve-2021-4104: investigated: false @@ -26868,10 +26577,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Version 1.1.0 or earlier + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -26884,12 +26593,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-300 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: vRO Plugin for Dell EMC PowerStore + product: VMware vRealize Automation 8.x cves: cve-2021-4104: investigated: false @@ -26899,7 +26608,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - Version 1.1.4 or earlier + - '"8.2 8.3 8.4 8.5 and 8.6"' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -26914,12 +26623,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-300 + notes: Patch expected by 12/19/21 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: vRO Plugin for Dell EMC Unity + product: VMware vRealize Orchestrator 8.x cves: cve-2021-4104: investigated: false @@ -26929,7 +26638,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - Version 1.0.6 or earlier + - '"8.2 8.3 8.4 8.5 and 8.6"' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -26944,12 +26653,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-300 + notes: Patch expected by 12/19/21 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: vRO Plugin for Dell EMC XtremIO + product: VNX1 cves: cve-2021-4104: investigated: false @@ -26958,10 +26667,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Version 4.1.2 or earlier + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -26974,12 +26683,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-300 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Vsan Ready Nodes + product: VNX2 cves: cve-2021-4104: investigated: false @@ -27009,7 +26718,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: VxBlock + product: VNXe 1600 cves: cve-2021-4104: investigated: false @@ -27017,10 +26726,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: + - Versions 3.1.16.10220572 and earlier + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: Patch expected by 12/19/21 + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: VNXe 3200 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - Version 3.1.15.10216415 and earlier + fixed_versions: [] + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -27033,12 +26773,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '"Patch pending See vce6771 (requires customer login) "' + notes: Patch expected by 12/19/21 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Warnado MLK (firmware) + product: VPLEX VS2/VS6 / VPLEX Witness cves: cve-2021-4104: investigated: false @@ -27068,7 +26808,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Wyse Management Suite + product: vRealize Data Protection Extension Data Management cves: cve-2021-4104: investigated: false @@ -27076,9 +26816,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - <3.5 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -27093,12 +26832,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-267 + notes: Patch expected by 12/19/21 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Wyse Proprietary OS (ThinOS) + product: vRealize Data Protection Extension for vRealize Automation (vRA) 8.x cves: cve-2021-4104: investigated: false @@ -27107,10 +26846,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - '"version 19.6 version 19.7 version 19.8 and version 19.9"' fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -27123,12 +26862,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch expected by 12/19/21 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Wyse Windows Embedded Suite + product: vRealize Orchestrator (vRO) Plug-ins for Dell EMC Storage cves: cve-2021-4104: investigated: false @@ -27137,10 +26876,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - Various fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -27153,12 +26892,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021-300 references: - '' last_updated: '2021-12-15T00:00:00' - - vendor: Deltares - product: Delft-FEWS + - vendor: Dell + product: vRO Plugin for Dell EMC PowerMax cves: cve-2021-4104: investigated: false @@ -27167,9 +26906,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: - - '>2018.02' + affected_versions: + - Version 1.2.3 or earlier + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -27182,13 +26921,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://publicwiki.deltares.nl/display/FEWSDOC/Delft-FEWS+and+Log4J+vulnerability - notes: Mitigations Only + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: See DSA-2021-300 references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Denequa - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: vRO Plugin for Dell EMC PowerScale cves: cve-2021-4104: investigated: false @@ -27196,8 +26935,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - Version 1.1.0 or earlier fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -27211,13 +26951,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://denequa.de/log4j-information.html - notes: '' + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: See DSA-2021-300 references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Device42 - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: vRO Plugin for Dell EMC PowerStore cves: cve-2021-4104: investigated: false @@ -27225,8 +26965,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - Version 1.1.4 or earlier fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -27240,13 +26981,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.device42.com/2021/12/13/log4j-zero-day/ - notes: '' + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: See DSA-2021-300 references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Devolutions - product: All products + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: vRO Plugin for Dell EMC Unity cves: cve-2021-4104: investigated: false @@ -27254,8 +26995,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - Version 1.0.6 or earlier fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -27269,13 +27011,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.devolutions.net/2021/12/critical-vulnerability-in-log4j/ - notes: '' + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: See DSA-2021-300 references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Diebold Nixdorf - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: vRO Plugin for Dell EMC XtremIO cves: cve-2021-4104: investigated: false @@ -27283,10 +27025,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: + - Version 4.1.2 or earlier + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: See DSA-2021-300 + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Vsan Ready Nodes + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -27298,13 +27071,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dieboldnixdorf.com/en-us/apache + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Digi International - product: AnywhereUSB Manager + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: VxBlock cves: cve-2021-4104: investigated: false @@ -27327,13 +27100,43 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '"Patch pending See vce6771 (requires customer login) "' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Warnado MLK (firmware) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - N/A + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: ARMT + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Wyse Management Suite cves: cve-2021-4104: investigated: false @@ -27341,10 +27144,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: + - <3.5 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: See DSA-2021-267 + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Wyse Proprietary OS (ThinOS) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -27356,13 +27190,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: Aview + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Wyse Windows Embedded Suite cves: cve-2021-4104: investigated: false @@ -27370,10 +27204,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - N/A + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Deltares + product: Delft-FEWS + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>2018.02' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -27385,13 +27250,42 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://publicwiki.deltares.nl/display/FEWSDOC/Delft-FEWS+and+Log4J+vulnerability + notes: Mitigations Only + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: Denequa + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://denequa.de/log4j-information.html notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: AVWOB + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Device42 + product: '' cves: cve-2021-4104: investigated: false @@ -27414,13 +27308,71 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://blog.device42.com/2021/12/13/log4j-zero-day/ notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Devolutions + product: All products + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blog.devolutions.net/2021/12/critical-vulnerability-in-log4j/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Diebold Nixdorf + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dieboldnixdorf.com/en-us/apache + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Digi International - product: CTEK G6200 family + product: AnywhereUSB Manager cves: cve-2021-4104: investigated: false @@ -27449,7 +27401,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: CTEK SkyCloud + product: ARMT cves: cve-2021-4104: investigated: false @@ -27478,7 +27430,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: CTEK Z45 family + product: Aview cves: cve-2021-4104: investigated: false @@ -27507,7 +27459,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi 54xx family + product: AVWOB cves: cve-2021-4104: investigated: false @@ -27536,7 +27488,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi 63xx family + product: CTEK G6200 family cves: cve-2021-4104: investigated: false @@ -27565,7 +27517,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi AnywhereUSB (G2) family + product: CTEK SkyCloud cves: cve-2021-4104: investigated: false @@ -27594,7 +27546,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi AnywhereUSB Plus family + product: CTEK Z45 family cves: cve-2021-4104: investigated: false @@ -27623,7 +27575,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi Connect EZ family + product: Digi 54xx family cves: cve-2021-4104: investigated: false @@ -27652,7 +27604,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi Connect family + product: Digi 63xx family cves: cve-2021-4104: investigated: false @@ -27681,7 +27633,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi Connect IT family + product: Digi AnywhereUSB (G2) family cves: cve-2021-4104: investigated: false @@ -27710,7 +27662,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi Connect Sensor family + product: Digi AnywhereUSB Plus family cves: cve-2021-4104: investigated: false @@ -27739,7 +27691,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi Connect WS family + product: Digi Connect EZ family cves: cve-2021-4104: investigated: false @@ -27768,7 +27720,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi ConnectPort family + product: Digi Connect family cves: cve-2021-4104: investigated: false @@ -27797,7 +27749,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi ConnectPort LTS family + product: Digi Connect IT family cves: cve-2021-4104: investigated: false @@ -27826,7 +27778,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi Embedded Android + product: Digi Connect Sensor family cves: cve-2021-4104: investigated: false @@ -27855,7 +27807,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi Embedded Yocto + product: Digi Connect WS family cves: cve-2021-4104: investigated: false @@ -27884,7 +27836,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi EX routers + product: Digi ConnectPort family cves: cve-2021-4104: investigated: false @@ -27913,7 +27865,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi IX routers + product: Digi ConnectPort LTS family cves: cve-2021-4104: investigated: false @@ -27942,7 +27894,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi LR54 + product: Digi Embedded Android cves: cve-2021-4104: investigated: false @@ -27971,7 +27923,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi Navigator + product: Digi Embedded Yocto cves: cve-2021-4104: investigated: false @@ -28000,7 +27952,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi One family + product: Digi EX routers cves: cve-2021-4104: investigated: false @@ -28029,7 +27981,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi Passport family + product: Digi IX routers cves: cve-2021-4104: investigated: false @@ -28058,7 +28010,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi PortServer TS family + product: Digi LR54 cves: cve-2021-4104: investigated: false @@ -28087,7 +28039,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi Remote Manager + product: Digi Navigator cves: cve-2021-4104: investigated: false @@ -28116,7 +28068,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi TX routers + product: Digi One family cves: cve-2021-4104: investigated: false @@ -28145,7 +28097,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi WR11 + product: Digi Passport family cves: cve-2021-4104: investigated: false @@ -28174,7 +28126,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi WR21 + product: Digi PortServer TS family cves: cve-2021-4104: investigated: false @@ -28203,7 +28155,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi WR31 + product: Digi Remote Manager cves: cve-2021-4104: investigated: false @@ -28232,7 +28184,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi WR44R/RR + product: Digi TX routers cves: cve-2021-4104: investigated: false @@ -28261,7 +28213,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi WR54 + product: Digi WR11 cves: cve-2021-4104: investigated: false @@ -28290,7 +28242,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi WR64 + product: Digi WR21 cves: cve-2021-4104: investigated: false @@ -28319,7 +28271,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi Xbee mobile app + product: Digi WR31 cves: cve-2021-4104: investigated: false @@ -28348,7 +28300,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Lighthouse + product: Digi WR44R/RR cves: cve-2021-4104: investigated: false @@ -28377,7 +28329,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Realport + product: Digi WR54 cves: cve-2021-4104: investigated: false @@ -28406,7 +28358,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Remote Hub Config Utility + product: Digi WR64 cves: cve-2021-4104: investigated: false @@ -28434,8 +28386,8 @@ software: references: - '' last_updated: '2021-12-21T00:00:00' - - vendor: Digicert - product: '' + - vendor: Digi International + product: Digi Xbee mobile app cves: cve-2021-4104: investigated: false @@ -28458,13 +28410,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://knowledge.digicert.com/alerts/digicert-log4j-response.html + - https://www.digi.com/resources/security notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Digital AI - product: '' + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: Lighthouse cves: cve-2021-4104: investigated: false @@ -28487,13 +28439,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.digital.ai/hc/en-us/articles/4412377686674-Log4J-Vulnerability-to-Zero-Day-Exploit-and-Digital-ai#overview-0-1 + - https://www.digi.com/resources/security notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Digital Alert Systems - product: All + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: Realport cves: cve-2021-4104: investigated: false @@ -28516,13 +28468,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digitalalertsystems.com/default-2.htm - notes: Formerly Monroe Electronics, Inc. + - https://www.digi.com/resources/security + notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: DNSFilter - product: '' + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: Remote Hub Config Utility cves: cve-2021-4104: investigated: false @@ -28545,12 +28497,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dnsfilter.com/blog/dnsfilter-response-to-log4j-vulnerability + - https://www.digi.com/resources/security notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Docker + last_updated: '2021-12-21T00:00:00' + - vendor: Digicert product: '' cves: cve-2021-4104: @@ -28574,12 +28526,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.docker.com/blog/apache-log4j-2-cve-2021-44228/ + - https://knowledge.digicert.com/alerts/digicert-log4j-response.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Docusign + - vendor: Digital AI product: '' cves: cve-2021-4104: @@ -28603,14 +28555,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.docusign.com/trust/alerts/alert-docusign-statement-on-the-log4j2-vulnerability + - https://support.digital.ai/hc/en-us/articles/4412377686674-Log4J-Vulnerability-to-Zero-Day-Exploit-and-Digital-ai#overview-0-1 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: DrayTek - product: Vigor Routers, Access Points, Switches, VigorACS Central Management Software, - MyVigor Platform + - vendor: Digital Alert Systems + product: All cves: cve-2021-4104: investigated: false @@ -28633,12 +28584,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.draytek.com/about/security-advisory/log4shell-vulnerability-(cve-2021-44228)/ - notes: '' + - https://www.digitalalertsystems.com/default-2.htm + notes: Formerly Monroe Electronics, Inc. references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: DSpace + last_updated: '2022-01-05T00:00:00' + - vendor: DNSFilter product: '' cves: cve-2021-4104: @@ -28662,13 +28613,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://groups.google.com/g/dspace-community/c/Fa4VdjiiNyE + - https://www.dnsfilter.com/blog/dnsfilter-response-to-log4j-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Dynatrace - product: ActiveGate + - vendor: Docker + product: '' cves: cve-2021-4104: investigated: false @@ -28691,13 +28642,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/ + - https://www.docker.com/blog/apache-log4j-2-cve-2021-44228/ notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Dynatrace - product: Dynatrace Extensions + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Docusign + product: '' cves: cve-2021-4104: investigated: false @@ -28720,13 +28671,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/ - notes: Please see Dynatrace Communication for details + - https://www.docusign.com/trust/alerts/alert-docusign-statement-on-the-log4j2-vulnerability + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Dynatrace - product: FedRamp SAAS + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: DrayTek + product: Vigor Routers, Access Points, Switches, VigorACS Central Management Software, + MyVigor Platform cves: cve-2021-4104: investigated: false @@ -28749,13 +28701,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/ + - https://www.draytek.com/about/security-advisory/log4shell-vulnerability-(cve-2021-44228)/ notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Dynatrace - product: Managed cluster nodes + last_updated: '2021-12-15T00:00:00' + - vendor: DSpace + product: '' cves: cve-2021-4104: investigated: false @@ -28778,13 +28730,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/ - notes: Please see Dynatrace Communication for details + - https://groups.google.com/g/dspace-community/c/Fa4VdjiiNyE + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Dynatrace - product: OneAgent + product: ActiveGate cves: cve-2021-4104: investigated: false @@ -28813,7 +28765,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Dynatrace - product: SAAS + product: Dynatrace Extensions cves: cve-2021-4104: investigated: false @@ -28837,12 +28789,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/ - notes: '' + notes: Please see Dynatrace Communication for details references: - '' last_updated: '2021-12-21T00:00:00' - vendor: Dynatrace - product: Synthetic Private ActiveGate + product: FedRamp SAAS cves: cve-2021-4104: investigated: false @@ -28866,12 +28818,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/ - notes: Please see Dynatrace Communication for details + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' - vendor: Dynatrace - product: Synthetic public locations + product: Managed cluster nodes cves: cve-2021-4104: investigated: false @@ -28895,12 +28847,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/ - notes: '' + notes: Please see Dynatrace Communication for details references: - '' last_updated: '2021-12-21T00:00:00' - - vendor: EasyRedmine - product: '' + - vendor: Dynatrace + product: OneAgent cves: cve-2021-4104: investigated: false @@ -28923,45 +28875,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.easyredmine.com/news/easy-redmine-application-is-not-affected-by-the-vulnerability-cve-2021-44228 + - https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Eaton - product: Undisclosed - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: - - Undisclosed - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/Eaton-Security-Bulletin%20log4j_CVE_2021_44228_v1.0_Legal-Approved.pdf - notes: Doesn't openly disclose what products are affected or not for quote 'security - purposes'. Needs email registration. No workaround provided due to registration - wall. - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: EclecticIQ - product: '' + last_updated: '2021-12-21T00:00:00' + - vendor: Dynatrace + product: SAAS cves: cve-2021-4104: investigated: false @@ -28984,13 +28904,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.eclecticiq.com/security-advisories/security-issues-and-mitigation-actions/eiq-2021-0016-2 + - https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Eclipse Foundation - product: '' + last_updated: '2021-12-21T00:00:00' + - vendor: Dynatrace + product: Synthetic Private ActiveGate cves: cve-2021-4104: investigated: false @@ -29013,13 +28933,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://wiki.eclipse.org/Eclipse_and_log4j2_vulnerability_(CVE-2021-44228) - notes: '' + - https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/ + notes: Please see Dynatrace Communication for details references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Edwards - product: '' + last_updated: '2021-12-21T00:00:00' + - vendor: Dynatrace + product: Synthetic public locations cves: cve-2021-4104: investigated: false @@ -29042,12 +28962,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.edwards.com/devices/support/product-security + - https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/ notes: '' references: - '' - last_updated: '2022-01-06T00:00:00' - - vendor: EFI + last_updated: '2021-12-21T00:00:00' + - vendor: EasyRedmine product: '' cves: cve-2021-4104: @@ -29071,13 +28991,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://communities.efi.com/s/article/Are-Fiery-Servers-vulnerable-to-CVE-2021-44228-Apache-Log4j2?language=en_US + - https://www.easyredmine.com/news/easy-redmine-application-is-not-affected-by-the-vulnerability-cve-2021-44228 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: EGroupware - product: '' + - vendor: Eaton + product: Undisclosed cves: cve-2021-4104: investigated: false @@ -29085,8 +29005,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - Undisclosed fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -29100,13 +29021,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.egroupware.org/t/uk-de-statement-log4j-log4shell/76430 - notes: '' + - https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/Eaton-Security-Bulletin%20log4j_CVE_2021_44228_v1.0_Legal-Approved.pdf + notes: Doesn't openly disclose what products are affected or not for quote 'security + purposes'. Needs email registration. No workaround provided due to registration + wall. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Elastic - product: APM Java Agent + - vendor: EclecticIQ + product: '' cves: cve-2021-4104: investigated: false @@ -29129,13 +29052,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 + - https://docs.eclecticiq.com/security-advisories/security-issues-and-mitigation-actions/eiq-2021-0016-2 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Elastic - product: APM Server + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Eclipse Foundation + product: '' cves: cve-2021-4104: investigated: false @@ -29158,13 +29081,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 + - https://wiki.eclipse.org/Eclipse_and_log4j2_vulnerability_(CVE-2021-44228) notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Elastic - product: Beats + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Edwards + product: '' cves: cve-2021-4104: investigated: false @@ -29187,13 +29110,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 + - https://www.edwards.com/devices/support/product-security notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Elastic - product: Cmd + last_updated: '2022-01-06T00:00:00' + - vendor: EFI + product: '' cves: cve-2021-4104: investigated: false @@ -29216,13 +29139,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 + - https://communities.efi.com/s/article/Are-Fiery-Servers-vulnerable-to-CVE-2021-44228-Apache-Log4j2?language=en_US notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Elastic - product: Elastic Agent + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: EGroupware + product: '' cves: cve-2021-4104: investigated: false @@ -29245,13 +29168,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 + - https://help.egroupware.org/t/uk-de-statement-log4j-log4shell/76430 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Elastic - product: Elastic Cloud + product: APM Java Agent cves: cve-2021-4104: investigated: false @@ -29280,7 +29203,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Elastic - product: Elastic Cloud Enterprise + product: APM Server cves: cve-2021-4104: investigated: false @@ -29309,7 +29232,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Elastic - product: Elastic Cloud Enterprise + product: Beats cves: cve-2021-4104: investigated: false @@ -29338,7 +29261,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Elastic - product: Elastic Cloud on Kubernetes + product: Cmd cves: cve-2021-4104: investigated: false @@ -29367,7 +29290,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Elastic - product: Elastic Endgame + product: Elastic Agent cves: cve-2021-4104: investigated: false @@ -29396,7 +29319,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Elastic - product: Elastic Maps Service + product: Elastic Cloud cves: cve-2021-4104: investigated: false @@ -29425,7 +29348,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Elastic - product: Elasticsearch + product: Elastic Cloud Enterprise cves: cve-2021-4104: investigated: false @@ -29433,11 +29356,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - '5' - - '6' - - '8' + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -29457,7 +29377,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Elastic - product: Endpoint Security + product: Elastic Cloud Enterprise cves: cve-2021-4104: investigated: false @@ -29486,7 +29406,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Elastic - product: Enterprise Search + product: Elastic Cloud on Kubernetes cves: cve-2021-4104: investigated: false @@ -29515,7 +29435,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Elastic - product: Fleet Server + product: Elastic Endgame cves: cve-2021-4104: investigated: false @@ -29544,7 +29464,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Elastic - product: Kibana + product: Elastic Maps Service cves: cve-2021-4104: investigated: false @@ -29573,7 +29493,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Elastic - product: Logstash + product: Elasticsearch cves: cve-2021-4104: investigated: false @@ -29583,8 +29503,9 @@ software: cve-2021-44228: investigated: true affected_versions: - - <6.8.21 - - <7.16.1 + - '5' + - '6' + - '8' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -29604,7 +29525,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Elastic - product: Machine Learning + product: Endpoint Security cves: cve-2021-4104: investigated: false @@ -29633,7 +29554,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Elastic - product: Swiftype + product: Enterprise Search cves: cve-2021-4104: investigated: false @@ -29661,8 +29582,8 @@ software: references: - '' last_updated: '2021-12-15T00:00:00' - - vendor: ElasticSearch - product: all products + - vendor: Elastic + product: Fleet Server cves: cve-2021-4104: investigated: false @@ -29684,13 +29605,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Ellucian - product: Admin + last_updated: '2021-12-15T00:00:00' + - vendor: Elastic + product: Kibana cves: cve-2021-4104: investigated: false @@ -29713,13 +29635,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Ellucian - product: Banner Analytics + last_updated: '2021-12-15T00:00:00' + - vendor: Elastic + product: Logstash cves: cve-2021-4104: investigated: false @@ -29727,8 +29649,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - <6.8.21 + - <7.16.1 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -29742,13 +29666,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Ellucian - product: Banner Document Management (includes Banner Document Retention) + last_updated: '2021-12-15T00:00:00' + - vendor: Elastic + product: Machine Learning cves: cve-2021-4104: investigated: false @@ -29771,13 +29695,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Ellucian - product: Banner Event Publisher + last_updated: '2021-12-15T00:00:00' + - vendor: Elastic + product: Swiftype cves: cve-2021-4104: investigated: false @@ -29800,13 +29724,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Ellucian - product: Banner Integration for eLearning + last_updated: '2021-12-15T00:00:00' + - vendor: ElasticSearch + product: all products cves: cve-2021-4104: investigated: false @@ -29828,14 +29752,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + vendor_links: [] notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Ellucian - product: Banner Integration for eProcurement + product: Admin cves: cve-2021-4104: investigated: false @@ -29864,7 +29787,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Banner Self Service + product: Banner Analytics cves: cve-2021-4104: investigated: false @@ -29893,7 +29816,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Banner Workflow + product: Banner Document Management (includes Banner Document Retention) cves: cve-2021-4104: investigated: false @@ -29922,7 +29845,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Colleague + product: Banner Event Publisher cves: cve-2021-4104: investigated: false @@ -29946,12 +29869,12 @@ software: unaffected_versions: [] vendor_links: - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue - notes: On-prem and cloud deployements expect fixed 12/18/2021 + notes: '' references: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Colleague Analytics + product: Banner Integration for eLearning cves: cve-2021-4104: investigated: false @@ -29980,7 +29903,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: CRM Advance + product: Banner Integration for eProcurement cves: cve-2021-4104: investigated: false @@ -30009,7 +29932,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: CRM Advise + product: Banner Self Service cves: cve-2021-4104: investigated: false @@ -30038,7 +29961,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: CRM Recruit + product: Banner Workflow cves: cve-2021-4104: investigated: false @@ -30067,7 +29990,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian Advance Web Connector + product: Colleague cves: cve-2021-4104: investigated: false @@ -30091,12 +30014,12 @@ software: unaffected_versions: [] vendor_links: - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue - notes: '' + notes: On-prem and cloud deployements expect fixed 12/18/2021 references: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian Data Access + product: Colleague Analytics cves: cve-2021-4104: investigated: false @@ -30125,7 +30048,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian Design Path + product: CRM Advance cves: cve-2021-4104: investigated: false @@ -30154,7 +30077,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian Ellucian Portal + product: CRM Advise cves: cve-2021-4104: investigated: false @@ -30183,7 +30106,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian ePrint + product: CRM Recruit cves: cve-2021-4104: investigated: false @@ -30212,7 +30135,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian Ethos API & API Management Center + product: Ellucian Advance Web Connector cves: cve-2021-4104: investigated: false @@ -30241,7 +30164,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian Ethos Extend + product: Ellucian Data Access cves: cve-2021-4104: investigated: false @@ -30270,7 +30193,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian Ethos Integration + product: Ellucian Design Path cves: cve-2021-4104: investigated: false @@ -30299,7 +30222,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian eTranscripts + product: Ellucian Ellucian Portal cves: cve-2021-4104: investigated: false @@ -30328,7 +30251,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian Experience + product: Ellucian ePrint cves: cve-2021-4104: investigated: false @@ -30357,7 +30280,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian Intelligent Platform (ILP) + product: Ellucian Ethos API & API Management Center cves: cve-2021-4104: investigated: false @@ -30386,7 +30309,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian International Student and Scholar Management (ISSM) + product: Ellucian Ethos Extend cves: cve-2021-4104: investigated: false @@ -30415,7 +30338,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian Message Service (EMS) + product: Ellucian Ethos Integration cves: cve-2021-4104: investigated: false @@ -30444,7 +30367,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian Messaging Adapter (EMA) + product: Ellucian eTranscripts cves: cve-2021-4104: investigated: false @@ -30473,7 +30396,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian Mobile + product: Ellucian Experience cves: cve-2021-4104: investigated: false @@ -30502,7 +30425,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian Payment Gateway + product: Ellucian Intelligent Platform (ILP) cves: cve-2021-4104: investigated: false @@ -30531,7 +30454,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian PowerCampus + product: Ellucian International Student and Scholar Management (ISSM) cves: cve-2021-4104: investigated: false @@ -30560,7 +30483,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian Solution Manager + product: Ellucian Message Service (EMS) cves: cve-2021-4104: investigated: false @@ -30589,7 +30512,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian Workflow + product: Ellucian Messaging Adapter (EMA) cves: cve-2021-4104: investigated: false @@ -30618,7 +30541,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Enterprise Identity Services(BEIS) + product: Ellucian Mobile cves: cve-2021-4104: investigated: false @@ -30646,8 +30569,8 @@ software: references: - '' last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: 148 Temperature Transmitter + - vendor: Ellucian + product: Ellucian Payment Gateway cves: cve-2021-4104: investigated: false @@ -30670,13 +30593,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue notes: '' references: - '' last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: 2051 Pressure Transmitter Family + - vendor: Ellucian + product: Ellucian PowerCampus cves: cve-2021-4104: investigated: false @@ -30699,13 +30622,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue notes: '' references: - '' last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: 2088 Pressure Transmitter Family + - vendor: Ellucian + product: Ellucian Solution Manager cves: cve-2021-4104: investigated: false @@ -30728,13 +30651,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue notes: '' references: - '' last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: 2090F/2090P Pressure Transmitters + - vendor: Ellucian + product: Ellucian Workflow cves: cve-2021-4104: investigated: false @@ -30757,13 +30680,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue notes: '' references: - '' last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: 215 Pressure Sensor Module + - vendor: Ellucian + product: Enterprise Identity Services(BEIS) cves: cve-2021-4104: investigated: false @@ -30786,13 +30709,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue notes: '' references: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 248 Configuration Application + product: 148 Temperature Transmitter cves: cve-2021-4104: investigated: false @@ -30821,7 +30744,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 248 Temperature Transmitter + product: 2051 Pressure Transmitter Family cves: cve-2021-4104: investigated: false @@ -30850,7 +30773,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 3051 & 3051S Pressure transmitter families + product: 2088 Pressure Transmitter Family cves: cve-2021-4104: investigated: false @@ -30879,7 +30802,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 3144P Temperature Transmitter + product: 2090F/2090P Pressure Transmitters cves: cve-2021-4104: investigated: false @@ -30908,7 +30831,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 326P Pressure Transmitter + product: 215 Pressure Sensor Module cves: cve-2021-4104: investigated: false @@ -30937,7 +30860,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 326T Temperature Transmitter + product: 248 Configuration Application cves: cve-2021-4104: investigated: false @@ -30966,7 +30889,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 327T Temperature Transmitter + product: 248 Temperature Transmitter cves: cve-2021-4104: investigated: false @@ -30995,7 +30918,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 4088 Pressure Transmitter + product: 3051 & 3051S Pressure transmitter families cves: cve-2021-4104: investigated: false @@ -31024,7 +30947,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 4088 Upgrade Utility + product: 3144P Temperature Transmitter cves: cve-2021-4104: investigated: false @@ -31053,7 +30976,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 4600 Pressure Transmitter + product: 326P Pressure Transmitter cves: cve-2021-4104: investigated: false @@ -31082,7 +31005,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 4732 Endeavor + product: 326T Temperature Transmitter cves: cve-2021-4104: investigated: false @@ -31111,7 +31034,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 4732 Endeavor + product: 327T Temperature Transmitter cves: cve-2021-4104: investigated: false @@ -31140,7 +31063,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 550 PT Pressure Transmitter + product: 4088 Pressure Transmitter cves: cve-2021-4104: investigated: false @@ -31169,7 +31092,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 5726 Transmitter + product: 4088 Upgrade Utility cves: cve-2021-4104: investigated: false @@ -31198,7 +31121,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 5726 Transmitter + product: 4600 Pressure Transmitter cves: cve-2021-4104: investigated: false @@ -31227,7 +31150,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 644 Temperature Transmitter + product: 4732 Endeavor cves: cve-2021-4104: investigated: false @@ -31256,7 +31179,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 648 Temperature Transmitter + product: 4732 Endeavor cves: cve-2021-4104: investigated: false @@ -31285,7 +31208,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 848T Temperature Transmitter + product: 550 PT Pressure Transmitter cves: cve-2021-4104: investigated: false @@ -31314,7 +31237,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 'Combustion: OCX OXT 6888 CX1100 6888Xi' + product: 5726 Transmitter cves: cve-2021-4104: investigated: false @@ -31343,7 +31266,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: CT2211 QCL Aerosol Microleak Detection System + product: 5726 Transmitter cves: cve-2021-4104: investigated: false @@ -31372,7 +31295,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: CT3000 QCL Automotive OEM Gas Analyzer + product: 644 Temperature Transmitter cves: cve-2021-4104: investigated: false @@ -31401,7 +31324,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: CT4000 QCL Marine OEM Gas Analyzer + product: 648 Temperature Transmitter cves: cve-2021-4104: investigated: false @@ -31430,7 +31353,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: CT4215 QCL Packaging Leak Detection System + product: 848T Temperature Transmitter cves: cve-2021-4104: investigated: false @@ -31459,7 +31382,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: CT4400 QCL General Purpose Continuous Gas Analyzer + product: 'Combustion: OCX OXT 6888 CX1100 6888Xi' cves: cve-2021-4104: investigated: false @@ -31488,7 +31411,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: CT4404 QCL pMDI Leak Detection Analyzer + product: CT2211 QCL Aerosol Microleak Detection System cves: cve-2021-4104: investigated: false @@ -31517,7 +31440,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: CT5100 QCL Field Housing Continuous Gas Analyzer + product: CT3000 QCL Automotive OEM Gas Analyzer cves: cve-2021-4104: investigated: false @@ -31546,7 +31469,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: CT5400 QCL General Purpose Continuous Gas Analyzer + product: CT4000 QCL Marine OEM Gas Analyzer cves: cve-2021-4104: investigated: false @@ -31575,7 +31498,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: CT5800 QCL Flameproof Housing Continuous Gas Analyzer + product: CT4215 QCL Packaging Leak Detection System cves: cve-2021-4104: investigated: false @@ -31604,7 +31527,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: DHNC1 DHNC2 + product: CT4400 QCL General Purpose Continuous Gas Analyzer cves: cve-2021-4104: investigated: false @@ -31633,7 +31556,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: DHNC1 DHNC2 + product: CT4404 QCL pMDI Leak Detection Analyzer cves: cve-2021-4104: investigated: false @@ -31662,7 +31585,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Emerson Aperio software + product: CT5100 QCL Field Housing Continuous Gas Analyzer cves: cve-2021-4104: investigated: false @@ -31691,7 +31614,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Engineering Assistant 5.x & 6.x + product: CT5400 QCL General Purpose Continuous Gas Analyzer cves: cve-2021-4104: investigated: false @@ -31720,7 +31643,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Fieldwatch and Service consoles + product: CT5800 QCL Flameproof Housing Continuous Gas Analyzer cves: cve-2021-4104: investigated: false @@ -31749,7 +31672,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Fieldwatch and Service consoles + product: DHNC1 DHNC2 cves: cve-2021-4104: investigated: false @@ -31778,8 +31701,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 'Flame Detection: 975UF & 975UR Infrared Flame Detectors 975HR Infrared - Hydrogen Flame Detector 975MR Multi-Spectrum Infrared Flame Detector' + product: DHNC1 DHNC2 cves: cve-2021-4104: investigated: false @@ -31808,7 +31730,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Flarecheck FlowCheck Flowel & PWAM software + product: Emerson Aperio software cves: cve-2021-4104: investigated: false @@ -31837,7 +31759,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Flarecheck FlowCheck Flowel & PWAM software + product: Engineering Assistant 5.x & 6.x cves: cve-2021-4104: investigated: false @@ -31866,7 +31788,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 'Gas Analysis: X-STREAM Enhanced (XEGP XEGK XEGC XEGF XEFD XECLD)' + product: Fieldwatch and Service consoles cves: cve-2021-4104: investigated: false @@ -31895,7 +31817,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 'Gas Analysis: X-STREAM Enhanced (XEGP XEGK XEGC XEGF XEFD XECLD)' + product: Fieldwatch and Service consoles cves: cve-2021-4104: investigated: false @@ -31924,7 +31846,8 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 'Gas Chromatographs: M500/2350A MON2000 700XA/1500XA 370XA MON2020' + product: 'Flame Detection: 975UF & 975UR Infrared Flame Detectors 975HR Infrared + Hydrogen Flame Detector 975MR Multi-Spectrum Infrared Flame Detector' cves: cve-2021-4104: investigated: false @@ -31953,7 +31876,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 'Gas Chromatographs: M500/2350A MON2000 700XA/1500XA 370XA MON2020' + product: Flarecheck FlowCheck Flowel & PWAM software cves: cve-2021-4104: investigated: false @@ -31982,9 +31905,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 'Gas Detection: Millennium II Basic Single & Dual Channel 928 Wireless - Gas Monitor/628 Gas Sensor 935 & 936 Open Path Gas Detector Millennium Air Particle - Monitor' + product: Flarecheck FlowCheck Flowel & PWAM software cves: cve-2021-4104: investigated: false @@ -32013,9 +31934,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 'Gas Detection: Millennium II Basic Single & Dual Channel 928 Wireless - Gas Monitor/628 Gas Sensor 935 & 936 Open Path Gas Detector Millennium Air Particle - Monitor' + product: 'Gas Analysis: X-STREAM Enhanced (XEGP XEGK XEGC XEGF XEFD XECLD)' cves: cve-2021-4104: investigated: false @@ -32044,7 +31963,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Incus Ultrasonic gas leak detector + product: 'Gas Analysis: X-STREAM Enhanced (XEGP XEGK XEGC XEGF XEFD XECLD)' cves: cve-2021-4104: investigated: false @@ -32073,7 +31992,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: K-Series Coriolis Transmitters + product: 'Gas Chromatographs: M500/2350A MON2000 700XA/1500XA 370XA MON2020' cves: cve-2021-4104: investigated: false @@ -32102,7 +32021,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: K-Series Coriolis Transmitters + product: 'Gas Chromatographs: M500/2350A MON2000 700XA/1500XA 370XA MON2020' cves: cve-2021-4104: investigated: false @@ -32131,7 +32050,9 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 'Liquid Transmitters: 5081 1066 1056 1057 56' + product: 'Gas Detection: Millennium II Basic Single & Dual Channel 928 Wireless + Gas Monitor/628 Gas Sensor 935 & 936 Open Path Gas Detector Millennium Air Particle + Monitor' cves: cve-2021-4104: investigated: false @@ -32160,7 +32081,9 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Mark III Gas and Liquid USM + product: 'Gas Detection: Millennium II Basic Single & Dual Channel 928 Wireless + Gas Monitor/628 Gas Sensor 935 & 936 Open Path Gas Detector Millennium Air Particle + Monitor' cves: cve-2021-4104: investigated: false @@ -32189,7 +32112,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Mark III Gas and Liquid USM + product: Incus Ultrasonic gas leak detector cves: cve-2021-4104: investigated: false @@ -32218,7 +32141,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: MPFM2600 & MPFM5726 + product: K-Series Coriolis Transmitters cves: cve-2021-4104: investigated: false @@ -32247,7 +32170,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: MPFM2600 & MPFM5726 + product: K-Series Coriolis Transmitters cves: cve-2021-4104: investigated: false @@ -32276,7 +32199,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Plantweb Advisor for Metrology and Metering Suite SDK + product: 'Liquid Transmitters: 5081 1066 1056 1057 56' cves: cve-2021-4104: investigated: false @@ -32305,7 +32228,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Plantweb Advisor for Metrology and Metering Suite SDK + product: Mark III Gas and Liquid USM cves: cve-2021-4104: investigated: false @@ -32334,7 +32257,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Prolink Configuration Software + product: Mark III Gas and Liquid USM cves: cve-2021-4104: investigated: false @@ -32363,7 +32286,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Prolink Configuration Software + product: MPFM2600 & MPFM5726 cves: cve-2021-4104: investigated: false @@ -32392,7 +32315,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Prolink Mobile Application & ProcessViz Software + product: MPFM2600 & MPFM5726 cves: cve-2021-4104: investigated: false @@ -32421,7 +32344,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Prolink Mobile Application & ProcessViz Software + product: Plantweb Advisor for Metrology