From bcdeb389e107c7cce9aace7001a7e9b418f9ee6f Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Thu, 10 Feb 2022 13:20:25 -0500 Subject: [PATCH 01/20] Add Abbott and Accellence Tech products --- data/cisagov_A.yml | 195 +++++++++++++++++++++++++++------------------ 1 file changed, 116 insertions(+), 79 deletions(-) diff --git a/data/cisagov_A.yml b/data/cisagov_A.yml index 17499a2..7ef12db 100644 --- a/data/cisagov_A.yml +++ b/data/cisagov_A.yml @@ -5,7 +5,7 @@ owners: url: https://github.com/cisagov/log4j-affected-db software: - vendor: ABB - product: '' + product: AlarmInsight Cloud cves: cve-2021-4104: investigated: false @@ -13,10 +13,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -28,65 +29,7 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://search.abb.com/library/Download.aspx?DocumentID=9ADB012621&LanguageCode=en&DocumentPartId=&Action=Launch - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: ABB - product: ABB Remote Service - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: - - ABB Remote Platform (RAP) - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: [] - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: ABB - product: AlarmInsight Cloud - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: - - AlarmInsight KPI Dashboards 1.0.0 - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: [] + - https://library.e.abb.com/public/33d17fce257142a9bc12de09d5b03e4f/9ADB012621_CyberSecurityNotification_Log4Shell_Vulnerabilities_RevE.pdf?x-sign=FsPI10PMyN3QM7OoR2bIwFRdFmC/BCX+5CZVPKdq2/rx0Nh8iHMAwluUVEaTFDjt notes: '' references: - '' @@ -100,10 +43,40 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: - - See Vendor Advisory + investigated: true + affected_versions: [] fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://library.e.abb.com/public/33d17fce257142a9bc12de09d5b03e4f/9ADB012621_CyberSecurityNotification_Log4Shell_Vulnerabilities_RevE.pdf?x-sign=FsPI10PMyN3QM7OoR2bIwFRdFmC/BCX+5CZVPKdq2/rx0Nh8iHMAwluUVEaTFDjt + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: ABB + product: Remote Service + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -116,13 +89,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.br-automation.com/downloads_br_productcatalogue/assets/1639507581859-en-original-1.0.pdf + - https://library.e.abb.com/public/33d17fce257142a9bc12de09d5b03e4f/9ADB012621_CyberSecurityNotification_Log4Shell_Vulnerabilities_RevE.pdf?x-sign=FsPI10PMyN3QM7OoR2bIwFRdFmC/BCX+5CZVPKdq2/rx0Nh8iHMAwluUVEaTFDjt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Abbott - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -146,12 +119,12 @@ software: unaffected_versions: [] vendor_links: - https://www.abbott.com/policies/cybersecurity/apache-Log4j.html - notes: '' + notes: Details are shared with customers with an active RAP subscription. references: - '' last_updated: '2021-12-15T00:00:00' - - vendor: Abnormal Security - product: Abnormal Security + - vendor: Abbott + product: GLP Track System cves: cve-2021-4104: investigated: false @@ -159,10 +132,42 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: + - 'Track Sample Manager (TSM)' + - 'Track Workflow Manager (TWM)' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.abbott.com/policies/cybersecurity/apache-Log4j.html + notes: Abbott will provide a fix for this in a future update expected in January 2022. + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Abnormal Security + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -179,8 +184,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Accellence - product: '' + - vendor: Accellence Technologies + product: EBÜS cves: cve-2021-4104: investigated: false @@ -188,9 +193,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 'All' unaffected_versions: [] cve-2021-45046: investigated: false @@ -203,7 +209,38 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.accellence.de/en/articles/national-vulnerability-database-62 + - https://www.accellence.de/en/articles/cve-2021-44228-62 + notes: EBÜS itself is not vulnerable to CVE-2021-44228. Although + it includes several 3rd-partie software setups, which may be affected. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Accellence Technologies + product: Vimacc + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.accellence.de/en/articles/cve-2021-44228-62 notes: '' references: - '' @@ -220,7 +257,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - v7.6 release + - 'v7.6 release' unaffected_versions: [] cve-2021-45046: investigated: false @@ -234,12 +271,12 @@ software: unaffected_versions: [] vendor_links: - https://www.kiteworks.com/kiteworks-news/log4shell-apache-vulnerability-what-kiteworks-customers-need-to-know/ - notes: '"As a precaution, Kiteworks released a 7.6.1 Hotfix software update to + notes: As a precaution, Kiteworks released a 7.6.1 Hotfix software update to address the vulnerability. This patch release adds the mitigation for CVE-2021-44228 contained in the Solr package as recommended by Apache Solr group. Specifically, it updates the Log4j library to a non-vulnerable version on CentOS 7 systems - as well as adds the recommended option “$SOLR_OPTS -Dlog4j2.formatMsgNoLookups=true” - to disable the possible attack vector on both CentOS 6 and CentOS 7."' + as well as adds the recommended option “$SOLR_OPTS -Dlog4j2.formatMsgNoLookups=true" + to disable the possible attack vector on both CentOS 6 and CentOS 7. references: - '' last_updated: '2021-12-16T00:00:00' From 36760a6624f035fb4360cfa1a17a8e04afc29843 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Thu, 10 Feb 2022 13:29:02 -0500 Subject: [PATCH 02/20] Fix whitespace --- data/cisagov_A.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/data/cisagov_A.yml b/data/cisagov_A.yml index 7ef12db..f3e88f4 100644 --- a/data/cisagov_A.yml +++ b/data/cisagov_A.yml @@ -211,7 +211,7 @@ software: vendor_links: - https://www.accellence.de/en/articles/cve-2021-44228-62 notes: EBÜS itself is not vulnerable to CVE-2021-44228. Although - it includes several 3rd-partie software setups, which may be affected. + it includes several 3rd-party software setups, which may be affected. references: - '' last_updated: '2022-01-12T07:18:50+00:00' @@ -281,7 +281,7 @@ software: - '' last_updated: '2021-12-16T00:00:00' - vendor: Acquia - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -310,7 +310,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Acronis - product: '' + product: All cves: cve-2021-4104: investigated: false From 30ae9d04d89b52a802e1ed13d6901cafda84dcc0 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Thu, 10 Feb 2022 13:44:58 -0500 Subject: [PATCH 03/20] Add Accruent products --- data/cisagov_A.yml | 570 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 570 insertions(+) diff --git a/data/cisagov_A.yml b/data/cisagov_A.yml index f3e88f4..98572ef 100644 --- a/data/cisagov_A.yml +++ b/data/cisagov_A.yml @@ -280,6 +280,576 @@ software: references: - '' last_updated: '2021-12-16T00:00:00' + - vendor: Accruent + product: Analytics + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.accruent.com/apache_log4j + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Accruent + product: Asset Enterprise + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.accruent.com/apache_log4j + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Accruent + product: BigCenter + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.accruent.com/apache_log4j + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Accruent + product: EMS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.accruent.com/apache_log4j + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Accruent + product: Evoco + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.accruent.com/apache_log4j + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Accruent + product: Expesite + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.accruent.com/apache_log4j + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Accruent + product: Famis 360 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.accruent.com/apache_log4j + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Accruent + product: Lucernex + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.accruent.com/apache_log4j + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Accruent + product: Maintenance Connection + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.accruent.com/apache_log4j + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Accruent + product: Meridian + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.accruent.com/apache_log4j + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Accruent + product: Single Sign On (SSO, Central Auth) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.accruent.com/apache_log4j + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Accruent + product: SiteFM3 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.accruent.com/apache_log4j + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Accruent + product: SiteFM4 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.accruent.com/apache_log4j + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Accruent + product: Siterra + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.accruent.com/apache_log4j + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Accruent + product: TMS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.accruent.com/apache_log4j + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Accruent + product: VxField + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.accruent.com/apache_log4j + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Accruent + product: VxMaintain + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.accruent.com/apache_log4j + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Accruent + product: VxObserve + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.accruent.com/apache_log4j + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Accruent + product: VxSustain + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.accruent.com/apache_log4j + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Acquia product: All cves: From 17c5b91dd0e914773d38639b3e161fa2cd9964a6 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Fri, 11 Feb 2022 07:47:37 -0500 Subject: [PATCH 04/20] Add Acronis products --- data/cisagov_A.yml | 278 ++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 276 insertions(+), 2 deletions(-) diff --git