From 4c0590544d8f8bc283303fa640c7adcc808ba470 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Mon, 7 Feb 2022 15:50:56 -0500 Subject: [PATCH 01/15] Add Paesslet, Update Palantir products --- data/cisagov_P.yml | 68 ++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 66 insertions(+), 2 deletions(-) diff --git a/data/cisagov_P.yml b/data/cisagov_P.yml index 25aa4c8..43872f2 100644 --- a/data/cisagov_P.yml +++ b/data/cisagov_P.yml @@ -4,8 +4,38 @@ owners: - name: cisagov url: https://github.com/cisagov/log4j-affected-db software: + - vendor: Paessler + product: PRTG + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.rundeck.com/docs/history/CVEs/#log4shell-cves + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' - vendor: PagerDuty - product: PagerDuty SaaS + product: PagerDuty Rundeck cves: cve-2021-4104: investigated: false @@ -13,10 +43,44 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '3.3+' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + vendor_links: + - https://support.pagerduty.com/docs/pagerduty-log4j-zero-day-vulnerability + notes: We currently see no evidence of compromises on our platform. Our teams + continue to monitor for new developments and for impacts on sub-processors and + dependent systems. PagerDuty SaaS customers do not need to take any additional + action for their PagerDuty SaaS environment. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: PagerDuty + product: PagerDuty SaaS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -48,7 +112,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - All + - 'All' unaffected_versions: [] cve-2021-45046: investigated: false From 92ec811f7ed83543ecaf1fe4815b5a99ab6b6bb1 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Mon, 7 Feb 2022 16:02:21 -0500 Subject: [PATCH 02/15] Update Palo-Alto products --- data/cisagov_P.yml | 178 ++++++++++++++++++++++++++++++++++++--------- 1 file changed, 143 insertions(+), 35 deletions(-) diff --git a/data/cisagov_P.yml b/data/cisagov_P.yml index 43872f2..6e4e3fe 100644 --- a/data/cisagov_P.yml +++ b/data/cisagov_P.yml @@ -234,10 +234,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -263,10 +264,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -292,10 +294,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -321,10 +324,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -350,10 +354,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -379,10 +384,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security.paloaltonetworks.com/CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: Exact Data Matching CLI + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '1.2' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -408,10 +444,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -437,10 +474,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -466,10 +504,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -495,10 +534,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security.paloaltonetworks.com/CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: Palo-Alto Networks-DB Private Cloud + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -524,10 +594,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -554,11 +625,11 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '9.0' - - '9.1' - - '10.0' - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '9.0.15' + - '9.1.12-h3' + - '10.0.8-h8' unaffected_versions: [] cve-2021-45046: investigated: false @@ -587,10 +658,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -616,10 +688,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -645,10 +718,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security.paloaltonetworks.com/CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: Prisma SD-WAN (CloudGenix) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -674,10 +778,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -703,10 +808,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -732,10 +838,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -761,10 +868,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] From b0c20b122b6c342d14a1c43adc88c0289305cedf Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Mon, 7 Feb 2022 16:09:28 -0500 Subject: [PATCH 03/15] Add Papercut products --- data/cisagov_P.yml | 228 +++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 220 insertions(+), 8 deletions(-) diff --git a/data/cisagov_P.yml b/data/cisagov_P.yml index 6e4e3fe..4822313 100644 --- a/data/cisagov_P.yml +++ b/data/cisagov_P.yml @@ -1430,7 +1430,7 @@ software: - '' last_updated: '2022-01-20T00:00:00' - vendor: Panopto - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -1458,6 +1458,36 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PaperCut + product: PaperCut Hive + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.papercut.com/kb/Main/Log4Shell-CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' - vendor: PaperCut product: PaperCut MF cves: @@ -1483,13 +1513,73 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.papercut.com/support/known-issues/?id=PO-684#ng + - https://www.papercut.com/kb/Main/Log4Shell-CVE-2021-44228 notes: Versions 21.0 and later are impacted. Versions 20 and earlier are NOT impacted by this. Workaround manual steps available in reference. Upgrade to PaperCut NG/MF version 21.2.3 Now Available to resolve. references: - '' last_updated: '2021-12-16T00:00:00' + - vendor: PaperCut + product: PaperCut MobilityPrint + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.papercut.com/kb/Main/Log4Shell-CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: PaperCut + product: PaperCut MultiVerse + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.papercut.com/kb/Main/Log4Shell-CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' - vendor: PaperCut product: PaperCut NG cves: @@ -1515,15 +1605,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.papercut.com/support/known-issues/?id=PO-684#ng + - https://www.papercut.com/kb/Main/Log4Shell-CVE-2021-44228 notes: Versions 21.0 and later are impacted. Versions 20 and earlier are NOT impacted by this. Workaround manual steps available in reference. Upgrade to PaperCut NG/MF version 21.2.3 Now Available to resolve. references: - '' last_updated: '2021-12-16T00:00:00' - - vendor: Parallels - product: '' + - vendor: PaperCut + product: PaperCut Online Services cves: cve-2021-4104: investigated: false @@ -1531,10 +1621,131 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.papercut.com/kb/Main/Log4Shell-CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: PaperCut + product: PaperCut Pocket + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.papercut.com/kb/Main/Log4Shell-CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: PaperCut + product: PaperCut Print Logger + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.papercut.com/kb/Main/Log4Shell-CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: PaperCut + product: PaperCut Views + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.papercut.com/kb/Main/Log4Shell-CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Parallels + product: Remote Application Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' cve-2021-45046: investigated: false affected_versions: [] @@ -1552,7 +1763,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Parse.ly - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -1589,10 +1800,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] From 96ea96a11a728324ef900e3ef4eb2c657a0d6f24 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Mon, 7 Feb 2022 16:14:39 -0500 Subject: [PATCH 04/15] Add PDX, Personio, etc. --- data/cisagov_P.yml | 102 ++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 96 insertions(+), 6 deletions(-) diff --git a/data/cisagov_P.yml b/data/cisagov_P.yml index 4822313..df00c13 100644 --- a/data/cisagov_P.yml +++ b/data/cisagov_P.yml @@ -1822,8 +1822,8 @@ software: references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Pega - product: '' + - vendor: PDQ + product: Deploy cves: cve-2021-4104: investigated: false @@ -1846,13 +1846,73 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.pega.com/security-advisory/security-advisory-apache-log4j-zero-day-vulnerability + - https://www.pdq.com/blog/log4j-vulnerability-cve-2021-44228/?utm_content=190941012&utm_medium=social&utm_source=twitter&hss_channel=tw-90432152 notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: PDQ + product: Inventory + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.pdq.com/blog/log4j-vulnerability-cve-2021-44228/?utm_content=190941012&utm_medium=social&utm_source=twitter&hss_channel=tw-90432152 + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Pega + product: Platform + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '7.3.x - 8.6.x' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.pega.com/security-advisory/security-advisory-apache-log4j-zero-day-vulnerability + notes: Hotfixes made available for registered customers by Pega. When using Stream nodes, + the embedded Kafka instances require a separate hotfix to be installed. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Pentaho - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -1881,7 +1941,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Pepperl+Fuchs - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -1910,7 +1970,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Percona - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -1938,6 +1998,36 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Personio + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://status.personio.de/incidents/kn4c6mf6lpdv + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Pexip product: '' cves: From 26bb2108ef60b6bd54b9f45231cbbc5b0f3fa5a5 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Mon, 7 Feb 2022 16:21:01 -0500 Subject: [PATCH 05/15] Add Pexip products --- data/cisagov_P.yml | 245 ++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 243 insertions(+), 2 deletions(-) diff --git a/data/cisagov_P.yml b/data/cisagov_P.yml index df00c13..4f73194 100644 --- a/data/cisagov_P.yml +++ b/data/cisagov_P.yml @@ -2029,7 +2029,217 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Pexip - product: '' + product: Endpoint Activation + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.pexip.com/blog1.0/pexip-statement-on-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pexip + product: Eptools + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.pexip.com/blog1.0/pexip-statement-on-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pexip + product: Infinity + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.pexip.com/blog1.0/pexip-statement-on-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pexip + product: Infinity Connect Client + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.pexip.com/blog1.0/pexip-statement-on-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pexip + product: Microsoft Teams Connector + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.pexip.com/blog1.0/pexip-statement-on-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pexip + product: My Meeting Video + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.pexip.com/blog1.0/pexip-statement-on-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pexip + product: Reverse Proxy and TURN Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.pexip.com/blog1.0/pexip-statement-on-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pexip + product: Service cves: cve-2021-4104: investigated: false @@ -2037,10 +2247,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 'All' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + vendor_links: + - https://www.pexip.com/blog1.0/pexip-statement-on-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pexip + product: VMR Self-Service Portal + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' cve-2021-45046: investigated: false affected_versions: [] @@ -2058,7 +2299,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Phenix Id - product: '' + product: All cves: cve-2021-4104: investigated: false From 304fc1599cfc1d13b1a9a183e205f844d66ffc3d Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Tue, 8 Feb 2022 09:16:48 -0500 Subject: [PATCH 06/15] Add Philips products --- data/cisagov_P.yml | 544 ++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 541 insertions(+), 3 deletions(-) diff --git a/data/cisagov_P.yml b/data/cisagov_P.yml index 4f73194..fcde93c 100644 --- a/data/cisagov_P.yml +++ b/data/cisagov_P.yml @@ -2328,7 +2328,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Philips - product: Multiple products + product: Event Analytics (All VUE PACS Versions) cves: cve-2021-4104: investigated: false @@ -2336,10 +2336,104 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: + - 'All' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive + notes: '' + references: + - '' + last_updated: '2021-12-13T07:18:50+00:00' + - vendor: Philips + product: HealthSuite Marketplace + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '1.2' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive + notes: Philips hosting environment has deployed a patch. + references: + - '' + last_updated: '2021-12-13T07:18:50+00:00' + - vendor: Philips + product: IntelliBridge Enterprise + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 'B.13' + - 'B.15' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive + notes: Software only products with customer owned Operating Systems. + For products solutions where the server was provided it is customer + responsibility to validate and deploy patches. + references: + - '' + last_updated: '2021-12-13T07:18:50+00:00' + - vendor: Philips + product: IntelliSite Pathology Solution 5.1 + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 'L1' + fixed_versions: [] + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2351,11 +2445,455 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.philips.com/a-w/security/security-advisories.html + - https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' + last_updated: '2021-12-13T07:18:50+00:00' + - vendor: Philips + product: IntelliSpace Enterprise + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 'v11 and above' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive + notes: Software only products with customer owned Operating Systems. + For products solutions where the server was provided by Philips, it + will be Philips responsibility to validate and provide patches. + Information or patch available in Inleft. Please contact your + local service support team. + references: + - '' + last_updated: '2021-12-13T07:18:50+00:00' + - vendor: Philips + product: IntelliSpace PACS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive + notes: Philips hosting environment is evaluating the VMware provided workaround and + in the process of deploying for managed service customers. + references: + - '' + last_updated: '2021-12-13T07:18:50+00:00' + - vendor: Philips + product: IntelliSpace Portal Server/workstation + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 'v9 and above' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive + notes: Software only products with customer owned Operating Systems. + For products solutions where the server was provided by Philips, it + will be Philips responsibility to validate and provide patches. Information + or patch available in Inleft. Please contact your local service support team. + references: + - '' + last_updated: '2021-12-13T07:18:50+00:00' + - vendor: Philips + product: Pathology De-identifier 1.0 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 'L1' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive + notes: '' + references: + - '' + last_updated: '2021-12-13T07:18:50+00:00' + - vendor: Philips + product: Performance Bridge + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '2.0 with Practice' + - '3.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive + notes: Software only products with customer owned Operating Systems. + For products solutions where the server was provided by Philips, it + will be Philips responsibility to validate and provide patches. + Information or patch available in Inleft. Please contact your local + service support team. + references: + - '' + last_updated: '2021-12-13T07:18:50+00:00' + - vendor: Philips + product: Pinnacle + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '18.x' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive + notes: '' + references: + - '' + last_updated: '2021-12-13T07:18:50+00:00' + - vendor: Philips + product: Protocol Analytics + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '1.1' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive + notes: Software only products with customer owned Operating Systems. + For products solutions where the server was provided by Philips, it + will be Philips responsibility to validate and provide patches. + Information or patch available in Inleft. Please contact your local + service support team. + references: + - '' + last_updated: '2021-12-13T07:18:50+00:00' + - vendor: Philips + product: Protocol Applications + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '1.1' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive + notes: Software only products with customer owned Operating Systems. + For products solutions where the server was provided by Philips, it + will be Philips responsibility to validate and provide patches. + references: + - '' + last_updated: '2021-12-13T07:18:50+00:00' + - vendor: Philips + product: Report Analytics (All VUE PACS Versions) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 'All' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive + notes: '' + references: + - '' + last_updated: '2021-12-13T07:18:50+00:00' + - vendor: Philips + product: RIS Clinic + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive + notes: '' + references: + - '' + last_updated: '2021-12-13T07:18:50+00:00' + - vendor: Philips + product: Scanner Protocol Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '1.1' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive + notes: Software only products with customer owned Operating Systems. + For products solutions where the server was provided by Philips, it + will be Philips responsibility to validate and provide patches. + references: + - '' + last_updated: '2021-12-13T07:18:50+00:00' + - vendor: Philips + product: Tasy EMR + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive + notes: Software only products with customer owned Operating Systems. + For products solutions where the server was provided by Philips, it + will be Philips responsibility to validate and provide patches. + references: + - '' + last_updated: '2021-12-13T07:18:50+00:00' + - vendor: Philips + product: Univeral Data Manager (UDM) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive + notes: Philips hosting environment is evaluating the VMware provided workaround + and in the process of deploying for managed service customers. + references: + - '' + last_updated: '2021-12-13T07:18:50+00:00' + - vendor: Philips + product: VuePACS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '12.2.8' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive + notes: '' + references: + - '' + last_updated: '2021-12-13T07:18:50+00:00' - vendor: PHOENIX CONTACT product: Cloud Services cves: From 69788d2b553ed682930e8d24617c09feb4020a6c Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Tue, 8 Feb 2022 09:19:49 -0500 Subject: [PATCH 07/15] Remove tab for note, Philips --- data/cisagov_P.