From bc19dddbe746c7dfeca0a6bdbfd39666a89a5b8e Mon Sep 17 00:00:00 2001 From: cisagovbot <65734717+cisagovbot@users.noreply.github.com> Date: Wed, 2 Feb 2022 21:29:40 +0000 Subject: [PATCH 1/7] Update the software list --- SOFTWARE-LIST.md | 26 +++- data/cisagov.yml | 364 +++++++++++++++++++++++++++++++++++++++---- data/cisagov_C.yml | 380 ++++++++++++++++++++++----------------------- data/cisagov_F.yml | 84 +++++----- 4 files changed, 587 insertions(+), 267 deletions(-) diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md index 4a4947c..28cf89c 100644 --- a/SOFTWARE-LIST.md +++ b/SOFTWARE-LIST.md @@ -415,14 +415,16 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Campbell Scientific | All | | | Unknown | [link](https://s.campbellsci.com/documents/us/miscellaneous/log4j2-vulnerability.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-23 | | Camunda | | | | Unknown | [link](https://forum.camunda.org/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228/31910) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Canary Labs | All | | | Unknown | [link](https://helpcenter.canarylabs.com/t/83hjjk0/log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Canon | Alphenix (Angio Workstation) | | | Unknown | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Canon | CT Medical Imaging Products | | | Unknown | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Canon | Infinix-i (Angio Workstation) | | | Unknown | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Canon | MR Medical Imaging Products | | | Unknown | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Canon | NM Medical Imaging Products | | | Unknown | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Canon | UL Medical Imaging Products | | | Unknown | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Canon | Vitrea Advanced 7.x | | | Unknown | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Canon | XR Medical Imaging Products | | | Unknown | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| Canon | Canon DR Products CXDI_NE) | | | Not Affected | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | Such as Omnera, FlexPro, Soltus | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Canon | CT Medical Imaging Products | | | Not Affected | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Canon | Eye-Care Products | | | Not Affected | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Canon | MR Medical Imaging Products | | | Not Affected | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Canon | NM Medical Imaging Products | | | Not Affected | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Canon | UL Medical Imaging Products | | | Not Affected | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Canon | Vitrea Advanced 7.x | All | | Affected | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Canon | VL Alphenix Angio Workstation (AWS) | All | | Affected | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Canon | VL Infinix-i Angio Workstation (AWS) | | | Not Affected | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Canon | XR Medical Imaging Products | | | Not Affected | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | | CapStorm | Copystorm | | | Unknown | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | | CarbonBlack | | | | Unknown | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Carestream | | | | Unknown | [link](https://www.carestream.com/en/us/services-and-support/cybersecurity-and-privacy) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | @@ -1227,6 +1229,14 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Fortinet | FortiWeb Cloud | | | Unknown | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Fortinet | ShieldX | | | Unknown | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | FTAPI | | | | Unknown | [link](https://www.ftapi.com/blog/kritische-sicherheitslucke-in-log4j-ftapi-reagiert/#) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fuji Electric | MONITOUCH TS1000 series | | | Not Affected | [link](https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Fuji Electric | MONITOUCH TS1000S series | | | Not Affected | [link](https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Fuji Electric | MONITOUCH TS2000 series | | | Not Affected | [link](https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Fuji Electric | MONITOUCH V8 series | | | Not Affected | [link](https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Fuji Electric | MONITOUCH V9 series | | | Not Affected | [link](https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Fuji Electric | MONITOUCH X1 series | | | Not Affected | [link](https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Fuji Electric | TELLUS and V-Server | | | Not Affected | [link](https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Fuji Electric | V-SFT | | | Not Affected | [link](https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | | Fujitsu | | | | Unknown | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | FusionAuth | FusionAuth | | | Not Affected | [link](https://fusionauth.io/blog/2021/12/10/log4j-fusionauth/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | GE Digital | All | | | Unknown | [link](https://digitalsupport.ge.com/communities/en_US/Alert/GE-Security-Advisories) | This advisory is available to customers