and Metering Suite SDK cves: cve-2021-4104: investigated: false @@ -32450,7 +32373,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Rosemount 2230 Graphical Field Display + product: Plantweb Advisor for Metrology and Metering Suite SDK cves: cve-2021-4104: investigated: false @@ -32479,7 +32402,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Rosemount 2240S Multi-input Temperature Transmitter + product: Prolink Configuration Software cves: cve-2021-4104: investigated: false @@ -32508,7 +32431,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Rosemount 2410 Tank Hub + product: Prolink Configuration Software cves: cve-2021-4104: investigated: false @@ -32537,7 +32460,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Rosemount 2460 System Hub + product: Prolink Mobile Application & ProcessViz Software cves: cve-2021-4104: investigated: false @@ -32566,7 +32489,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Rosemount 3490 Controller + product: Prolink Mobile Application & ProcessViz Software cves: cve-2021-4104: investigated: false @@ -32595,7 +32518,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Rosemount CMS/IOU 61 + product: Rosemount 2230 Graphical Field Display cves: cve-2021-4104: investigated: false @@ -32624,7 +32547,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Rosemount CMS/SCU 51/SCC + product: Rosemount 2240S Multi-input Temperature Transmitter cves: cve-2021-4104: investigated: false @@ -32653,7 +32576,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Rosemount CMS/WSU 51/SWF 51 + product: Rosemount 2410 Tank Hub cves: cve-2021-4104: investigated: false @@ -32682,7 +32605,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Rosemount IO-Link Assistant + product: Rosemount 2460 System Hub cves: cve-2021-4104: investigated: false @@ -32711,7 +32634,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Rosemount Level Detectors (21xx) + product: Rosemount 3490 Controller cves: cve-2021-4104: investigated: false @@ -32740,7 +32663,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Rosemount Level Transmitters (14xx 33xx 53xx 54xx 56xx) + product: Rosemount CMS/IOU 61 cves: cve-2021-4104: investigated: false @@ -32769,7 +32692,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Rosemount Radar Configuration Tool + product: Rosemount CMS/SCU 51/SCC cves: cve-2021-4104: investigated: false @@ -32798,7 +32721,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Rosemount Radar Level Gauges (Pro 39xx 59xx) + product: Rosemount CMS/WSU 51/SWF 51 cves: cve-2021-4104: investigated: false @@ -32827,7 +32750,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Rosemount RadarMaster and RadarMaster Plus + product: Rosemount IO-Link Assistant cves: cve-2021-4104: investigated: false @@ -32856,7 +32779,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Rosemount Tank Radar Gauges (TGUxx) + product: Rosemount Level Detectors (21xx) cves: cve-2021-4104: investigated: false @@ -32885,7 +32808,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Rosemount TankMaster and TankMaster Mobile + product: Rosemount Level Transmitters (14xx 33xx 53xx 54xx 56xx) cves: cve-2021-4104: investigated: false @@ -32914,7 +32837,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Spectrex family Flame Detectors and Rosemount 975 flame detector + product: Rosemount Radar Configuration Tool cves: cve-2021-4104: investigated: false @@ -32943,7 +32866,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: USM 3410 and 3810 Series Ultrasonic Transmitters + product: Rosemount Radar Level Gauges (Pro 39xx 59xx) cves: cve-2021-4104: investigated: false @@ -32972,7 +32895,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: USM 3410 and 3810 Series Ultrasonic Transmitters + product: Rosemount RadarMaster and RadarMaster Plus cves: cve-2021-4104: investigated: false @@ -33001,7 +32924,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Vortex and Magmeter Transmitters + product: Rosemount Tank Radar Gauges (TGUxx) cves: cve-2021-4104: investigated: false @@ -33030,7 +32953,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Vortex and Magmeter Transmitters + product: Rosemount TankMaster and TankMaster Mobile cves: cve-2021-4104: investigated: false @@ -33059,7 +32982,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: WCM SWGM + product: Spectrex family Flame Detectors and Rosemount 975 flame detector cves: cve-2021-4104: investigated: false @@ -33088,7 +33011,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: WCM SWGM + product: USM 3410 and 3810 Series Ultrasonic Transmitters cves: cve-2021-4104: investigated: false @@ -33116,8 +33039,8 @@ software: references: - '' last_updated: '2021-12-17T00:00:00' - - vendor: EnterpriseDT - product: '' + - vendor: Emerson + product: USM 3410 and 3810 Series Ultrasonic Transmitters cves: cve-2021-4104: investigated: false @@ -33140,13 +33063,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://enterprisedt.com/blogs/announcements/enterprisedt-does-not-use-log4j/ + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: ESET - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: Vortex and Magmeter Transmitters cves: cve-2021-4104: investigated: false @@ -33169,44 +33092,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.eset.com/en/alert8188-information-regarding-the-log4j2-vulnerability + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: ESRI - product: ArcGIS Data Store - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - All - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2021-44228-aka-log4shell-aka-logjam/ - notes: Requires script remediation. ESRI has created scripts to remove the JndiLookup - class, but has not issued patches to upgrade the Log4j versions references: - '' last_updated: '2021-12-17T00:00:00' - - vendor: ESRI - product: ArcGIS Enterprise + - vendor: Emerson + product: Vortex and Magmeter Transmitters cves: cve-2021-4104: investigated: false @@ -33214,42 +33106,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - All - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2021-44228-aka-log4shell-aka-logjam/ - notes: Requires script remediation. ESRI has created scripts to remove the JndiLookup - class, but has not issued patches to upgrade the Log4j versions - references: - - '' - last_updated: '2021-12-17T00:00:00' - - vendor: ESRI - product: ArcGIS GeoEvent Server - cves: - cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - All - unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -33261,45 +33121,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2021-44228-aka-log4shell-aka-logjam/ - notes: Requires script remediation. ESRI has created scripts to remove the JndiLookup - class, but has not issued patches to upgrade the Log4j versions - references: - - '' - last_updated: '2021-12-17T00:00:00' - - vendor: ESRI - product: ArcGIS Server - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - All - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2021-44228-aka-log4shell-aka-logjam/ - notes: Requires script remediation. ESRI has created scripts to remove the JndiLookup - class, but has not issued patches to upgrade the Log4j versions + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + notes: '' references: - '' last_updated: '2021-12-17T00:00:00' - - vendor: ESRI - product: ArcGIS Workflow Manager Server + - vendor: Emerson + product: WCM SWGM cves: cve-2021-4104: investigated: false @@ -33307,42 +33135,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - All - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2021-44228-aka-log4shell-aka-logjam/ - notes: Requires script remediation. ESRI has created scripts to remove the JndiLookup - class, but has not issued patches to upgrade the Log4j versions - references: - - '' - last_updated: '2021-12-17T00:00:00' - - vendor: ESRI - product: Portal for ArcGIS - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - All - unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -33354,14 +33150,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2021-44228-aka-log4shell-aka-logjam/ - notes: Requires script remediation. ESRI has created scripts to remove the JndiLookup - class, but has not issued patches to upgrade the Log4j versions + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + notes: '' references: - '' last_updated: '2021-12-17T00:00:00' - - vendor: Estos - product: '' + - vendor: Emerson + product: WCM SWGM cves: cve-2021-4104: investigated: false @@ -33384,12 +33179,285 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.estos.de/de/sicherheitshinweise/estos-von-kritischer-schwachstelle-in-log4j-cve-2021-44228-nicht-betroffen + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Evolveum Midpoint + last_updated: '2021-12-17T00:00:00' + - vendor: EnterpriseDT + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://enterprisedt.com/blogs/announcements/enterprisedt-does-not-use-log4j/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: ESET + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.eset.com/en/alert8188-information-regarding-the-log4j2-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: ESRI + product: ArcGIS Data Store + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - All + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2021-44228-aka-log4shell-aka-logjam/ + notes: Requires script remediation. ESRI has created scripts to remove the JndiLookup + class, but has not issued patches to upgrade the Log4j versions + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: ESRI + product: ArcGIS Enterprise + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - All + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2021-44228-aka-log4shell-aka-logjam/ + notes: Requires script