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/cisagov_P.yml b/data/cisagov_P.yml index fcde93c..d5a6fc0 100644 --- a/data/cisagov_P.yml +++ b/data/cisagov_P.yml @@ -2859,7 +2859,7 @@ software: unaffected_versions: [] vendor_links: - https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive - notes: Philips hosting environment is evaluating the VMware provided workaround + notes: Philips hosting environment is evaluating the VMware provided workaround and in the process of deploying for managed service customers. references: - '' From 0a11b7cded361d06cca7c9be5847fe4e912344a2 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Tue, 8 Feb 2022 09:28:49 -0500 Subject: [PATCH 08/15] Update Phoenix Contact, Ping Identity --- data/cisagov_P.yml | 72 +++++++++++++++++++++++++--------------------- 1 file changed, 39 insertions(+), 33 deletions(-) diff --git a/data/cisagov_P.yml b/data/cisagov_P.yml index d5a6fc0..7c83b8b 100644 --- a/data/cisagov_P.yml +++ b/data/cisagov_P.yml @@ -2903,9 +2903,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -2918,8 +2919,8 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://dam-mdc.phoenixcontact.com/asset/156443151564/1a0f6db6bbc86540bfe4f05fd65877f4/Vulnerability_Statement_Log4J_20211215.pdf - notes: Partly affected. Remediations are being implemented. + - https://www.phoenixcontact.com/online/portal/pc?1dmy&urile=wcm:path:/pcen/web/offcontext/insite_landing_pages/a7217e47-af46-4c7b-a748-3b6bf94a30a0/a7217e47-af46-4c7b-a748-3b6bf94a30a0 + notes: Cloud Services were either not vulnerable or are completely fixed. No exploits observed. references: - '' last_updated: '2021-12-22T00:00:00' @@ -2932,10 +2933,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2947,7 +2949,7 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://dam-mdc.phoenixcontact.com/asset/156443151564/1a0f6db6bbc86540bfe4f05fd65877f4/Vulnerability_Statement_Log4J_20211215.pdf + - https://www.phoenixcontact.com/online/portal/pc?1dmy&urile=wcm:path:/pcen/web/offcontext/insite_landing_pages/a7217e47-af46-4c7b-a748-3b6bf94a30a0/a7217e47-af46-4c7b-a748-3b6bf94a30a0 notes: '' references: - '' @@ -2961,10 +2963,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2976,7 +2979,7 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://dam-mdc.phoenixcontact.com/asset/156443151564/1a0f6db6bbc86540bfe4f05fd65877f4/Vulnerability_Statement_Log4J_20211215.pdf + - https://www.phoenixcontact.com/online/portal/pc?1dmy&urile=wcm:path:/pcen/web/offcontext/insite_landing_pages/a7217e47-af46-4c7b-a748-3b6bf94a30a0/a7217e47-af46-4c7b-a748-3b6bf94a30a0 notes: '' references: - '' @@ -2991,9 +2994,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 4.0 <= version <= 6.3.2 - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '4.0 <= version <= 6.3.2' unaffected_versions: [] cve-2021-45046: investigated: false @@ -3020,9 +3023,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -3050,9 +3054,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 8.0 <= version <= 10.3.4 - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '8.0 <= version <= 10.3.4' unaffected_versions: [] cve-2021-45046: investigated: false @@ -3080,9 +3084,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - < 2.7.2 - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '< 2.7.2' unaffected_versions: [] cve-2021-45046: investigated: false @@ -3110,9 +3114,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - < 4.3.1 - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '< 4.3.1' unaffected_versions: [] cve-2021-45046: investigated: false @@ -3139,9 +3143,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -3160,7 +3165,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Pitney Bowes - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -3189,7 +3194,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Planmeca - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -3218,7 +3223,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Planon Software - product: '' + product: Planon Universe cves: cve-2021-4104: investigated: false @@ -3226,10 +3231,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 'All' cve-2021-45046: investigated: false affected_versions: [] @@ -3248,7 +3254,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Platform.SH - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -3277,7 +3283,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Plesk - product: '' + product: All cves: cve-2021-4104: investigated: false From 38e9365214e0fb6d6f6b959348c707818d3371a0 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Tue, 8 Feb 2022 11:30:04 -0500 Subject: [PATCH 09/15] Add Polycom products --- data/cisagov_P.yml | 161 +++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 156 insertions(+), 5 deletions(-) diff --git a/data/cisagov_P.yml b/data/cisagov_P.yml index 7c83b8b..b1a00c7 100644 --- a/data/cisagov_P.yml +++ b/data/cisagov_P.yml @@ -3320,10 +3320,42 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605 + notes: This advisory is available to customer only and has not been reviewed by CISA. + Mitigation already applied, patch available. + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Plex + product: Plex Media Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3336,13 +3368,101 @@ software: unaffected_versions: [] vendor_links: - https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605 - notes: The product has been updated to Log4j version 2.15. An additional patch - is being developed to update to 2.16. No user interaction is required. + notes: This advisory is available to customer only and has not been reviewed by CISA. references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Polycom - product: '' + product: Cloud Relay (OTD and RealConnect hybrid use case) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.polycom.com/content/dam/polycom-support/global/documentation/plygn-21-08-poly-systems-apache.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Polycom + product: Poly Clariti Core/Edge (a.k.a. DMA/CCE) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '9.0 and above' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.polycom.com/content/dam/polycom-support/global/documentation/plygn-21-08-poly-systems-apache.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Polycom + product: Poly Clariti Relay + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '1.0.2' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.polycom.com/content/dam/polycom-support/global/documentation/plygn-21-08-poly-systems-apache.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Polycom + product: Poly RealConnect for Microsoft Teams and Skype for Business cves: cve-2021-4104: investigated: false @@ -3350,10 +3470,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.polycom.com/content/dam/polycom-support/global/documentation/plygn-21-08-poly-systems-apache.