only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | diff --git a/data/cisagov.yml b/data/cisagov.yml index 07c89c9..d09289d 100644 --- a/data/cisagov.yml +++ b/data/cisagov.yml @@ -11696,7 +11696,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Canon - product: Alphenix (Angio Workstation) + product: Canon DR Products CXDI_NE) cves: cve-2021-4104: investigated: false @@ -11704,10 +11704,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -11720,10 +11721,10 @@ software: unaffected_versions: [] vendor_links: - https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability - notes: '' + notes: Such as Omnera, FlexPro, Soltus references: - '' - last_updated: '2021-12-22T00:00:00' + last_updated: '2022-02-02T00:00:00' - vendor: Canon product: CT Medical Imaging Products cves: @@ -11733,10 +11734,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -11752,9 +11754,9 @@ software: notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' + last_updated: '2022-02-02T00:00:00' - vendor: Canon - product: Infinix-i (Angio Workstation) + product: Eye-Care Products cves: cve-2021-4104: investigated: false @@ -11762,10 +11764,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -11781,7 +11784,7 @@ software: notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' + last_updated: '2022-02-02T00:00:00' - vendor: Canon product: MR Medical Imaging Products cves: @@ -11791,10 +11794,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -11810,7 +11814,7 @@ software: notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' + last_updated: '2022-02-02T00:00:00' - vendor: Canon product: NM Medical Imaging Products cves: @@ -11820,10 +11824,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -11839,7 +11844,7 @@ software: notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' + last_updated: '2022-02-02T00:00:00' - vendor: Canon product: UL Medical Imaging Products cves: @@ -11849,10 +11854,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -11868,7 +11874,7 @@ software: notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' + last_updated: '2022-02-02T00:00:00' - vendor: Canon product: Vitrea Advanced 7.x cves: @@ -11878,8 +11884,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -11897,7 +11904,67 @@ software: notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' + last_updated: '2022-02-02T00:00:00' + - vendor: Canon + product: VL Alphenix Angio Workstation (AWS) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - All + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' + - vendor: Canon + product: VL Infinix-i Angio Workstation (AWS) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' - vendor: Canon product: XR Medical Imaging Products cves: @@ -11907,10 +11974,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -11926,7 +11994,7 @@ software: notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' + last_updated: '2022-02-02T00:00:00' - vendor: CapStorm product: Copystorm cves: @@ -35683,6 +35751,248 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fuji Electric + product: MONITOUCH TS1000 series + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' + - vendor: Fuji Electric + product: MONITOUCH TS1000S series + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' + - vendor: Fuji Electric + product: MONITOUCH TS2000 series + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' + - vendor: Fuji Electric + product: MONITOUCH V8 series + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' + - vendor: Fuji Electric + product: MONITOUCH V9 series + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' + - vendor: Fuji Electric + product: MONITOUCH X1 series + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' + - vendor: Fuji Electric + product: TELLUS and V-Server + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - Version 3 + - Version 4 + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' + - vendor: Fuji Electric + product: V-SFT + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - Version 5 + - Version 6 + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' - vendor: Fujitsu product: '' cves: diff --git a/data/cisagov_C.yml b/data/cisagov_C.yml index d53c7de..ab59ef7 100644 --- a/data/cisagov_C.yml +++ b/data/cisagov_C.yml @@ -121,7 +121,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Canon - product: VL Alphenix Angio Workstation (AWS) + product: Canon DR Products CXDI_NE) cves: cve-2021-4104: investigated: false @@ -130,10 +130,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 'All' + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -146,7 +146,7 @@ software: unaffected_versions: [] vendor_links: - https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability - notes: '' + notes: Such as Omnera, FlexPro, Soltus references: - '' last_updated: '2022-02-02T00:00:00' @@ -163,187 +163,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability - notes: '' - references: - - '' - last_updated: '2022-02-02T00:00:00' - - vendor: Canon - product: VL Infinix-i Angio Workstation (AWS) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - 'All' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability - notes: '' - references: - - '' - last_updated: '2022-02-02T00:00:00' - - vendor: Canon - product: MR Medical Imaging Products - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - 'All' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability - notes: '' - references: - - '' - last_updated: '2022-02-02T00:00:00' - - vendor: Canon - product: NM Medical Imaging Products - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - 'All' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability - notes: '' - references: - - '' - last_updated: '2022-02-02T00:00:00' - - vendor: Canon - product: UL Medical Imaging Products - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - 'All' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability - notes: '' - references: - - '' - last_updated: '2022-02-02T00:00:00' - - vendor: Canon - product: Vitrea Advanced 7.x - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: - - 'All' - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability - notes: '' - references: - - '' - last_updated: '2022-02-02T00:00:00' - - vendor: Canon - product: XR Medical Imaging Products - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -373,7 +193,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -391,7 +211,7 @@ software: - '' last_updated: '2022-02-02T00:00:00' - vendor: Canon - product: Canon DR Products CXDI_NE) + product: MR Medical Imaging Products cves: cve-2021-4104: investigated: false @@ -403,7 +223,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -416,7 +236,187 @@ software: unaffected_versions: [] vendor_links: - https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability - notes: Such as Omnera, FlexPro, Soltus + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' + - vendor: Canon + product: NM Medical Imaging Products + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' + - vendor: Canon + product: UL Medical Imaging Products + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' + - vendor: Canon + product: Vitrea Advanced 7.x + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - All + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' + - vendor: Canon + product: VL Alphenix Angio Workstation (AWS) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - All + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' + - vendor: Canon + product: VL Infinix-i Angio Workstation (AWS) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' + - vendor: Canon + product: XR Medical Imaging Products + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability + notes: '' references: - '' last_updated: '2022-02-02T00:00:00' diff --git a/data/cisagov_F.yml b/data/cisagov_F.yml index c615dad..adcaaab 100644 --- a/data/cisagov_F.yml +++ b/data/cisagov_F.yml @@ -2034,7 +2034,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fuji Electric - product: MONITOUCH X1 series + product: MONITOUCH TS1000 series cves: cve-2021-4104: investigated: '' @@ -2046,37 +2046,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' - cve-2021-45046: - investigated: '' - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: '' - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf - notes: '' - references: - - '' - last_updated: '2022-02-02T00:00:00' - - vendor: Fuji Electric - product: MONITOUCH V9 series - cves: - cve-2021-4104: - investigated: '' - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -2106,7 +2076,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -2136,7 +2106,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -2166,7 +2136,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -2184,7 +2154,7 @@ software: - '' last_updated: '2022-02-02T00:00:00' - vendor: Fuji Electric - product: MONITOUCH TS1000 series + product: MONITOUCH V9 series cves: cve-2021-4104: investigated: '' @@ -2196,7 +2166,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -2214,7 +2184,7 @@ software: - '' last_updated: '2022-02-02T00:00:00' - vendor: Fuji Electric - product: V-SFT + product: MONITOUCH X1 series cves: cve-2021-4104: investigated: '' @@ -2226,8 +2196,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'Version 5' - - 'Version 6' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -2257,8 +2226,39 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'Version 3' - - 'Version 4' + - Version 3 + - Version 4 + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' + - vendor: Fuji Electric + product: V-SFT + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - Version 5 + - Version 6 cve-2021-45046: investigated: '' affected_versions: [] From 222274ced398e92f8421e0f2a6e644165d67f979 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Thu, 3 Feb 2022 08:27:59 -0500 Subject: [PATCH 2/7] Add Kaltura products --- data/cisagov_K.yml | 64 ++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 62 insertions(+), 2 deletions(-) diff --git a/data/cisagov_K.yml b/data/cisagov_K.yml index 7149f4a..4b5130c 100644 --- a/data/cisagov_K.yml +++ b/data/cisagov_K.yml @@ -5,7 +5,7 @@ owners: url: https://github.com/cisagov/log4j-affected-db software: - vendor: K15t - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -34,7 +34,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: K6 - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -62,6 +62,66 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Kaltura + product: Blackboard Learn SaaS in the classic Learn experience + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 'v3900.28.x' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://knowledge.kaltura.com/help/blackboard-learn-release-notes#blackboard-learn-december-2021-release-notes-v5412 + notes: '' + references: + - '' + last_updated: '2021-12-23T07:18:50+00:00' + - vendor: Kaltura + product: Blackboard Learn Self- and Managed-Hosting + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 'v3900.26.x' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://knowledge.kaltura.com/help/blackboard-learn-release-notes#blackboard-learn-december-2021-release-notes-v5412 + notes: '' + references: + - '' + last_updated: '2021-12-23T07:18:50+00:00' - vendor: Karakun product: '' cves: From 3cf60bf127ab75cdcc1ee6fec9374d3b80cdbaba Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Thu, 3 Feb 2022 08:35:55 -0500 Subject: [PATCH 3/7] Add Kaseya products --- data/cisagov_K.yml | 371 ++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 366 insertions(+), 5 deletions(-) diff --git a/data/cisagov_K.yml b/data/cisagov_K.yml index 4b5130c..4d5522a 100644 --- a/data/cisagov_K.yml +++ b/data/cisagov_K.yml @@ -123,7 +123,7 @@ software: - '' last_updated: '2021-12-23T07:18:50+00:00' - vendor: Karakun - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -152,7 +152,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Kaseya - product: '' + product: AuthAnvil cves: cve-2021-4104: investigated: false @@ -160,10 +160,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -179,7 +180,367 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: BMS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: ID Agent DarkWeb ID and BullPhish ID + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: IT Glue + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: MyGlue + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: Network Glue + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: Passly + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: RocketCyber + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: Spannign Salesforce Backup + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: Spanning O365 Backup + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: Unitrends + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: Vorex + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: Kaseya VSA SaaS and VSA On-Premises + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' - vendor: Keeper Security product: '' cves: From dc7229903d5e14905b606aff7a7309891e676d4f Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Thu, 3 Feb 2022 08:38:52 -0500 Subject: [PATCH 4/7] Fix product error Kaseya --- data/cisagov_K.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/cisagov_K.yml b/data/cisagov_K.yml index 4d5522a..215985d 100644 --- a/data/cisagov_K.yml +++ b/data/cisagov_K.yml @@ -512,7 +512,7 @@ software: - '' last_updated: '2021-12-15T07:18:50+00:00' - vendor: Kaseya - product: Kaseya VSA SaaS and VSA On-Premises + product: VSA SaaS and VSA On-Premises cves: cve-2021-4104: investigated: false From 3af4b6a0d9cefc3b1d4235c5c08b8c1989685c7f Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Thu, 3 Feb 2022 08:44:17 -0500 Subject: [PATCH 5/7] Add KeePass, Update Keeper, Kemp --- data/cisagov_K.yml | 70 ++++++++++++++++++++++++---------------------- 1 file changed, 36 insertions(+), 34 deletions(-) diff --git a/data/cisagov_K.yml b/data/cisagov_K.yml index 215985d..a46712e 100644 --- a/data/cisagov_K.yml +++ b/data/cisagov_K.yml @@ -541,8 +541,8 @@ software: references: - '' last_updated: '2021-12-15T07:18:50+00:00' - - vendor: Keeper Security - product: '' + - vendor: KeePass + product: All cves: cve-2021-4104: investigated: false @@ -550,10 +550,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://sourceforge.net/p/keepass/discussion/329220/thread/4643c5ec4f/?limit=250 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Keeper + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -570,8 +601,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: KEMP - product: '' + - vendor: Kemp + product: All cves: cve-2021-4104: investigated: false @@ -597,36 +628,7 @@ software: - https://support.kemptechnologies.com/hc/en-us/articles/4416430695437-CVE-2021-44228-Log4j2-Exploit notes: '' references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: KEMP 2 - product: '' - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://support.kemptechnologies.com/hc/en-us/articles/4416473820045-Progress-Kemp-LoadMaster-protects-from-security-vulnerability-Apache-Log4j-2-CVE-2021-44228- - notes: '' - references: - - '' + - '[Additional Link](https://support.kemptechnologies.com/hc/en-us/articles/4416473820045-Progress-Kemp-LoadMaster-protects-from-security-vulnerability-Apache-Log4j-2-CVE-2021-44228-)' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Kofax product: '' From bbac69cb1e0b466246033994978a421e767f5917 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Thu, 3 Feb 2022 08:54:30 -0500 Subject: [PATCH 6/7] Add Keycloak, Kofax products --- data/cisagov_K.yml | 134 +++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 128 insertions(+), 6 deletions(-) diff --git a/data/cisagov_K.yml b/data/cisagov_K.yml index a46712e..10d1aec 100644 --- a/data/cisagov_K.yml +++ b/data/cisagov_K.yml @@ -630,8 +630,8 @@ software: references: - '[Additional Link](https://support.kemptechnologies.com/hc/en-us/articles/4416473820045-Progress-Kemp-LoadMaster-protects-from-security-vulnerability-Apache-Log4j-2-CVE-2021-44228-)' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Kofax - product: '' + - vendor: Keycloak + product: All cves: cve-2021-4104: investigated: false @@ -639,10 +639,71 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://github.com/keycloak/keycloak/discussions/9078 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Kofax + product: Capture + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://knowledge.kofax.com/Capture/Kofax_Capture/Reference/Log4J_Vulnerability_CVE-2021-44228_Does_Not_Affect_Kofax_Capture + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Kofax + product: Communication Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '5.3 - 5.5' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -654,13 +715,74 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://knowledge.kofax.com/MFD_Productivity/SafeCom/Product_Information/SafeCom_and_Log4j_vulnerability_(CVE-2021-44228) + - https://knowledge.kofax.com/Communications_Manager/Troubleshooting/log4j_vulnerability_in_Kofax_Communications_Manager + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Kofax + product: Robot File System (RFS) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>=10.7' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://knowledge.kofax.com/Robotic_Process_Automation/Troubleshooting + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Kofax + product: Robotic Process Automation (RPA) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '11.1' + - '11.2' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://knowledge.kofax.com/Robotic_Process_Automation/Troubleshooting notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Konica Minolta - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -689,7 +811,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Kronos UKG - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -718,7 +840,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Kyberna - product: '' + product: All cves: cve-2021-4104: investigated: false From d25a999e3400f16e3cde4a06a64c5a7b5c018db5 Mon Sep 17 00:00:00 2001 From: cisagovbot <65734717+cisagovbot@users.noreply.github.com> Date: Thu, 3 Feb 2022 13:59:27 +0000 Subject: [PATCH 7/7] Update the software list --- SOFTWARE-LIST.md | 40 ++- data/cisagov.yml | 589 +++++++++++++++++++++++++++++++++++++++++++-- data/cisagov_K.yml | 12 +- 3 files changed, 602 insertions(+), 39 deletions(-) diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md index 28cf89c..f62ff18 100644 --- a/SOFTWARE-LIST.md +++ b/SOFTWARE-LIST.md @@ -2004,17 +2004,35 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Jump Desktop | | | | Unknown | [link](https://support.jumpdesktop.com/hc/en-us/articles/4416720395021-Log4j-CVE-2021-44228-CVE-2021-45046-Statement) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Juniper Networks | | | | Unknown | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Justice Systems | | | | Unknown | [link](https://www.justicesystems.com/services/support/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| K15t | | | | Unknown | [link](https://help.k15t.com/k15t-apps-and-log4shell-193401141.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| K6 | | | | Unknown | [link](https://k6.io/blog/k6-products-not-impacted-by-cve-2021-44228/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Karakun | | | | Unknown | [link](https://board.karakun.com/viewtopic.php?f=21&t=8351) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Kaseya | | | | Unknown | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Keeper Security | | | | Unknown | [link](https://www.keepersecurity.com/blog/2021/12/15/public-notice-regarding-the-apache-foundation-log4j-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| KEMP | | | | Unknown | [link](https://support.kemptechnologies.com/hc/en-us/articles/4416430695437-CVE-2021-44228-Log4j2-Exploit) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| KEMP 2 | | | | Unknown | [link](https://support.kemptechnologies.com/hc/en-us/articles/4416473820045-Progress-Kemp-LoadMaster-protects-from-security-vulnerability-Apache-Log4j-2-CVE-2021-44228-) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Kofax | | | | Unknown | [link](https://knowledge.kofax.com/MFD_Productivity/SafeCom/Product_Information/SafeCom_and_Log4j_vulnerability_(CVE-2021-44228)) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Konica Minolta | | | | Unknown | [link](https://www.konicaminolta.de/de-de/support/log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Kronos UKG | | | | Unknown | [link](https://community.kronos.com/s/feed/0D54M00004wJKHiSAO?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Kyberna | | | | Unknown | [link](https://www.kyberna.com/detail/log4j-sicherheitsluecke) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| K15t | All | | | Unknown | [link](https://help.k15t.com/k15t-apps-and-log4shell-193401141.