a/data/cisagov_A.yml b/data/cisagov_A.yml index 98572ef..95841a1 100644 --- a/data/cisagov_A.yml +++ b/data/cisagov_A.yml @@ -880,7 +880,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Acronis - product: All + product: Backup cves: cve-2021-4104: investigated: false @@ -888,10 +888,284 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '11.7' + cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security-advisory.acronis.com/advisories/SEC-3859 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Acronis + product: Cyber Backup + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '12.5' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security-advisory.acronis.com/advisories/SEC-3859 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Acronis + product: Cyber Files + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '8.6.2 onwards' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security-advisory.acronis.com/advisories/SEC-3859 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Acronis + product: Cyber Infrastructure + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '3.5' + - '4.x' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security-advisory.acronis.com/advisories/SEC-3859 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Acronis + product: Cyber Protect + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '15' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security-advisory.acronis.com/advisories/SEC-3859 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Acronis + product: Cyber Protection Home Office + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '2017 onwards' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security-advisory.acronis.com/advisories/SEC-3859 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Acronis + product: DeviceLock DLP + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '9.0' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security-advisory.acronis.com/advisories/SEC-3859 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Acronis + product: Files Connect + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '10.7 onwards' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security-advisory.acronis.com/advisories/SEC-3859 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Acronis + product: MassTransit + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '8.1' + - '8.2' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security-advisory.acronis.com/advisories/SEC-3859 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Acronis + product: Snap Deploy + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '5' + - '6' cve-2021-45046: investigated: false affected_versions: [] @@ -909,7 +1183,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: ActiveState - product: '' + product: All cves: cve-2021-4104: investigated: false From 7ec3d0870c12892a5f24a554e5329f495417c314 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Fri, 11 Feb 2022 07:53:48 -0500 Subject: [PATCH 05/20] Add Acunetix products --- data/cisagov_A.yml | 218 ++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 214 insertions(+), 4 deletions(-) diff --git a/data/cisagov_A.yml b/data/cisagov_A.yml index 95841a1..ec95b3e 100644 --- a/data/cisagov_A.yml +++ b/data/cisagov_A.yml @@ -1211,8 +1211,218 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Acunetix + product: '360' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.acunetix.com/blog/web-security-zone/critical-alert-log4shell-cve-2021-44228-in-log4j-possibly-the-biggest-impact-vulnerability-ever/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Acunetix + product: Agents + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.acunetix.com/blog/web-security-zone/critical-alert-log4shell-cve-2021-44228-in-log4j-possibly-the-biggest-impact-vulnerability-ever/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Acunetix + product: Application + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.acunetix.com/blog/web-security-zone/critical-alert-log4shell-cve-2021-44228-in-log4j-possibly-the-biggest-impact-vulnerability-ever/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Acunetix + product: IAST - ASP.NET + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.acunetix.com/blog/web-security-zone/critical-alert-log4shell-cve-2021-44228-in-log4j-possibly-the-biggest-impact-vulnerability-ever/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Acunetix + product: IAST-Java + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 'All' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.acunetix.com/blog/web-security-zone/critical-alert-log4shell-cve-2021-44228-in-log4j-possibly-the-biggest-impact-vulnerability-ever/ + notes: AcuSensor IAST module needs attention. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Acunetix + product: IAST - NodeJS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.acunetix.com/blog/web-security-zone/critical-alert-log4shell-cve-2021-44228-in-log4j-possibly-the-biggest-impact-vulnerability-ever/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Acunetix + product: IAST - PHP + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.acunetix.com/blog/web-security-zone/critical-alert-log4shell-cve-2021-44228-in-log4j-possibly-the-biggest-impact-vulnerability-ever/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Adaptec - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -1241,7 +1451,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Addigy - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -1270,7 +1480,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Adeptia - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -1293,7 +1503,7 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.adeptia.com/hc/en-us/articles/4412815509524-CVE-2021-44228-Log4j2-Vulnerability-Mitigation- + - A notes: '' references: - '' From 814805d972088ad8ee55d52d78a73cc12940435d Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Fri, 11 Feb 2022 07:57:17 -0500 Subject: [PATCH 06/20] Add Adeptia products --- data/cisagov_A.yml | 43 +++++++++++++++++++++++++++++++++++++++---- 1 file changed, 39 insertions(+), 4 deletions(-) diff --git a/data/cisagov_A.yml b/data/cisagov_A.yml index ec95b3e..2f3cb23 100644 --- a/data/cisagov_A.yml +++ b/data/cisagov_A.yml @@ -1480,7 +1480,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Adeptia - product: All + product: Connect cves: cve-2021-4104: investigated: false @@ -1488,9 +1488,12 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '3.3' + - '3.4' + - '3.5' unaffected_versions: [] cve-2021-45046: investigated: false @@ -1503,7 +1506,39 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - A + - https://support.adeptia.com/hc/en-us/articles/4412815509524-CVE-2021-44228-Log4j2-Vulnerability-Mitigation- + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Adeptia + product: Suite + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '6.9.9' + - '6.9.10' + - '6.9.11' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.adeptia.com/hc/en-us/articles/4412815509524-CVE-2021-44228-Log4j2-Vulnerability-Mitigation- notes: '' references: - '' From f7b7f2242a507f21bc483d7ab8dd0cc8fdad5edd Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Fri, 11 Feb 2022 08:04:56 -0500 Subject: [PATCH 07/20] Add Adobe products --- data/cisagov_A.yml | 253 +++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 247 insertions(+), 6 deletions(-) diff --git a/data/cisagov_A.yml b/data/cisagov_A.yml index 2f3cb23..96cbdb8 100644 --- a/data/cisagov_A.yml +++ b/data/cisagov_A.yml @@ -1543,8 +1543,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Adobe ColdFusion - product: '' + - vendor: Adobe + product: Automated Forms Conversion Service cves: cve-2021-4104: investigated: false @@ -1552,8 +1552,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -1567,13 +1568,253 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://helpx.adobe.com/coldfusion/kb/log4j-vulnerability-coldfusion.html + - https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Adobe + product: ColdFusion + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Adobe + product: Experience Manager 6.3 Forms on JEE + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 'All versions from 6.3 GA to 6.3.3' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Adobe + product: Experience Manager 6.4 Forms Designer + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Adobe + product: Experience Manager 6.4 Forms on JEE + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 'All versions from 6.4 GA to 6.4.8' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Adobe + product: Experience Manager 6.5 Forms Designer + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Adobe + product: Experience Manager 6.5 Forms on JEE + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 'All versions from 6.5 GA to 6.5.11' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Adobe + product: Experience Manager Forms on OSGi + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Adobe + product: Experience Manager Forms Workbench + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: ADP - product: '' + product: All cves: cve-2021-4104: investigated: false From 45522dc99de11d2ab5808525c40a252d1c7e8c3a Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Fri, 11 Feb 2022 08:12:33 -0500 Subject: [PATCH 08/20] Add Ahsay & AIL, var. updates --- data/cisagov_A.yml | 183 ++++++++++++++++++++++++++++++++++----------- 1 file changed, 139 insertions(+), 44 deletions(-) diff --git a/data/cisagov_A.yml b/data/cisagov_A.yml index 96cbdb8..b40044e 100644 --- a/data/cisagov_A.yml +++ b/data/cisagov_A.yml @@ -1881,10 +1881,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1911,10 +1912,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1941,10 +1943,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1971,10 +1974,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1992,35 +1996,6 @@ software: references: - '' last_updated: '2021-12-14T00:00:00' - - vendor: AFAS Software - product: '' - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://help.afas.nl/vraagantwoord/NL/SE/120439.htm - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - vendor: AFHCAN Global LLC product: AFHCANcart cves: @@ -2034,7 +2009,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 8.0.7 - 8.4.3 + - '8.0.7 - 8.4.3' cve-2021-45046: investigated: false affected_versions: [] @@ -2064,7 +2039,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 