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Polycom + product: RealAccess + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3371,7 +3522,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Portainer - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -3400,7 +3551,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: PortSwigger - product: '' + product: All cves: cve-2021-4104: investigated: false From 8987f4bfddcb75bafb2ee746e073683875a6d4c4 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Tue, 8 Feb 2022 11:38:55 -0500 Subject: [PATCH 10/15] Add PowerDNS products --- data/cisagov_P.yml | 150 +++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 137 insertions(+), 13 deletions(-) diff --git a/data/cisagov_P.yml b/data/cisagov_P.yml index b1a00c7..b7bae02 100644 --- a/data/cisagov_P.yml +++ b/data/cisagov_P.yml @@ -3579,8 +3579,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: PostGreSQL - product: '' + - vendor: Postgres + product: PostgreSQL JDBC cves: cve-2021-4104: investigated: false @@ -3588,10 +3588,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3609,7 +3610,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Postman - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -3650,7 +3651,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - NONE + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3661,7 +3662,8 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://www.poweradmin.com/blog/solarwinds-hack-our-safety-measures/ notes: '' references: - '' @@ -3679,7 +3681,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - NONE + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3690,7 +3692,8 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://www.poweradmin.com/blog/solarwinds-hack-our-safety-measures/ notes: '' references: - '' @@ -3708,7 +3711,97 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - NONE + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.poweradmin.com/blog/solarwinds-hack-our-safety-measures/ + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PowerDNS + product: dnsdist + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blog.powerdns.com/2021/12/16/powerdns-and-log4j-log4shell/ + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PowerDNS + product: metronome + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blog.powerdns.com/2021/12/16/powerdns-and-log4j-log4shell/ + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PowerDNS + product: PowerDNS Authoritative Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3719,13 +3812,44 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://blog.powerdns.com/2021/12/16/powerdns-and-log4j-log4shell/ + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PowerDNS + product: PowerDNS Recursor + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blog.powerdns.com/2021/12/16/powerdns-and-log4j-log4shell/ notes: '' references: - '' last_updated: '2021-12-17T00:00:00' - vendor: Pretix - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -3754,7 +3878,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: PrimeKey - product: '' + product: All cves: cve-2021-4104: investigated: false From 06543934021f6c4585c437d808dce69c00a8ea19 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Tue, 8 Feb 2022 11:58:15 -0500 Subject: [PATCH 11/15] Add Proofpoint products --- data/cisagov_P.yml | 1043 +++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 1032 insertions(+), 11 deletions(-) diff --git a/data/cisagov_P.yml b/data/cisagov_P.yml index b7bae02..5488b4b 100644 --- a/data/cisagov_P.yml +++ b/data/cisagov_P.yml @@ -3906,8 +3906,758 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Progress / IpSwitch - product: '' + - vendor: Procentec (HMS Group) + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://mailchi.mp/procentec.com/security_message + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Progress + product: DataDirect Hybrid Data Pipeline + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://knowledgebase.progress.com/articles/Knowledge/Is-Hybrid-Data-Pipeline-vulnerable-CVE-2021-44228-Log4j + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Progress + product: OpenEdge + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://knowledgebase.progress.com/articles/Knowledge/Is-Hybrid-Data-Pipeline-vulnerable-CVE-2021-44228-Log4j + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: ProofPoint + product: Archiving Appliance + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Archiving Backend + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Cloud App Security Broker + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Cloudmark Cloud/Cloudmark Hybrid + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Cloudmark On-Premise + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Compliance Gateway + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Content Patrol + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Data Discover + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: DLP Core Engine + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Email Community + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Email Fraud Defense (EFD) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Email Protecton OnDemand (PoD), including Email DLP and Email Encryption + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Email Security Relay + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Endpoint DLP + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Essentials Archive + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Essentials Email + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Insiders Threat Management On-Premise + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Insider Threat Management Saas + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Isolation + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: ITM Saas Endpoint Agents + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Mail Protection On-Premise (PPS), including Email DLP and Email Encryption + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Meta/ZTNA + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Nexus People Risk Explorer cves: cve-2021-4104: investigated: false @@ -3915,10 +4665,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Secure Email Relay + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3930,13 +4711,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.progress.com/security + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' + last_updated: '2022-01-26T07:18:50+00:00' - vendor: ProofPoint - product: '' + product: Secure Share cves: cve-2021-4104: investigated: false @@ -3944,10 +4725,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Security