remediation. ESRI has created scripts to remove the JndiLookup + class, but has not issued patches to upgrade the Log4j versions + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: ESRI + product: ArcGIS GeoEvent Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - All + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2021-44228-aka-log4shell-aka-logjam/ + notes: Requires script remediation. ESRI has created scripts to remove the JndiLookup + class, but has not issued patches to upgrade the Log4j versions + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: ESRI + product: ArcGIS Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - All + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2021-44228-aka-log4shell-aka-logjam/ + notes: Requires script remediation. ESRI has created scripts to remove the JndiLookup + class, but has not issued patches to upgrade the Log4j versions + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: ESRI + product: ArcGIS Workflow Manager Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - All + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2021-44228-aka-log4shell-aka-logjam/ + notes: Requires script remediation. ESRI has created scripts to remove the JndiLookup + class, but has not issued patches to upgrade the Log4j versions + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: ESRI + product: Portal for ArcGIS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - All + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2021-44228-aka-log4shell-aka-logjam/ + notes: Requires script remediation. ESRI has created scripts to remove the JndiLookup + class, but has not issued patches to upgrade the Log4j versions + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Estos + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.estos.de/de/sicherheitshinweise/estos-von-kritischer-schwachstelle-in-log4j-cve-2021-44228-nicht-betroffen + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Evolveum Midpoint product: '' cves: cve-2021-4104: @@ -35683,6 +35751,248 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fuji Electric + product: MONITOUCH TS1000 series + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' + - vendor: Fuji Electric + product: MONITOUCH TS1000S series + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' + - vendor: Fuji Electric + product: MONITOUCH TS2000 series + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' + - vendor: Fuji Electric + product: MONITOUCH V8 series + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' + - vendor: Fuji Electric + product: MONITOUCH V9 series + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' + - vendor: Fuji Electric + product: MONITOUCH X1 series + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' + - vendor: Fuji Electric + product: TELLUS and V-Server + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - Version 3 + - Version 4 + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' + - vendor: Fuji Electric + product: V-SFT + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - Version 5 + - Version 6 + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' - vendor: Fujitsu product: '' cves: @@ -58542,7 +58852,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: K15t - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -58571,7 +58881,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: K6 - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -58599,8 +58909,68 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Kaltura + product: Blackboard Learn SaaS in the classic Learn experience + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - v3900.28.x + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://knowledge.kaltura.com/help/blackboard-learn-release-notes#blackboard-learn-december-2021-release-notes-v5412 + notes: '' + references: + - '' + last_updated: '2021-12-23T07:18:50+00:00' + - vendor: Kaltura + product: Blackboard Learn Self- and Managed-Hosting + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - v3900.26.x + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://knowledge.kaltura.com/help/blackboard-learn-release-notes#blackboard-learn-december-2021-release-notes-v5412 + notes: '' + references: + - '' + last_updated: '2021-12-23T07:18:50+00:00' - vendor: Karakun - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -58629,7 +58999,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Kaseya - product: '' + product: AuthAnvil cves: cve-2021-4104: investigated: false @@ -58637,10 +59007,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: BMS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -58656,9 +59057,339 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Keeper Security - product: '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: ID Agent DarkWeb ID and BullPhish ID + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: IT Glue + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: MyGlue + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: Network Glue + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: Passly + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: RocketCyber + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: Spannign Salesforce Backup + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: Spanning O365 Backup + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: Unitrends + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: Vorex + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: VSA SaaS and VSA On-Premises + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: KeePass + product: All cves: cve-2021-4104: investigated: false @@ -58666,10 +59397,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + vendor_links: + - https://sourceforge.net/p/keepass/discussion/329220/thread/4643c5ec4f/?limit=250 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Keeper + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -58686,8 +59448,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: KEMP - product: '' + - vendor: Kemp + product: All cves: cve-2021-4104: investigated: false @@ -58712,11 +59474,41 @@ software: vendor_links: - https://support.kemptechnologies.com/hc/en-us/articles/4416430695437-CVE-2021-44228-Log4j2-Exploit notes: '' + references: + - '[Additional Link](https://support.kemptechnologies.com/hc/en-us/articles/4416473820045-Progress-Kemp-LoadMaster-protects-from-security-vulnerability-Apache-Log4j-2-CVE-2021-44228-)' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Keycloak + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://github.com/keycloak/keycloak/discussions/9078 + notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: KEMP 2 - product: '' + - vendor: Kofax + product: Capture cves: cve-2021-4104: investigated: false @@ -58724,10 +59516,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + vendor_links: + - https://knowledge.kofax.com/Capture/Kofax_Capture/Reference/Log4J_Vulnerability_CVE-2021-44228_Does_Not_Affect_Kofax_Capture + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Kofax + product: Communication Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 5.3 - 5.5 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -58739,13 +59562,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.kemptechnologies.com/hc/en-us/articles/4416473820045-Progress-Kemp-LoadMaster-protects-from-security-vulnerability-Apache-Log4j-2-CVE-2021-44228- + - https://knowledge.kofax.com/Communications_Manager/Troubleshooting/log4j_vulnerability_in_Kofax_Communications_Manager notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Kofax - product: '' + product: Robot File System (RFS) cves: cve-2021-4104: investigated: false @@ -58753,10 +59576,42 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>=10.7' + unaffected_versions: [] + cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://knowledge.kofax.com/Robotic_Process_Automation/Troubleshooting + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Kofax + product: Robotic Process Automation (RPA) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '11.1' + - '11.2' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -58768,13 +59623,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://knowledge.kofax.com/MFD_Productivity/SafeCom/Product_Information/SafeCom_and_Log4j_vulnerability_(CVE-2021-44228) + - https://knowledge.kofax.com/Robotic_Process_Automation/Troubleshooting notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Konica Minolta - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -58803,7 +59658,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Kronos UKG - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -58832,7 +59687,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Kyberna - product: '' + product: All cves: cve-2021-4104: investigated: false diff --git a/data/cisagov_C.yml b/data/cisagov_C.yml index d53c7de..ab59ef7 100644 --- a/data/cisagov_C.yml +++ b/data/cisagov_C.yml @@ -121,7 +121,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Canon - product: VL Alphenix Angio Workstation (AWS) + product: Canon DR Products CXDI_NE) cves: cve-2021-4104: investigated: false @@ -130,10 +130,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 'All' + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -146,7 +146,7 @@ software: unaffected_versions: [] vendor_links: - https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability - notes: '' + notes: Such as Omnera, FlexPro, Soltus references: - '' last_updated: '2022-02-02T00:00:00' @@ -163,7 +163,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -181,7 +181,7 @@ software: - '' last_updated: '2022-02-02T00:00:00' - vendor: Canon - product: VL Infinix-i Angio Workstation (AWS) + product: Eye-Care