8.0.7 - 8.4.3 + - '8.0.7 - 8.4.3' cve-2021-45046: investigated: false affected_versions: [] @@ -2094,7 +2069,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 8.0.7 - 8.4.3 + - '8.0.7 - 8.4.3' cve-2021-45046: investigated: false affected_versions: [] @@ -2124,7 +2099,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 8.0.7 - 8.4.3 + - '8.0.7 - 8.4.3' cve-2021-45046: investigated: false affected_versions: [] @@ -2154,7 +2129,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 8.0.7 - 8.4.3 + - '8.0.7 - 8.4.3' cve-2021-45046: investigated: false affected_versions: [] @@ -2184,7 +2159,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 8.0.7 - 8.4.3 + - '8.0.7 - 8.4.3' cve-2021-45046: investigated: false affected_versions: [] @@ -2202,7 +2177,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Agilysys - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -2230,6 +2205,126 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Ahsay + product: Mobile + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '1.6+' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://wiki.ahsay.com/doku.php?id=public:announcement:cve-2021-44228_log4j + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Ahsay + product: Other products + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'version 8.5.4.86 (and above)' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://wiki.ahsay.com/doku.php?id=public:announcement:cve-2021-44228_log4j + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Ahsay + product: PRD + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '2.0' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://wiki.ahsay.com/doku.php?id=public:announcement:cve-2021-44228_log4j + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: AIL + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://twitter.com/ail_project/status/1470373644279119875 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Akamai product: SIEM Splunk Connector cves: From c3b65ac84e911607bfba3f97a6ae7717d76403c7 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Fri, 11 Feb 2022 08:34:52 -0500 Subject: [PATCH 09/20] Add Akamai products --- data/cisagov_A.yml | 99 ++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 82 insertions(+), 17 deletions(-) diff --git a/data/cisagov_A.yml b/data/cisagov_A.yml index b40044e..44d521a 100644 --- a/data/cisagov_A.yml +++ b/data/cisagov_A.yml @@ -2326,7 +2326,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Akamai - product: SIEM Splunk Connector + product: Enterprise Application Access (EAA) Connector cves: cve-2021-4104: investigated: false @@ -2335,9 +2335,39 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - All + affected_versions: [] fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://developer.akamai.com/tools/integrations/siem/siem-cef-connector#release-notes + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Akamai + product: SIEM Integration Connector + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '<1.7.4' unaffected_versions: [] cve-2021-45046: investigated: false @@ -2350,13 +2380,45 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://splunkbase.splunk.com/app/4310/ - notes: v1.4.11 is the new recommendation for mitigation of log4j vulnerabilities + - https://developer.akamai.com/tools/integrations/siem/siem-cef-connector#release-notes + notes: Akamai SIEM Integration Connector is vulnerable to CVE-2021-44228, + CVE-2021-45046 and CVE-2021-45105. + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Akamai + product: SIEM Splunk Connector + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '< 1.4.10' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://developer.akamai.com/tools/integrations/siem/siem-cef-connector#release-notes + notes: Akamai SIEM Integration Connector for Splunk is not vulnerable to CVE-2021-44228. + Although it includes the vulnerable Log4J component, it is not used by the connector. references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Alcatel - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -2385,7 +2447,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Alertus - product: '' + product: Console cves: cve-2021-4104: investigated: false @@ -2393,9 +2455,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '5.15.0' unaffected_versions: [] cve-2021-45046: investigated: false @@ -2414,7 +2477,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Alexion - product: '' + product: Alexion CRM cves: cve-2021-4104: investigated: false @@ -2422,10 +2485,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 'All' cve-2021-45046: investigated: false affected_versions: [] @@ -2443,7 +2507,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Alfresco - product: '' + product: Alfresco cves: cve-2021-4104: investigated: false @@ -2451,10 +2515,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 'All' cve-2021-45046: investigated: false affected_versions: [] @@ -2472,7 +2537,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: AlienVault - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -2524,7 +2589,7 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.alphatronmedical.com/home.html + - https://www.alphatronmedical.com/product-news/vulnerability-apache-log4j.html notes: '' references: - '' From 187211e4fe1703fa6924b2ac27fee580e49bf4b6 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Fri, 11 Feb 2022 08:38:44 -0500 Subject: [PATCH 10/20] Add Alphatron Medical products --- data/cisagov_A.yml | 94 +++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 93 insertions(+), 1 deletion(-) diff --git a/data/cisagov_A.yml b/data/cisagov_A.yml index 44d521a..debfcef 100644 --- a/data/cisagov_A.yml +++ b/data/cisagov_A.yml @@ -2566,7 +2566,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Alphatron Medical - product: '' + product: AmiSconnect cves: cve-2021-4104: investigated: false @@ -2574,10 +2574,102 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.alphatronmedical.com/product-news/vulnerability-apache-log4j.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Alphatron Medical + product: Custo Diagnostics + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '5.4' + - '5.6' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.alphatronmedical.com/product-news/vulnerability-apache-log4j.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Alphatron Medical + product: JiveX + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.alphatronmedical.com/product-news/vulnerability-apache-log4j.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Alphatron Medical + product: Zorgbericht + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] From 3c44eb98cf3dd0bbaa272c0f6566185d2519e901 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Fri, 11 Feb 2022 10:22:54 -0500 Subject: [PATCH 11/20] Add/update Amazon products --- data/cisagov_A.yml | 2025 ++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 1961 insertions(+), 64 deletions(-) diff --git a/data/cisagov_A.yml b/data/cisagov_A.yml index debfcef..01fd074 100644 --- a/data/cisagov_A.yml +++ b/data/cisagov_A.yml @@ -2687,7 +2687,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon - product: Athena + product: AMS cves: cve-2021-4104: investigated: false @@ -2695,10 +2695,43 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Work in progress, portion of customers may still be vulnerable. + Actively monitoring this issue, and are working on addressing it for + any AMS services which use Log4j2. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: API Gateway + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2714,7 +2747,67 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' + last_updated: '2021-12-20T00:00:00' + - vendor: Amazon + product: Athena + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Amazon + product: Athena JDBC Driver + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: All versions vended to customers were not affected. + references: + - '' + last_updated: '2021-12-20T00:00:00' - vendor: Amazon product: AWS cves: @@ -2741,15 +2834,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: [] - notes: 'Notes: Amazon Linux 1 had aws apitools which were Java based but these + notes: Amazon Linux 1 had aws apitools which were Java based but these were deprecated in 2015 [AWS Forum](https://forums.aws.amazon.com/thread.jspa?threadID=323611). AMIs used to inspect and verify (base spin ups) - amzn-ami-hvm-2018.03.0.20200318.1-x86_64-gp2 - and amzn2-ami-kernel-5.10-hvm-2.0.20211201.0-x86_64-gp2' + and amzn2-ami-kernel-5.10-hvm-2.0.20211201.0-x86_64-gp2. references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Amazon - product: AWS API Gateway + product: AWS AppFlow cves: cve-2021-4104: investigated: false @@ -2760,7 +2853,97 @@ software: investigated: true affected_versions: [] fixed_versions: - - All + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Amazon + product: AWS AppSync + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Amazon + product: AWS Certificate Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Amazon + product: AWS Certificate Manager Private CA + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -2788,9 +2971,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - < 3.4.1. - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '< 3.4.1' unaffected_versions: [] cve-2021-45046: investigated: false @@ -2804,7 +2987,67 @@ software: unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ - notes: '' + notes: CloudHSM JCE SDK 3.4.1 or higher is not vulnerable. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: AWS CodeBuild + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ + notes: Updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: AWS CodePipeline + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ + notes: Updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046. references: - '' last_updated: '2022-01-12T07:18:50+00:00' @@ -2820,7 +3063,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - All + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -2836,7 +3079,37 @@ software: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: Vendors recommend evaluating components of the environment outside of the Amazon Connect service boundary, which may require separate/additional customer - mitigation + mitigation. + references: + - '' + last_updated: '2021-12-23T00:00:00' + - vendor: Amazon + product: AWS Directory Service + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' references: - '' last_updated: '2021-12-23T00:00:00' @@ -2852,7 +3125,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - Unknown + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -2871,7 +3144,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Amazon - product: AWS EKS, ECS, Fargate + product: AWS ECS cves: cve-2021-4104: investigated: false @@ -2880,9 +3153,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Unknown - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -2896,16 +3169,82 @@ software: unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: To help mitigate the impact of the open-source Apache “Log4j2" utility + notes: To help mitigate the impact of the open-source Apache Log4j2 utility (CVE-2021-44228 and CVE-2021-45046) security issues on customers’ containers, Amazon EKS, Amazon ECS, and AWS Fargate are deploying a Linux-based update (hot-patch). This hot-patch will require customer opt-in to use, and disables JNDI lookups from the Log4J2 library in customers’ containers. These updates are available as an Amazon Linux package for Amazon ECS customers, as a DaemonSet for Kubernetes - users on AWS, and will be in supported AWS Fargate platform versions + users on AWS, and will be in supported AWS Fargate platform versions. references: - '' last_updated: '2021-12-16T00:00:00' + - vendor: Amazon + product: AWS EKS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: To help mitigate the impact of the open-source Apache Log4j2 utility + (CVE-2021-44228 and CVE-2021-45046) security issues on customers’ containers, + Amazon EKS, Amazon ECS, and AWS Fargate are deploying a Linux-based update (hot-patch). + This hot-patch will require customer opt-in to use, and disables JNDI lookups + from the Log4J2 library in customers’ containers. These updates are available + as an Amazon Linux package for Amazon ECS customers, as a DaemonSet for Kubernetes + users on AWS, and will be in supported AWS Fargate platform versions. + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Amazon + product: AWS Elastic Beanstalk + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Default configuration of applications usage of Log4j versions is not vulnerable. + references: + - '' + last_updated: '2021-12-17T00:00:00' - vendor: Amazon product: AWS ElastiCache cves: @@ -2918,7 +3257,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - Unknown + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -2948,7 +3287,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - Unknown + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -2966,6 +3305,99 @@ software: references: - '' last_updated: '2021-12-16T00:00:00' + - vendor: Amazon + product: AWS Fargate + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Opt-in hot-patch to mitigate the Log4j issue in JVM layer will be available as platform versions. + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Amazon + product: AWS Glue + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Has been updated. Vulnerable only if ETL jobs load affected versions of Apache Log4j. + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Amazon + product: AWS Greengrass + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Updates for all Greengrass V2 components Stream Manager (2.0.14) + and Secure Tunneling (1.0.6) are available. For Greengrass versions 1.10.x + and 1.11.x, an update for the Stream Manager feature is included in Greengrass + patch versions 1.10.5 and 1.11.5. + references: + - '' + last_updated: '2021-12-16T00:00:00' - vendor: Amazon product: AWS Inspector cves: @@ -2978,7 +3410,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - Unknown + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -2997,7 +3429,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Amazon - product: AWS Kinesis Data Stream + product: AWS IoT SiteWise Edge cves: cve-2021-4104: investigated: false @@ -3006,10 +3438,41 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Unknown + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Updates for all AWS IoT SiteWise Edge components that use Log4j were made available; + OPC-UA collector (v2.0.3), Data processing pack (v2.0.14), and Publisher (v2.0.2). + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Amazon + product: AWS Kinesis Data Streams + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3026,12 +3489,12 @@ software: The Kinesis Client Library (KCL) version 2.X and the Kinesis Producer Library (KPL) are not impacted. For customers using KCL 1.x, we have released an updated version and we strongly recommend that all KCL version 1.x customers upgrade - to KCL version 1.14.5 (or higher) + to KCL version 1.14.5 (or higher). KCL 2.x, KCL 1.14.5 or higher, and KPL are not vulnerable. references: - '' last_updated: '2021-12-14T00:00:00' - vendor: Amazon - product: AWS Lambda + product: AWS KMS cves: cve-2021-4104: investigated: false @@ -3040,9 +3503,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Unknown - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -3070,10 +3533,70 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Unknown + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ + notes: Vulnerable when using aws-lambda-java-log4j2. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: AWS Polly + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: AWS QuickSight + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3102,7 +3625,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - Unknown + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -3117,7 +3640,7 @@ software: vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: Amazon RDS and Amazon Aurora have been updated to mitigate the issues identified - in CVE-2021-44228 + in CVE-2021-44228. references: - '' last_updated: '2021-12-17T00:00:00' @@ -3133,7 +3656,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - Unknown + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -3151,6 +3674,96 @@ software: references: - '' last_updated: '2021-12-14T00:00:00' + - vendor: Amazon + product: AWS SDK + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Amazon + product: AWS Secrets Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Amazon + product: AWS Service Catalog + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' - vendor: Amazon product: AWS SNS cves: @@ -3163,7 +3776,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - Unknown + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -3179,7 +3792,7 @@ software: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: Amazon SNS systems that serve customer traffic are patched against the Log4j2 issue. We are working to apply the Log4j2 patch to sub-systems that operate - separately from SNS’s systems that serve customer traffic + separately from SNS’s systems that serve customer traffic. references: - '' last_updated: '2021-12-14T00:00:00' @@ -3195,7 +3808,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - Unknown + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -3213,6 +3826,157 @@ software: references: - '' last_updated: '2021-12-15T00:00:00' + - vendor: Amazon + product: AWS Systems Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Amazon + product: AWS Systems Manager Agent + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Amazon + product: AWS Textract + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Amazon + product: Chime + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Amazon Chime and Chime SDK services have been updated to mitigate + the issues identified in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Cloud Directory + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon product: CloudFront cves: @@ -3222,9 +3986,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -3251,10 +4016,102 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Cognito + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Corretto + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: 10/19 release distribution does not include Log4j. Vulnerable only + if customers applications use affected versions of Apache Log4j. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: DocumentDB + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3282,9 +4139,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - Amazon Linux 1 & 2 + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3297,12 +4154,12 @@ software: unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: '' + notes: Packages for Amazon Linux 1 and 2 not affected, package for Amazon Linux 2022 is affected. references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Amazon - product: ELB + product: ECR Public cves: cve-2021-4104: investigated: false @@ -3310,10 +4167,104 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Amazon-owned images published under a Verified Account on Amazon + ECR Public are not affected by the Log4j issue. + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Amazon + product: Elastic Load Balancing + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Services have been updated. All Elastic Load Balancers, as well as Classic, + Application, Network and Gateway, are not affected by this Log4j issue. + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Amazon + product: EMR + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Many customers are estimated to be vulnerable. Vulnerable only + if affected EMR releases are used and untrusted sources are configured to be processed. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: EventBridge + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3331,7 +4282,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon - product: KMS + product: Fraud Detector cves: cve-2021-4104: investigated: false @@ -3339,9 +4290,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -3359,6 +4311,610 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Inspector + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Inspector Classic + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Kafka (MSK) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Applying updates as required, portion of customers may still be vulnerable. + Some MSK-specific service components use Log4j > 2.0.0 library and are being patched where needed. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Kendra + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Keyspaces (for Apache Cassandra) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Kinesis + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Kinesis Data Analytics + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Lake Formation + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Update in progress, portion of customers may still be vulnerable. + AWS Lake Formation service hosts are being updated to the latest version of Log4j. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Lex + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Linux (AL1) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: By default not vulnerable. Opt-in hot-patch to mitigate the Log4j in JVM layer issue is available. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Linux (AL2) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: By default not vulnerable, and a new version of Amazon Kinesis Agent + which is part of AL2 addresses the Log4j issue. Opt-in hot-patch to mitigate + the Log4j issue in JVM layer is available. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Lookout for Equipment + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Macie + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Macie Classic + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Managed Workflows for Apache Airflow (MWAA) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: MemoryDB for Redis + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Monitron + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: MQ + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Neptune + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: NICE + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Recommended to update EnginFrame or Log4j library. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon product: OpenSearch cves: @@ -3369,9 +4925,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Unknown - fixed_versions: [] + affected_versions: [] + fixed_versions: + - 'R20211203-P2' unaffected_versions: [] cve-2021-45046: investigated: false @@ -3385,12 +4941,12 @@ software: unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ - notes: '' + notes: Update released, customers need to update their clusters to the fixed release. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon - product: RDS + product: Pinpoint cves: cve-2021-4104: investigated: false @@ -3398,10 +4954,131 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: RDS Aurora + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: RDS for Oracle + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Redshift + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Rekognition + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3427,9 +5104,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -3448,7 +5126,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon - product: S3 + product: SageMaker cves: cve-2021-4104: investigated: false @@ -3456,10 +5134,194 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Completed patching for the Apache Log4j2 issue (CVE-2021-44228). + Vulnerable only if customers applications use affected versions of Apache Log4j. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Simple Notification Service (SNS) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Systems that serve customer traffic are patched against the Log4j2 issue. + Working to apply the patch to sub-systems that operate separately from SNSs + systems that serve customer traffic. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Simple Queue Service (SQS) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Simple Workflow Service (SWF) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Single Sign-On + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Step Functions + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Timestream + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3485,10 +5347,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3514,9 +5377,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -3534,6 +5398,38 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: WorkSpaces/AppStream 2.0 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Not affected with default configurations. WorkDocs Sync client + versions 1.2.895.1 and older within Windows WorkSpaces, which contain + the Log4j component, are vulnerable; For update instruction, see source for more info. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: AMD product: All cves: @@ -3543,10 +5439,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3565,7 +5462,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Anaconda - product: Anaconda + product: All cves: cve-2021-4104: investigated: false @@ -3577,7 +5474,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 4.10.3 + - '4.10.3' cve-2021-45046: investigated: false affected_versions: [] From cdfc36a230abf150888f6f37ef7b727b32c52103 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Fri, 11 Feb 2022 10:37:10 -0500 Subject: [PATCH 12/20] Fix whitespace issue --- data/cisagov_A.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/data/cisagov_A.yml b/data/cisagov_A.yml index 01fd074..e8c15ba 100644 --- a/data/cisagov_A.yml +++ b/data/cisagov_A.yml @@ -4398,7 +4398,7 @@ software: vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: Applying updates as required, portion of customers may still be vulnerable. - Some MSK-specific service components use Log4j > 2.0.0 library and are being patched where needed. + Some MSK-specific service components use Log4j > 2.0.0 library and are being patched where needed. references: - '' last_updated: '2022-01-12T07:18:50+00:00' @@ -5456,7 +5456,7 @@ software: unaffected_versions: [] vendor_links: - https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1034 - notes: Currently, no AMD products have been identified as affected. AMD is continuing + notes: Currently, no AMD products have been identified as affected. AMD is continuing its analysis. references: - '' From b75b3e94b347005421c17c208689eee295a5e6d0 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Fri, 11 Feb 2022 11:27:10 -0500 Subject: [PATCH 13/20] Add/update Apache products --- data/cisagov_A.yml | 897 +++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 826 insertions(+), 71 deletions(-) diff --git a/data/cisagov_A.yml b/data/cisagov_A.yml index e8c15ba..45bfed1 100644 --- a/data/cisagov_A.yml +++ b/data/cisagov_A.yml @@ -5491,6 +5491,36 @@ software: references: - '' last_updated: '2021-12-21T00:00:00' + - vendor: AOMEI + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.aomeitech.com/forum/index.php?p=/discussion/7651/aomei-and-log4j + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' - vendor: Apache product: ActiveMQ Artemis cves: @@ -5535,10 +5565,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: Airflow is written in Python + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apache + product: Archiva + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '2.2.6' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -5550,8 +5611,8 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://github.com/apache/airflow/tree/main/airflow - notes: Airflow is written in Python + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: Fixed in 2.2.6. references: - '' last_updated: '2022-01-12T07:18:50+00:00' @@ -5565,11 +5626,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 3.14.1.3.11.5 - - 3.7.7 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5599,10 +5659,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5658,10 +5719,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5687,8 +5749,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -5717,10 +5780,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5738,7 +5802,7 @@ software: - '' last_updated: '2021-12-13T00:00:00' - vendor: Apache - product: CamelKafka Connector + product: Camel Kafka Connector cves: cve-2021-4104: investigated: false @@ -5746,10 +5810,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5766,6 +5831,36 @@ software: references: - '' last_updated: '2021-12-13T00:00:00' + - vendor: Apache + product: Cassandra + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://lists.apache.org/thread/2rngylxw8bjos6xbo1krp29m9wn2hhdr + notes: '' + references: + - '' + last_updated: '2021-12-13T00:00:00' - vendor: Apache product: Druid cves: @@ -5776,9 +5871,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - < druid 0.22.0 - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '0.22.1' unaffected_versions: [] cve-2021-45046: investigated: false @@ -5796,6 +5891,36 @@ software: references: - '' last_updated: '2021-12-12T00:00:00' + - vendor: Apache + product: Dubbo + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 'All' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://github.com/apache/dubbo/issues/9380 + notes: '' + references: + - '' + last_updated: '2021-12-12T00:00:00' - vendor: Apache product: Flink cves: @@ -5808,7 +5933,8 @@ software: investigated: true affected_versions: [] fixed_versions: - - < 1.14.2 + - 1.15.0 + - 1.14.2 - 1.13.5 - 1.12.7 - 1.11.6 @@ -5825,14 +5951,314 @@ software: unaffected_versions: [] vendor_links: - https://flink.apache.org/2021/12/10/log4j-cve.html - notes: 'To clarify and avoid confusion: The 1.14.1 / 1.13.4 / 1.12.6 / 1.11.5 + notes: To clarify and avoid confusion, the 1.14.1 / 1.13.4 / 1.12.6 / 1.11.5 releases, which were supposed to only contain a Log4j upgrade to 2.15.0, were skipped because CVE-2021-45046 was discovered during the release publication. The new 1.14.2 / 1.13.5 / 1.12.7 / 1.11.6 releases include a version upgrade - for Log4j to version 2.16.0 to address CVE-2021-44228 and CVE-2021-45046.' + for Log4j to version 2.16.0 to address CVE-2021-44228 and CVE-2021-45046. references: - '[https://flink.apache.org/news/2021/12/16/log4j-patch-releases.html](https://flink.apache.org/news/2021/12/16/log4j-patch-releases.html)' last_updated: '2021-12-12T00:00:00' + - vendor: Apache + product: Fortress + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '< 2.0.7' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: Fixed in 2.0.7. + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Apache + product: Geode + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '1.14.