Awareness Training + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3959,14 +4771,223 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://proofpointcommunities.force.com/community/s/article/Proofpoint-Statement-Regarding-CVE-2021-44228-Java-logging-package-log4j2 - notes: This advisory is available for customers only and has not been reviewed - by CISA + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Sentrion + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Social Discover + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Social Patrol + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Targeted Attack Protection (TAP) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Threat Response (TRAP) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Web Gateway + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Web Security + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' - vendor: ProSeS - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -3995,7 +5016,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Prosys - product: '' + product: All cves: cve-2021-4104: investigated: false From b0dddc34f62f06f21a649decab68bfaa9419034a Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Tue, 8 Feb 2022 12:25:50 -0500 Subject: [PATCH 12/15] Add PTC products --- data/cisagov_P.yml | 1214 +++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 1195 insertions(+), 19 deletions(-) diff --git a/data/cisagov_P.yml b/data/cisagov_P.yml index 5488b4b..3d6a6ee 100644 --- a/data/cisagov_P.yml +++ b/data/cisagov_P.yml @@ -5045,7 +5045,37 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Proxmox - product: '' + product: Backup Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forum.proxmox.com/threads/log4j-exploit-what-to-do.101254/#post-436880 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Proxmox + product: Mail Gateway cves: cve-2021-4104: investigated: false @@ -5053,10 +5083,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forum.proxmox.com/threads/log4j-exploit-what-to-do.101254/#post-436880 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Proxmox + product: VE + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5074,7 +5135,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: PRTG Paessler - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -5103,7 +5164,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: PTC - product: Axeda Platform + product: ACA Client cves: cve-2021-4104: investigated: false @@ -5112,10 +5173,40 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 6.9.2 + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358990 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: Adapter Toolkit + cves: + cve-2021-4104: + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -5133,7 +5224,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: PTC - product: ThingsWorx Analytics + product: AdaWorld cves: cve-2021-4104: investigated: false @@ -5142,14 +5233,100 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '8.5' - - '9.0' - - '9.1' - - '9.2' - - All supported versions + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358990 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: ApexAda + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358990 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: Arbortext Editor, Styler, and Publishing Engine + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>8.0.0.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358990 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: Arena + cves: + cve-2021-4104: + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5161,13 +5338,43 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ptc.com/en/support/article/CS358901 + - https://www.ptc.com/en/support/article/CS358990 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: Axeda + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358990 notes: '' references: - '' last_updated: '2021-12-17T00:00:00' - vendor: PTC - product: ThingsWorx Platform + product: Axeda Platform cves: cve-2021-4104: investigated: false @@ -5177,13 +5384,982 @@ software: cve-2021-44228: investigated: true affected_versions: - - '8.5' - - '9.0' - - '9.1' - - '9.2' - - All supported versions + - 6.9.2 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358990 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: Creo Elements/Direct Model Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358990 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: Creo Parametric + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358990 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: Creo View + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358990 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: Flexnet License Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358990 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: FlexPLM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '12.0.2.2 (CPS03)' + - '12.0.2.3' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358990 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: FlexPLM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '<= 11.1 M020' + - '11.2.1' + - '12.0.0' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358990 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: FlexPLM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '12.0.2.0 (CPS01 and CPS02)' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358990 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: Implementer + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358990 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: Intellicus + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>=19.1 SP11' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358990 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: OnShape + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358990 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: Servigistics Service Parts Management + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '12.1' + - '12.2' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358990 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: Servigistics Service Parts Pricing + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '12.1' + - '12.2' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358990 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: ThingWorx Advisor Apps + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358901 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: ThingWorx Agents + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358901 