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| K6 | All | | | Unknown | [link](https://k6.io/blog/k6-products-not-impacted-by-cve-2021-44228/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Kaltura | Blackboard Learn SaaS in the classic Learn experience | | v3900.28.x | Fixed | [link](https://knowledge.kaltura.com/help/blackboard-learn-release-notes#blackboard-learn-december-2021-release-notes-v5412) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-23 | +| Kaltura | Blackboard Learn Self- and Managed-Hosting | | v3900.26.x | Fixed | [link](https://knowledge.kaltura.com/help/blackboard-learn-release-notes#blackboard-learn-december-2021-release-notes-v5412) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-23 | +| Karakun | All | | | Unknown | [link](https://board.karakun.com/viewtopic.php?f=21&t=8351) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Kaseya | AuthAnvil | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Kaseya | BMS | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Kaseya | ID Agent DarkWeb ID and BullPhish ID | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Kaseya | IT Glue | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Kaseya | MyGlue | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Kaseya | Network Glue | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Kaseya | Passly | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Kaseya | RocketCyber | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Kaseya | Spannign Salesforce Backup | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Kaseya | Spanning O365 Backup | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Kaseya | Unitrends | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Kaseya | Vorex | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Kaseya | VSA SaaS and VSA On-Premises | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| KeePass | All | | | Not Affected | [link](https://sourceforge.net/p/keepass/discussion/329220/thread/4643c5ec4f/?limit=250) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Keeper | All | | | Fixed | [link](https://www.keepersecurity.com/blog/2021/12/15/public-notice-regarding-the-apache-foundation-log4j-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Kemp | All | | | Unknown | [link](https://support.kemptechnologies.com/hc/en-us/articles/4416430695437-CVE-2021-44228-Log4j2-Exploit) | | [Additional Link](https://support.kemptechnologies.com/hc/en-us/articles/4416473820045-Progress-Kemp-LoadMaster-protects-from-security-vulnerability-Apache-Log4j-2-CVE-2021-44228-) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Keycloak | All | | | Not Affected | [link](https://github.com/keycloak/keycloak/discussions/9078) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Kofax | Capture | | | Not Affected | [link](https://knowledge.kofax.com/Capture/Kofax_Capture/Reference/Log4J_Vulnerability_CVE-2021-44228_Does_Not_Affect_Kofax_Capture) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Kofax | Communication Manager | | 5.3 - 5.5 | Fixed | [link](https://knowledge.kofax.com/Communications_Manager/Troubleshooting/log4j_vulnerability_in_Kofax_Communications_Manager) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Kofax | Robot File System (RFS) | | >=10.7 | Fixed | [link](https://knowledge.kofax.com/Robotic_Process_Automation/Troubleshooting) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Kofax | Robotic Process Automation (RPA) | | 11.1, 11.2 | Fixed | [link](https://knowledge.kofax.com/Robotic_Process_Automation/Troubleshooting) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Konica Minolta | All | | | Unknown | [link](https://www.konicaminolta.de/de-de/support/log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Kronos UKG | All | | | Unknown | [link](https://community.kronos.com/s/feed/0D54M00004wJKHiSAO?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Kyberna | All | | | Unknown | [link](https://www.kyberna.com/detail/log4j-sicherheitsluecke) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | L-Soft | | | | Unknown | [link](http://www.lsoft.com/news/log4jinfo.asp) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | L3Harris Geospatial | | | | Unknown | [link](https://www.l3harrisgeospatial.com/Support/Self-Help-Tools/Help-Articles/Help-Articles-Detail/ArtMID/10220/ArticleID/24141/Impact-of-Log4j-Java-Security-Vulnerability-CVE-2021-44228-on-L3Harris-Geospatial-software) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Lancom Systems | | | | Unknown | [link](https://www.lancom-systems.com/service-support/instant-help/general-security-information/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | diff --git a/data/cisagov.yml b/data/cisagov.yml index d09289d..c586742 100644 --- a/data/cisagov.yml +++ b/data/cisagov.yml @@ -58852,7 +58852,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: K15t - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -58881,7 +58881,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: K6 - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -58909,8 +58909,68 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Kaltura + product: Blackboard Learn SaaS in the classic Learn experience + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - v3900.28.x + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://knowledge.kaltura.com/help/blackboard-learn-release-notes#blackboard-learn-december-2021-release-notes-v5412 + notes: '' + references: + - '' + last_updated: '2021-12-23T07:18:50+00:00' + - vendor: Kaltura + product: Blackboard Learn Self- and Managed-Hosting + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - v3900.26.x + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://knowledge.kaltura.com/help/blackboard-learn-release-notes#blackboard-learn-december-2021-release-notes-v5412 + notes: '' + references: + - '' + last_updated: '2021-12-23T07:18:50+00:00' - vendor: Karakun - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -58939,7 +58999,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Kaseya - product: '' + product: AuthAnvil cves: cve-2021-4104: investigated: false @@ -58947,10 +59007,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -58966,9 +59027,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Keeper Security - product: '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: BMS cves: cve-2021-4104: investigated: false @@ -58976,10 +59037,401 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: ID Agent DarkWeb ID and BullPhish ID + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: IT Glue + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: MyGlue + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: Network Glue + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: Passly + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: RocketCyber + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: Spannign Salesforce Backup + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: Spanning O365 Backup + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: Unitrends + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: Vorex + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: VSA SaaS and VSA On-Premises + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: KeePass + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://sourceforge.net/p/keepass/discussion/329220/thread/4643c5ec4f/?limit=250 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Keeper + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -58996,8 +59448,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: KEMP - product: '' + - vendor: Kemp + product: All cves: cve-2021-4104: investigated: false @@ -59023,10 +59475,10 @@ software: - https://support.kemptechnologies.com/hc/en-us/articles/4416430695437-CVE-2021-44228-Log4j2-Exploit notes: '' references: - - '' + - '[Additional Link](https://support.kemptechnologies.com/hc/en-us/articles/4416473820045-Progress-Kemp-LoadMaster-protects-from-security-vulnerability-Apache-Log4j-2-CVE-2021-44228-)' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: KEMP 2 - product: '' + - vendor: Keycloak + product: All cves: cve-2021-4104: investigated: false @@ -59034,10 +59486,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -59049,13 +59502,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.kemptechnologies.com/hc/en-us/articles/4416473820045-Progress-Kemp-LoadMaster-protects-from-security-vulnerability-Apache-Log4j-2-CVE-2021-44228- + - https://github.com/keycloak/keycloak/discussions/9078 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Kofax - product: '' + product: Capture cves: cve-2021-4104: investigated: false @@ -59063,10 +59516,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://knowledge.kofax.com/Capture/Kofax_Capture/Reference/Log4J_Vulnerability_CVE-2021-44228_Does_Not_Affect_Kofax_Capture + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Kofax + product: Communication Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 5.3 - 5.5 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -59078,13 +59562,74 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://knowledge.kofax.com/MFD_Productivity/SafeCom/Product_Information/SafeCom_and_Log4j_vulnerability_(CVE-2021-44228) + - https://knowledge.kofax.com/Communications_Manager/Troubleshooting/log4j_vulnerability_in_Kofax_Communications_Manager + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Kofax + product: Robot File System (RFS) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>=10.7' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://knowledge.kofax.com/Robotic_Process_Automation/Troubleshooting + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Kofax + product: Robotic Process Automation (RPA) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '11.1' + - '11.2' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://knowledge.kofax.com/Robotic_Process_Automation/Troubleshooting notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Konica Minolta - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -59113,7 +59658,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Kronos UKG - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -59142,7 +59687,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Kyberna - product: '' + product: All cves: cve-2021-4104: investigated: false diff --git a/data/cisagov_K.yml b/data/cisagov_K.yml index 10d1aec..2f4d413 100644 --- a/data/cisagov_K.yml +++ b/data/cisagov_K.yml @@ -74,7 +74,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'v3900.28.x' + - v3900.28.x unaffected_versions: [] cve-2021-45046: investigated: false @@ -104,7 +104,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'v3900.26.x' + - v3900.26.x unaffected_versions: [] cve-2021-45046: investigated: false @@ -554,7 +554,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -643,7 +643,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -673,7 +673,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -702,7 +702,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '5.3 - 5.5' + - 5.3 - 5.5 unaffected_versions: [] cve-2021-45046: investigated: false