Products cves: cve-2021-4104: investigated: false @@ -193,7 +193,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -223,7 +223,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -253,7 +253,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -283,7 +283,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -311,7 +311,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 'All' + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -331,7 +331,7 @@ software: - '' last_updated: '2022-02-02T00:00:00' - vendor: Canon - product: XR Medical Imaging Products + product: VL Alphenix Angio Workstation (AWS) cves: cve-2021-4104: investigated: false @@ -340,10 +340,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - All fixed_versions: [] - unaffected_versions: - - 'All' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -361,7 +361,7 @@ software: - '' last_updated: '2022-02-02T00:00:00' - vendor: Canon - product: Eye-Care Products + product: VL Infinix-i Angio Workstation (AWS) cves: cve-2021-4104: investigated: false @@ -373,7 +373,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -391,7 +391,7 @@ software: - '' last_updated: '2022-02-02T00:00:00' - vendor: Canon - product: Canon DR Products CXDI_NE) + product: XR Medical Imaging Products cves: cve-2021-4104: investigated: false @@ -403,7 +403,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -416,7 +416,7 @@ software: unaffected_versions: [] vendor_links: - https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability - notes: Such as Omnera, FlexPro, Soltus + notes: '' references: - '' last_updated: '2022-02-02T00:00:00' diff --git a/data/cisagov_F.yml b/data/cisagov_F.yml index c615dad..adcaaab 100644 --- a/data/cisagov_F.yml +++ b/data/cisagov_F.yml @@ -2034,7 +2034,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fuji Electric - product: MONITOUCH X1 series + product: MONITOUCH TS1000 series cves: cve-2021-4104: investigated: '' @@ -2046,7 +2046,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -2064,7 +2064,7 @@ software: - '' last_updated: '2022-02-02T00:00:00' - vendor: Fuji Electric - product: MONITOUCH V9 series + product: MONITOUCH TS1000S series cves: cve-2021-4104: investigated: '' @@ -2076,7 +2076,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -2094,7 +2094,7 @@ software: - '' last_updated: '2022-02-02T00:00:00' - vendor: Fuji Electric - product: MONITOUCH TS1000S series + product: MONITOUCH TS2000 series cves: cve-2021-4104: investigated: '' @@ -2106,7 +2106,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -2124,7 +2124,7 @@ software: - '' last_updated: '2022-02-02T00:00:00' - vendor: Fuji Electric - product: MONITOUCH TS2000 series + product: MONITOUCH V8 series cves: cve-2021-4104: investigated: '' @@ -2136,7 +2136,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -2154,7 +2154,7 @@ software: - '' last_updated: '2022-02-02T00:00:00' - vendor: Fuji Electric - product: MONITOUCH V8 series + product: MONITOUCH V9 series cves: cve-2021-4104: investigated: '' @@ -2166,7 +2166,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -2184,7 +2184,7 @@ software: - '' last_updated: '2022-02-02T00:00:00' - vendor: Fuji Electric - product: MONITOUCH TS1000 series + product: MONITOUCH X1 series cves: cve-2021-4104: investigated: '' @@ -2196,7 +2196,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -2214,7 +2214,7 @@ software: - '' last_updated: '2022-02-02T00:00:00' - vendor: Fuji Electric - product: V-SFT + product: TELLUS and V-Server cves: cve-2021-4104: investigated: '' @@ -2226,8 +2226,8 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'Version 5' - - 'Version 6' + - Version 3 + - Version 4 cve-2021-45046: investigated: '' affected_versions: [] @@ -2245,7 +2245,7 @@ software: - '' last_updated: '2022-02-02T00:00:00' - vendor: Fuji Electric - product: TELLUS and V-Server + product: V-SFT cves: cve-2021-4104: investigated: '' @@ -2257,8 +2257,8 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'Version 3' - - 'Version 4' + - Version 5 + - Version 6 cve-2021-45046: investigated: '' affected_versions: [] diff --git a/data/cisagov_K.yml b/data/cisagov_K.yml index 7149f4a..2f4d413 100644 --- a/data/cisagov_K.yml +++ b/data/cisagov_K.yml @@ -5,7 +5,7 @@ owners: url: https://github.com/cisagov/log4j-affected-db software: - vendor: K15t - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -34,7 +34,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: K6 - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -62,8 +62,68 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Kaltura + product: Blackboard Learn SaaS in the classic Learn experience + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - v3900.28.x + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://knowledge.kaltura.com/help/blackboard-learn-release-notes#blackboard-learn-december-2021-release-notes-v5412 + notes: '' + references: + - '' + last_updated: '2021-12-23T07:18:50+00:00' + - vendor: Kaltura + product: Blackboard Learn Self- and Managed-Hosting + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - v3900.26.x + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://knowledge.kaltura.com/help/blackboard-learn-release-notes#blackboard-learn-december-2021-release-notes-v5412 + notes: '' + references: + - '' + last_updated: '2021-12-23T07:18:50+00:00' - vendor: Karakun - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -92,7 +152,37 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Kaseya - product: '' + product: AuthAnvil + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: BMS cves: cve-2021-4104: investigated: false @@ -100,10 +190,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: ID Agent DarkWeb ID and BullPhish ID + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -119,9 +240,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Keeper Security - product: '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: IT Glue cves: cve-2021-4104: investigated: false @@ -129,10 +250,341 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: MyGlue + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: Network Glue + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: Passly + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: RocketCyber + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: Spannign Salesforce Backup + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: Spanning O365 Backup + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: Unitrends + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: Vorex + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: VSA SaaS and VSA On-Premises + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: KeePass + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://sourceforge.net/p/keepass/discussion/329220/thread/4643c5ec4f/?limit=250 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Keeper + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -149,8 +601,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: KEMP - product: '' + - vendor: Kemp + product: All cves: cve-2021-4104: investigated: false @@ -175,11 +627,41 @@ software: vendor_links: - https://support.kemptechnologies.com/hc/en-us/articles/4416430695437-CVE-2021-44228-Log4j2-Exploit notes: '' + references: + - '[Additional Link](https://support.kemptechnologies.com/hc/en-us/articles/4416473820045-Progress-Kemp-LoadMaster-protects-from-security-vulnerability-Apache-Log4j-2-CVE-2021-44228-)' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Keycloak + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://github.com/keycloak/keycloak/discussions/9078 + notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: KEMP 2 - product: '' + - vendor: Kofax + product: Capture cves: cve-2021-4104: investigated: false @@ -187,10 +669,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://knowledge.kofax.com/Capture/Kofax_Capture/Reference/Log4J_Vulnerability_CVE-2021-44228_Does_Not_Affect_Kofax_Capture + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Kofax + product: Communication Manager + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 5.3 - 5.5 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -202,13 +715,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.kemptechnologies.com/hc/en-us/articles/4416473820045-Progress-Kemp-LoadMaster-protects-from-security-vulnerability-Apache-Log4j-2-CVE-2021-44228- + - https://knowledge.kofax.com/Communications_Manager/Troubleshooting/log4j_vulnerability_in_Kofax_Communications_Manager notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Kofax - product: '' + product: Robot File System (RFS) cves: cve-2021-4104: investigated: false @@ -216,10 +729,42 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>=10.7' + unaffected_versions: [] + cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://knowledge.kofax.com/Robotic_Process_Automation/Troubleshooting + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Kofax + product: Robotic Process Automation (RPA) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '11.1' + - '11.2' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -231,13 +776,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://knowledge.kofax.com/MFD_Productivity/SafeCom/Product_Information/SafeCom_and_Log4j_vulnerability_(CVE-2021-44228) + - https://knowledge.kofax.com/Robotic_Process_Automation/Troubleshooting notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Konica Minolta - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -266,7 +811,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Kronos UKG - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -295,7 +840,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Kyberna - product: '' + product: All cves: cve-2021-4104: investigated: false