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: ThingWorx Analytics + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '8.5' + - '9.0' + - '9.1' + - '9.2' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358901 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: ThingWorx DPM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358901 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: ThingWorx Extensions + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358901 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: ThingWorx Flow + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '8.5' + - '9.0' + - '9.1' + - '9.2' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358901 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: ThingWorx Kepware + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '<=1.3' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358901 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: ThingWorx Manufacturing Apps + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358901 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: ThingWorx Navigate + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '9.1' + - '9.2' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358901 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: ThingWorx Ping Federate Integration + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>=9.1' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358901 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: ThingWorx Platform + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>=8.5.7' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358901 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: ThingWorx Platform High Availability + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '9.0' + - '9.1' + - '9.2' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358901 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: WCTK + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358901 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: Windchill PDMLink + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '12.0.2.2 (CPS03)' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358901 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: Windchill PDMLink + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '12.0.2.0 (CPS01 & CPS02)' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358901 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: Windchill PDMLink + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '<=11.2 M020' + - '11.2.1' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358901 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: Windchill Performance Advisor + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358901 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: Windchill Rest Services + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358901 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: Windchill RV&S(Integrity Lifcycle Manager) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '4.6/8.6 4.6 SP0 to 12.5' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358901 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: Windchill Workgroup Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] From a9542865ad3761b33b720b25a7995c2d926c9700 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Tue, 8 Feb 2022 12:58:06 -0500 Subject: [PATCH 13/15] Add PTV Group products --- data/cisagov_P.yml | 1024 +++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 1023 insertions(+), 1 deletion(-) diff --git a/data/cisagov_P.yml b/data/cisagov_P.yml index 3d6a6ee..a651213 100644 --- a/data/cisagov_P.yml +++ b/data/cisagov_P.yml @@ -6377,7 +6377,998 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: PTV Group - product: '' + product: Map&Market + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '> 2017' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: Map&Market + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '< 2018' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV Arrival Board + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV Balance + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV Content Update Service + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '2 (on prem)' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV Developer + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV Drive&Arrive + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV Drive&Arrive App + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV EM Portal + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV Epics + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV Hyperpath + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV MaaS Modeller + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV Map&Guide Intranet + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV Navigator App + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV Navigator License Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV Optima + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV Road Editor + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV Route Optimiser CL + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV Route Optimiser ST + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 'on prem xServer2' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV Route Optimiser ST (TourOpt) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV Route Optimizer Saas/Demonstrator + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV TLN Planner Internet + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV TRE + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV Tre-Addin + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV Trip Creator + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV Vissim + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV Vistad Euska + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV Vistro + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV Visum + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV Visum Publisher + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV Viswalk + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV xServer + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '1.34 (on prem)' + - '2 (on prem)' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV xServer + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '< 1.34 (on prem)' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV xServer Internet 1 cves: cve-2021-4104: investigated: false @@ -6385,10 +7376,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV xServer Internet 2 + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] From e34a784c88394414faa24c085665d35ef970cad2 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Tue, 8 Feb 2022 13:15:52 -0500 Subject: [PATCH 14/15] Update Pulse Secure products --- data/cisagov_P.yml | 120 ++++++++++++++------------------------------- 1 file changed, 37 insertions(+), 83 deletions(-) diff --git a/data/cisagov_P.yml b/data/cisagov_P.yml index a651213..2c3c7d5 100644 --- a/data/cisagov_P.yml +++ b/data/cisagov_P.yml @@ -7436,68 +7436,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Pulse Secure - product: Ivanti Neurons for secure Access - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Pulse Secure - product: Ivanti Neurons for secure Access - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7515,7 +7458,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Pulse Secure - product: Ivanti Neurons for ZTA + product: Ivanti Neurons for Secure Access cves: cve-2021-4104: investigated: false @@ -7523,10 +7466,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7552,10 +7496,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7581,10 +7526,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7610,10 +7556,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7639,10 +7586,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7668,10 +7616,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7697,10 +7646,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7726,10 +7676,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7755,10 +7706,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7784,10 +7736,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7813,10 +7766,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] From 5a321b41a4c58ab06d0bf7fd201209207a78b437 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Tue, 8 Feb 2022 13:27:18 -0500 Subject: [PATCH 15/15] Add Pure Storage, Puppet products --- data/cisagov_P.yml | 151 ++++++++++++++++++++++++++++++++++++--------- 1 file changed, 122 insertions(+), 29 deletions(-) diff --git a/data/cisagov_P.yml b/data/cisagov_P.yml index 2c3c7d5..2de8672 100644 --- a/data/cisagov_P.yml +++ b/data/cisagov_P.yml @@ -7788,7 +7788,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Puppet - product: '' + product: Agents cves: cve-2021-4104: investigated: false @@ -7796,10 +7796,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7816,8 +7817,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Pure Storage - product: '' + - vendor: Puppet + product: Continuous Delivery for Puppet Enterprise cves: cve-2021-4104: investigated: false @@ -7825,10 +7826,42 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '3.x' + - '< 4.10.2' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://puppet.com/blog/puppet-response-to-remote-code-execution-vulnerability-cve-2021-44228/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Puppet + product: Enterprise + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7840,9 +7873,8 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_(%22log4j%22) - notes: This advisory is available for customers only and has not been reviewed - by CISA + - https://puppet.com/blog/puppet-response-to-remote-code-execution-vulnerability-cve-2021-44228/ + notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' @@ -7857,8 +7889,8 @@ software: cve-2021-44228: investigated: true affected_versions: - - CBS6.1.x - - CBS6.2.x + - 'CBS6.1.x' + - 'CBS6.2.x' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -7873,7 +7905,7 @@ software: unaffected_versions: [] vendor_links: - https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j - notes: Patch expected 12/27/2021 + notes: This advisory is available to customer only and has not been reviewed by CISA. references: - '' last_updated: '2021-12-15T00:00:00' @@ -7888,10 +7920,10 @@ software: cve-2021-44228: investigated: true affected_versions: - - 5.3.x - - 6.0.x - - 6.1.x - - 6.2.x + - '5.3.x' + - '6.0.x' + - '6.1.x' + - '6.2.x' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -7906,12 +7938,12 @@ software: unaffected_versions: [] vendor_links: - https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j - notes: Patch expected 12/20/2021 + notes: This advisory is available to customer only and has not been reviewed by CISA. references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Pure Storage - product: FlashBlade + product: Flash Blade cves: cve-2021-4104: investigated: false @@ -7921,9 +7953,9 @@ software: cve-2021-44228: investigated: true affected_versions: - - 3.1.x - - 3.2.x - - 3.3.x + - '3.1.x' + - '3.2.x' + - '3.3.x' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -7938,7 +7970,7 @@ software: unaffected_versions: [] vendor_links: - https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j - notes: Patch expected 12/24/2021 + notes: This advisory is available to customer only and has not been reviewed by CISA. references: - '' last_updated: '2021-12-15T00:00:00' @@ -7952,9 +7984,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 2.8.0+ - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '2.8.0+' unaffected_versions: [] cve-2021-45046: investigated: false @@ -7968,7 +8000,7 @@ software: unaffected_versions: [] vendor_links: - https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j - notes: '' + notes: This advisory is available to customer only and has not been reviewed by CISA. references: - '' last_updated: '2021-12-15T00:00:00' @@ -7984,7 +8016,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - N/A + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -7998,12 +8030,42 @@ software: unaffected_versions: [] vendor_links: - https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j - notes: '' + notes: This advisory is available to customer only and has not been reviewed by CISA. references: - '' last_updated: '2021-12-15T00:00:00' - - vendor: Pyramid Analytics - product: '' + - vendor: Pure Storage + product: VM Analytics OVA Collector + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '< v3.1.4' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j + notes: This advisory is available to customer only and has not been reviewed by CISA. + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: PuTTY + product: All cves: cve-2021-4104: investigated: false @@ -8011,10 +8073,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.chiark.greenend.org.uk/~sgtatham/putty/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pyramid Analytics + product: All + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' cve-2021-45046: investigated: false affected_versions: []