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: Fixed in 1.12.6, 1.13.5, 1.14.1. + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Apache + product: Guacamole + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Apache + product: Hadoop + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Apache + product: HBase + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Apache + product: Hive + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '4.x' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Apache + product: James + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '3.6.0' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Apache + product: Jena + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '< 4.3.1' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Apache + product: JMeter + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 'All' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Apache + product: JSPWiki + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '2.11.1' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' - vendor: Apache product: Kafka cves: @@ -5859,13 +6285,12 @@ software: unaffected_versions: [] vendor_links: - https://kafka.apache.org/cve-list - notes: The current DB lists Apache Kafka as impacted. Apache Kafka uses Log4jv1, - not v2. + notes: Uses Log4j 1.2.17. references: - '' last_updated: '2021-12-14T00:00:00' - vendor: Apache - product: Kafka + product: Log4j 1.x cves: cve-2021-4104: investigated: false @@ -5874,40 +6299,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Unknown - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://logging.apache.org/log4j/2.x/security.html - notes: Only vulnerable in certain configuration(s) - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Apache - product: Log4j - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: - - < 2.15.0 - fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 'All' cve-2021-45046: investigated: false affected_versions: [] @@ -5925,7 +6320,97 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Apache - product: Solr + product: Log4j 2.x + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '2.17.1' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://logging.apache.org/log4j/2.x/security.html + notes: Fixed in Log4j 2.17.1 (Java 8), 2.12.4 (Java 7) and 2.3.2 (Java 6). + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apache + product: Maven + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apache + product: NiFi + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: Fixed in 1.15.1, 1.16.0. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apache + product: OFBiz cves: cve-2021-4104: investigated: false @@ -5936,8 +6421,98 @@ software: investigated: true affected_versions: [] fixed_versions: - - 7.4.0 to 7.7.3 - - 8.0.0 to 8.11.0 + - '< 18.12.03' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apache + product: Ozone + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '< 1.2.1' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: Fixed in 1.15.1, 1.16.0. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apache + product: SkyWalking + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '< 8.9.1' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apache + product: SOLR + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '7.4.0 to 7.7.3' + - '8.0.0 to 8.11.0' unaffected_versions: [] cve-2021-45046: investigated: false @@ -5951,10 +6526,70 @@ software: unaffected_versions: [] vendor_links: - https://solr.apache.org/security.html#apache-solr-affected-by-apache-log4j-cve-2021-44228 - notes: Update to 8.11.1 or apply fixes as described in Solr security advisory + notes: Fixed in 8.11.1, Versions before 7.4 also vulnerable when using several configurations. references: - '[Apache Solr 8.11.1 downloads](https://solr.apache.org/downloads.html)' last_updated: '2021-12-16T00:00:00' + - vendor: Apache + product: Spark + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: Uses log4j 1.x + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apache + product: Struts + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '2.5.28' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Apache product: Struts 2 cves: @@ -5964,10 +6599,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: + investigated: true + affected_versions: [] + fixed_versions: - Versions before 2.5.28.1 - fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -5982,12 +6617,72 @@ software: vendor_links: - https://struts.apache.org/announce-2021 notes: The Apache Struts group is pleased to announce that Struts 2.5.28.1 is - available as a “General Availability” release. The GA designation is our highest + available as a General Availability release. The GA designation is our highest quality grade. This release addresses Log4j vulnerability CVE-2021-45046 by using the latest Log4j 2.12.2 version (Java 1.7 compatible). references: - '[Apache Struts Release Downloads](https://struts.apache.org/download.cgi#struts-ga)' last_updated: '2021-12-21T00:00:00' + - vendor: Apache + product: Tapestry + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '5.7.3' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apache + product: Tika + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '2.0.0 and up' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Apache product: Tomcat cves: @@ -5998,10 +6693,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: false - affected_versions: - - 9.0.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6017,15 +6712,75 @@ software: notes: Apache Tomcat 9.0.x has no dependency on any version of log4j. Web applications deployed on Apache Tomcat may have a dependency on log4j. You should seek support from the application vendor in this instance. It is possible to configure Apache - Tomcat 9.0.x to use log4j 2.x for Tomcat's internal logging. This requires explicit + Tomcat 9.0.x to use log4j 2.x for Tomcats internal logging. This requires explicit configuration and the addition of the log4j 2.x library. Anyone who has switched - Tomcat's internal logging to log4j 2.x is likely to need to address this vulnerability. + Tomcats internal logging to log4j 2.x is likely to need to address this vulnerability. In most cases, disabling the problematic feature will be the simplest solution. Exactly how to do that depends on the exact version of log4j 2.x being used. Details are provided on the [log4j 2.x security page](https://logging.apache.org/log4j/2.x/security.html) references: - '' last_updated: '2021-12-21T00:00:00' + - vendor: Apache + product: TrafficControl + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apache + product: ZooKeeper + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: APC by Schneider Electric product: Powerchute Business Edition cves: From e4f9401d3cbb2cb2d82b362e7173a32db1ff598b Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Fri, 11 Feb 2022 11:46:40 -0500 Subject: [PATCH 14/20] Update various A products --- data/cisagov_A.yml | 45 ++++++++++++++++++++++++--------------------- 1 file changed, 24 insertions(+), 21 deletions(-) diff --git a/data/cisagov_A.yml b/data/cisagov_A.yml index 45bfed1..dfba695 100644 --- a/data/cisagov_A.yml +++ b/data/cisagov_A.yml @@ -6793,11 +6793,11 @@ software: investigated: true affected_versions: [] fixed_versions: - - v9.5 - - v10.0.1 - - v10.0.2 - - v10.0.3 - - v10.0.4 + - 'v9.5' + - 'v10.0.1' + - 'v10.0.2' + - 'v10.0.3' + - 'v10.0.4' unaffected_versions: [] cve-2021-45046: investigated: false @@ -6830,7 +6830,7 @@ software: - '4.2' - '4.3' - '4.4' - - 4.4.1 + - '4.4.1' unaffected_versions: [] cve-2021-45046: investigated: false @@ -6858,9 +6858,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 6.3.x & 6.4.x - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '6.3.x' + - '6.4.x' unaffected_versions: [] cve-2021-45046: investigated: false @@ -6874,7 +6875,7 @@ software: unaffected_versions: [] vendor_links: - https://apereo.github.io/2021/12/11/log4j-vuln/ - notes: '' + notes: Other versions still in active maintainance might need manual inspection. references: - '' last_updated: '2022-01-12T07:18:50+00:00' @@ -6888,10 +6889,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - < 9.10 - - < 10.6 - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '< 9.10' + - '< 10.6' unaffected_versions: [] cve-2021-45046: investigated: false @@ -6910,7 +6911,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Apigee - product: '' + product: Edge and OPDK products cves: cve-2021-4104: investigated: false @@ -6918,10 +6919,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 'All' cve-2021-45046: investigated: false affected_versions: [] @@ -6939,7 +6941,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Apollo - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -6968,7 +6970,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Appdynamics - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -7020,13 +7022,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://community.appeon.com/index.php/qna/q-a/apache-log4j-security-vulnerabilities notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: AppGate - product: '' + product: All cves: cve-2021-4104: investigated: false From 1ea05f0f150f7019c6945bc1619a96ce1d1d5566 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Fri, 11 Feb 2022 11:49:49 -0500 Subject: [PATCH 15/20] Fix indentation errors --- data/cisagov_A.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/data/cisagov_A.yml b/data/cisagov_A.yml index dfba695..06e0e28 100644 --- a/data/cisagov_A.yml +++ b/data/cisagov_A.yml @@ -6891,8 +6891,8 @@ software: investigated: true affected_versions: [] fixed_versions: - - '< 9.10' - - '< 10.6' + - '< 9.10' + - '< 10.6' unaffected_versions: [] cve-2021-45046: investigated: false From c8fdefcab20994bf58a552eaee845558798dfd60 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Fri, 11 Feb 2022 12:44:09 -0500 Subject: [PATCH 16/20] Add Arista products --- data/cisagov_A.yml | 185 ++++++++++++++++++++++++++++++++++----------- 1 file changed, 140 insertions(+), 45 deletions(-) diff --git a/data/cisagov_A.yml b/data/cisagov_A.yml index 06e0e28..e348ea5 100644 --- a/data/cisagov_A.yml +++ b/data/cisagov_A.yml @@ -7096,39 +7096,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: - - Not Affected - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: [] - notes: '' - references: - - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Application Performance Ltd - product: DBMarlin - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7146,7 +7118,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: APPSHEET - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -7175,7 +7147,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Aptible - product: Aptible + product: All cves: cve-2021-4104: investigated: false @@ -7184,9 +7156,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - ElasticSearch 5.x - fixed_versions: [] + affected_versions: [] + fixed_versions: + - Search 5.x unaffected_versions: [] cve-2021-45046: investigated: false @@ -7205,7 +7177,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Aqua Security - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -7242,10 +7214,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7292,7 +7265,7 @@ software: - '' last_updated: '2022-01-13T00:00:00' - vendor: Arca Noae - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -7561,7 +7534,7 @@ software: - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' last_updated: '2021-12-14T00:00:00' - vendor: ArcticWolf - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -7590,7 +7563,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Arduino - product: '' + product: IDE cves: cve-2021-4104: investigated: false @@ -7598,9 +7571,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '1.8.17' unaffected_versions: [] cve-2021-45046: investigated: false @@ -7619,7 +7593,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Ariba - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -7648,7 +7622,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Arista - product: '' + product: Analytics Node for Converged Cloud Fabric cves: cve-2021-4104: investigated: false @@ -7656,10 +7630,71 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: + - '>7.0.0' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.arista.com/en/support/advisories-notices/security-advisories/13425-security-advisory-0070 + notes: Formerly Big Cloud Fabric + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Arista + product: Analytics Node for DANZ Monitoring Fabric + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '>7.0.0' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.arista.com/en/support/advisories-notices/security-advisories/13425-security-advisory-0070 + notes: Formerly Big Monitoring Fabric + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Arista + product: CloudVision Portal + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '>2019.1.0' + fixed_versions: [] + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -7676,6 +7711,66 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Arista + product: CloudVision Wi-Fi, virtual or physical appliance + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '>8.8' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.arista.com/en/support/advisories-notices/security-advisories/13425-security-advisory-0070 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Arista + product: Embedded Analytics for Converged Cloud Fabric + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '>5.3.0' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.arista.com/en/support/advisories-notices/security-advisories/13425-security-advisory-0070 + notes: Formerly Big Cloud Fabric + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Aruba Networks product: '' cves: From 0e96602b61062cecbb16b43fce7419b5e80e8a15 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Fri, 11 Feb 2022 12:58:04 -0500 Subject: [PATCH 17/20] Add Aruba Networks products --- data/cisagov_A.yml | 729 ++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 725 insertions(+), 4 deletions(-) diff --git a/data/cisagov_A.yml b/data/cisagov_A.yml index e348ea5..2a38f3e 100644 --- a/data/cisagov_A.yml +++ b/data/cisagov_A.yml @@ -7772,7 +7772,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Aruba Networks - product: '' + product: AirWave Management Platform cves: cve-2021-4104: investigated: false @@ -7780,10 +7780,461 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: Analytics and Location Engine + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: ArubaOS Wi-Fi Controllers and Gateways + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: ArubaOS SD-WAN Gateways + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: ArubaOS-CX Switches + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: ArubaOS-S Switches + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: Central + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: Central On-Prem + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: ClearPass Policy Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: EdgeConnect + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: Fabric Composer (AFC) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: HP ProCurve Switches + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: Instant + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: Instant Access Points + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: Instant On + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: IntroSpect + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 'Versions 2.5.0.0 to 2.5.0.6' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -7795,13 +8246,283 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://asp.arubanetworks.com/notifications/Tm90aWZpY2F0aW9uOjEwMTQ0;notificationCategory=Security + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: Legacy GMS Products + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: Legacy NX + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: Legacy VX + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: Legacy VRX + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: NetEdit + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: Plexxi Composable Fabric Manager (CFM) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: Silver Peak Orchestrator + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: User Experience Insight (UXI) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: VIA Clients + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Ataccama - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -7830,7 +8551,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Atera - product: '' + product: All cves: cve-2021-4104: investigated: false From 77774d0c8d23382a5165f559e35167eeb2530237 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Fri, 11 Feb 2022 13:27:35 -0500 Subject: [PATCH 18/20] Add Atlassian products --- data/cisagov_A.yml | 298 ++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 268 insertions(+), 30 deletions(-) diff --git a/data/cisagov_A.yml b/data/cisagov_A.yml index 2a38f3e..aa87a2e 100644 --- a/data/cisagov_A.yml +++ b/data/cisagov_A.yml @@ -8589,10 +8589,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 'On Prem' fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -8605,8 +8605,7 @@ software: unaffected_versions: [] vendor_links: - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html - notes: This product may be affected by a related but lower severity vulnerability - if running in a specific non-default configuration. + notes: Only vulnerable when using non-default config, cloud version fixed. references: - '' last_updated: '2022-01-12T07:18:50+00:00' @@ -8620,9 +8619,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - All - fixed_versions: [] + affected_versions: [] + fixed_versions: + - 'On prem' unaffected_versions: [] cve-2021-45046: investigated: false @@ -8651,10 +8650,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 'On prem' fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -8667,8 +8666,247 @@ software: unaffected_versions: [] vendor_links: - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html - notes: This product may be affected by a related but lower severity vulnerability - if running in a specific non-default configuration. + notes: Only vulnerable when using non-default config, cloud version fixed. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Atlassian + product: Confluence-CIS CSAT Pro + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 'v1.7.1' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Atlassian + product: Confluence-CIS WorkBench + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Atlassian + product: Confluence-CIS-CAT Lite + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 'v4.13.0' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Atlassian + product: Confluence-CIS-CAT Pro Assessor v3 Full and Dissolvable + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 'v3.0.77' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Atlassian + product: Confluence-CIS-CAT Pro Assessor v4 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 'v4.13.0' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Atlassian + product: Confluence-CIS-CAT Pro Assessor v4 Service + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 'v1.13.0' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Atlassian + product: Confluence-CIS-CAT Pro Dashboard + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Atlassian + product: Confluence-CIS-Hosted CSAT + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html + notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' @@ -8682,10 +8920,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - On prem fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -8713,10 +8951,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 'On prem' fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -8744,10 +8982,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 'On prem' fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -8775,10 +9013,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - On prem fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -8796,8 +9034,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Attivo networks - product: '' + - vendor: Attivo Networks + product: All cves: cve-2021-4104: investigated: false @@ -8858,7 +9096,7 @@ software: - '' last_updated: '2022-01-17T00:00:00' - vendor: AudioCodes - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -8887,7 +9125,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Autodesk - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -8923,7 +9161,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Automox - product: '' + product: All cves: cve-2021-4104: investigated: false From 78bcca16e5d53ccb2336efb429ae7d4671644750 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Fri, 11 Feb 2022 13:40:35 -0500 Subject: [PATCH 19/20] Update various A products --- data/cisagov_A.yml | 131 ++++++++++++++++++++++++++++++++++++++------- 1 file changed, 112 insertions(+), 19 deletions(-) diff --git a/data/cisagov_A.yml b/data/cisagov_A.yml index aa87a2e..567c860 100644 --- a/data/cisagov_A.yml +++ b/data/cisagov_A.yml @@ -9160,6 +9160,97 @@ software: references: - '' last_updated: '2021-12-21T00:00:00' + - vendor: Automation Anywhere + product: Automation 360 Cloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://apeople.automationanywhere.com/s/login/?language=en_US&startURL=%2Fs%2Farticle%2FA360-Cloud-Zero-day-in-the-Log4j-Java-library&ec=302 + notes: This advisory is available to customer only and has not been reviewed by CISA. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Automation Anywhere + product: Automation 360 On Premise + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://apeople.automationanywhere.com/s/login/?language=en_US&startURL=%2Fs%2Farticle%2FA360-Cloud-Zero-day-in-the-Log4j-Java-library&ec=302 + notes: This advisory is available to customer only and has not been reviewed by CISA. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Automation Anywhere + product: Automation Anywhere + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '11.x' + - '<11.3x' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://apeople.automationanywhere.com/s/login/?language=en_US&startURL=%2Fs%2Farticle%2FA360-Cloud-Zero-day-in-the-Log4j-Java-library&ec=302 + notes: This advisory is available to customer only and has not been reviewed by CISA. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Automox product: All cves: @@ -9190,7 +9281,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Autopsy - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -9219,7 +9310,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Auvik - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -9248,7 +9339,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Avantra SYSLINK - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -9421,8 +9512,8 @@ software: affected_versions: - '8' - '8.1' - - 8.1.4 - - 8.1.5 + - '8.1.4' + - '8.1.5' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -10209,7 +10300,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: AVEPOINT - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -10238,7 +10329,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: AVM - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -10246,10 +10337,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -10262,12 +10354,12 @@ software: unaffected_versions: [] vendor_links: - https://avm.de/service/aktuelle-sicherheitshinweise/#Schwachstelle%20im%20Java-Projekt%20%E2%80%9Elog4j%E2%80%9C - notes: '' + notes: devices, firmware, software incl. MyFritz Service. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: AvTech RoomAlert - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -10295,8 +10387,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: AWS New - product: '' + - vendor: AXIS + product: OS cves: cve-2021-4104: investigated: false @@ -10304,10 +10396,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -10319,13 +10412,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + - https://help.axis.com/axis-os notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: AXON - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -10354,7 +10447,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: AXS Guard - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -10383,7 +10476,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Axways Applications - product: '' + product: All cves: cve-2021-4104: investigated: false From f4856ebddc5522e2b07664f13fc5347a65a8e5d9 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Fri, 11 Feb 2022 14:03:21 -0500 Subject: [PATCH 20/20] Update Avaya products --- data/cisagov_A.yml | 171 +++++++++++++++++++-------------------------- 1 file changed, 72 insertions(+), 99 deletions(-) diff --git a/data/cisagov_A.yml b/data/cisagov_A.yml index 567c860..22dcda9 100644 --- a/data/cisagov_A.yml +++ b/data/cisagov_A.yml @@ -9410,8 +9410,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -9434,7 +9435,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: Avaya Aura® Application Enablement Services + product: Avaya Aura Application Enablement Services cves: cve-2021-4104: investigated: false @@ -9444,8 +9445,8 @@ software: cve-2021-44228: investigated: true affected_versions: - - 8.1.3.2 - - 8.1.3.3 + - '8.1.3.2' + - '8.1.3.3' - '10.1' fixed_versions: [] unaffected_versions: [] @@ -9466,7 +9467,7 @@ software: - '[PSN020551u](https://download.avaya.com/css/public/documents/101079386)' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: Avaya Aura® Contact Center + product: Avaya Aura Contact Center cves: cve-2021-4104: investigated: false @@ -9476,11 +9477,11 @@ software: cve-2021-44228: investigated: true affected_versions: - - 7.0.2 - - 7.0.3 + - '7.0.2' + - '7.0.3' - '7.1' - - 7.1.1 - - 7.1.2 + - '7.1.1' + - '7.1.2' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -9500,7 +9501,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: Avaya Aura® Device Services + product: Avaya Aura Device Services cves: cve-2021-4104: investigated: false @@ -9511,7 +9512,10 @@ software: investigated: true affected_versions: - '8' + - '8.0.1' + - '8.0.2' - '8.1' + - '8.1.3' - '8.1.4' - '8.1.5' fixed_versions: [] @@ -9533,7 +9537,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: Avaya Aura® Device Services + product: Avaya Aura Media Server cves: cve-2021-4104: investigated: false @@ -9543,41 +9547,9 @@ software: cve-2021-44228: investigated: true affected_versions: - - 8.0.1 - - 8.0.2 - - 8.1.3 - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 - notes: '' - references: - - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Avaya - product: Avaya Aura® Media Server - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: - - 8.0.0 - - 8.0.1 - - 8.0.2 + - '8.0.0' + - '8.0.1' + - '8.0.2' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -9597,7 +9569,7 @@ software: - '[PSN020549u](https://download.avaya.com/css/secure/documents/101079316)' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: Avaya Aura® Presence Services + product: Avaya Aura Presence Services cves: cve-2021-4104: investigated: false @@ -9608,15 +9580,15 @@ software: investigated: true affected_versions: - '10.1' - - 7.1.2 + - '7.1.2' - '8' - - 8.0.1 - - 8.0.2 + - '8.0.1' + - '8.0.2' - '8.1' - - 8.1.1 - - 8.1.2 - - 8.1.3 - - 8.1.4 + - '8.1.1' + - '8.1.2' + - '8.1.3' + - '8.1.4' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -9636,7 +9608,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: Avaya Aura® Session Manager + product: Avaya Aura Session Manager cves: cve-2021-4104: investigated: false @@ -9647,13 +9619,13 @@ software: investigated: true affected_versions: - '10.1' - - 7.1.3 + - '7.1.3' - '8' - - 8.0.1 + - '8.0.1' - '8.1' - - 8.1.1 - - 8.1.2 - - 8.1.3 + - '8.1.1' + - '8.1.2' + - '8.1.3' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -9673,7 +9645,7 @@ software: - '[PSN020550u](https://download.avaya.com/css/public/documents/101079384)' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: Avaya Aura® System Manager + product: Avaya Aura System Manager cves: cve-2021-4104: investigated: false @@ -9684,7 +9656,7 @@ software: investigated: true affected_versions: - '10.1' - - 8.1.3 + - '8.1.3' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -9704,7 +9676,7 @@ software: - '[PSN005565u](https://download.avaya.com/css/secure/documents/101079390)' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: Avaya Aura® Web Gateway + product: Avaya Aura Web Gateway cves: cve-2021-4104: investigated: false @@ -9714,11 +9686,11 @@ software: cve-2021-44228: investigated: true affected_versions: - - 3.11[P] - - 3.8.1[P] - - 3.8[P] - - 3.9.1 [P] - - 3.9[P] + - '3.11[P]' + - '3.8.1[P]' + - '3.8[P]' + - '3.9.1[P]' + - '3.9[P]' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -9738,7 +9710,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: Avaya Breeze™ + product: Avaya Breeze cves: cve-2021-4104: investigated: false @@ -9750,7 +9722,7 @@ software: affected_versions: - '3.7' - '3.8' - - 3.8.1 + - '3.8.1' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -9780,11 +9752,11 @@ software: cve-2021-44228: investigated: true affected_versions: - - 7.0.2 - - 7.0.3 + - '7.0.2' + - '7.0.3' - '7.1' - - 7.1.1 - - 7.1.2 + - '7.1.1' + - '7.1.2' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -9844,7 +9816,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 3.1.22 + - '3.1.22' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -9874,9 +9846,9 @@ software: cve-2021-44228: investigated: true affected_versions: - - 9.1.10 - - 9.1.11 - - 9.1.12 + - '9.1.10' + - '9.1.11' + - '9.1.12' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -9896,7 +9868,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: Avaya one cloud private -UCaaS - Mid Market Aura + product: Avaya OneCloud-Private-UCaaS - Mid Market Aura cves: cve-2021-4104: investigated: false @@ -9966,11 +9938,11 @@ software: cve-2021-44228: investigated: true affected_versions: - - 8.0.1 + - '8.0.1' - '8.1' - - 8.1.1 - - 8.1.2 - - 8.1.3 + - '8.1.1' + - '8.1.2' + - '8.1.3' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -9998,8 +9970,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -10093,7 +10066,7 @@ software: investigated: true affected_versions: - '5' - - 5.0.1 + - '5.0.1' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -10123,8 +10096,8 @@ software: cve-2021-44228: investigated: true affected_versions: - - 9.0.2 - - 9.0.2.1 + - '9.0.2' + - '9.0.2.1' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -10174,7 +10147,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: Equinox™ Conferencing + product: Equinox Conferencing cves: cve-2021-4104: investigated: false @@ -10184,7 +10157,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 9.1.2 + - '9.1.2' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -10214,7 +10187,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 7.3.9 + - '7.3.9' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -10234,7 +10207,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: IP Office™ Platform + product: IP Office Platform cves: cve-2021-4104: investigated: false @@ -10244,10 +10217,10 @@ software: cve-2021-44228: investigated: true affected_versions: - - 11.0.4 + - '11.0.4' - '11.1' - - 11.1.1 - - 11.1.2 + - '11.1.1' + - '11.1.2' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -10277,10 +10250,10 @@ software: cve-2021-44228: investigated: true affected_versions: - - 3.1.2 - - 3.1.3 + - '3.1.2' + - '3.1.3' - '4' - - 4.0.1 + - '4.0.1' fixed_versions: [] unaffected_versions: [] cve-2021-45046: