diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md index 3329dec..659761c 100644 --- a/SOFTWARE-LIST.md +++ b/SOFTWARE-LIST.md @@ -125,6 +125,7 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Aptible | Aptible | ElasticSearch 5.x | | Affected | [link](https://status.aptible.com/incidents/gk1rh440h36s?u=zfbcrbt2lkv4) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Aqua Security | | | | Unknown | [link](https://docs.google.com/document/d/e/2PACX-1vSmFR3oHPXOih1wENKd7RXn0dsHzgPUe91jJwDTsaVxJtcJEroktWNLq7BMUx9v7oDZRHqLVgkJnqCm/pub) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Arbiter Systems | All | | | Unknown | [link](https://www.arbiter.com/news/index.php?id=4403) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| ARC Informatique | All | | | Not Affected | [link](https://www.pcvuesolutions.com/support/index.php/en/security-bulletin/1141-security-bulletin-2021-1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-13 | | Arca Noae | | | | Unknown | [link](https://www.arcanoae.com/apache-log4j-vulnerability-cve-2021-44228/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Arcserve | Arcserve Backup | | | Not Affected | [link](https://support.storagecraft.com/s/article/Log4J-Update) | | [https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Arcserve | Arcserve Continuous Availability | | | Not Affected | [link](https://support.storagecraft.com/s/article/Log4J-Update) | | [https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | @@ -1307,6 +1308,7 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Google Cloud | Virtual Private Cloud | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | | Google Cloud | Web Security Scanner | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | Google Cloud | Workflows | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google | Chrome | | | Not Affected | [link](https://security.googleblog.com/2021/12/apache-log4j-vulnerability.html) | Chrome Browser releases, infrastructure and admin console are not using versions of Log4j affected by the vulnerability. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-14 | | Gradle | Gradle | | | Unknown | [link](https://blog.gradle.org/log4j-vulnerability) | Gradle Scala Compiler Plugin depends upon log4j-core but it is not used. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Gradle | Gradle Enterprise | < 2021.3.6 | | Affected | [link](https://security.gradle.com/advisory/2021-11) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Gradle | Gradle Enterprise Build Cache Node | < 10.1 | | Affected | [link](https://security.gradle.com/advisory/2021-11) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | @@ -2119,6 +2121,10 @@ NOTE: This file is automatically generated. To submit updates, please refer to | OpenNMS | | | | Unknown | [link](https://www.opennms.com/en/blog/2021-12-10-opennms-products-affected-by-apache-log4j-vulnerability-cve-2021-44228/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | OpenSearch | | | | Unknown | [link](https://discuss.opendistrocommunity.dev/t/log4j-patch-for-cve-2021-44228/7950) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | OpenText | | | | Unknown | [link](https://www.opentext.com/support/log4j-remote-code-execution-advisory) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-23 | +| Opto 22 | GROOV-AR1, GROOV-AR1-BASE, GROOV-AR1-SNAP | < 4.3g | 4.3g | Fixed | [link](https://blog.opto22.com/optoblog/new-update-to-address-log4shell/log4j-exploit) | The Log4j vulnerability affects all products running groov View software | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-13 | +| Opto 22 | GROOV-AT1, GROOV-AT1-SNAP | < 4.3g | 4.3g | Fixed | [link](https://blog.opto22.com/optoblog/new-update-to-address-log4shell/log4j-exploit) | The Log4j vulnerability affects all products running groov View software | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-13 | +| Opto 22 | GROOV-SVR-WIN, GROOV-SVR-WIN-BASE, GROOV-SVR-WIN-SNAP | < 4.3g | 4.3g | Fixed | [link](https://blog.opto22.com/optoblog/new-update-to-address-log4shell/log4j-exploit) | The Log4j vulnerability affects all products running groov View software | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-13 | +| Opto 22 | GRV-EPIC-PR1, GRV-EPIC-PR2 | < 3.3.2 | 3.3.2 | Fixed | [link](https://blog.opto22.com/optoblog/new-update-to-address-log4shell/log4j-exploit) | The Log4j vulnerability affects all products running groov View software | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-13 | | Oracle | | | | Unknown | [link](https://www.oracle.com/security-alerts/alert-cve-2021-44228.html) | The support document is available to customers only and has not been reviewed by CISA | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | | Oracle | Enterprise Manager | 13.5, 13.4 & 13.3.2 | | Affected | [link](https://www.oracle.com/security-alerts/alert-cve-2021-44228.html) | Patch status and other security guidance is restricted to Oracle account/support members. The support document is available to customers only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | | Oracle | Exadata | <21.3.4 | | Affected | [link](https://www.oracle.com/security-alerts/alert-cve-2021-44228.html) | Patch status and other security guidance is restricted to Oracle account/support members. The support document is available to customers only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | diff --git a/data/cisagov.yml b/data/cisagov.yml index 3238526..6111ad1 100644 --- a/data/cisagov.yml +++ b/data/cisagov.yml @@ -3104,6 +3104,35 @@ software: references: - '' last_updated: '2021-12-22T00:00:00' + - vendor: ARC Informatique + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.pcvuesolutions.com/support/index.php/en/security-bulletin/1141-security-bulletin-2021-1 + notes: '' + references: + - '' + last_updated: '2022-01-13T00:00:00' - vendor: Arca Noae product: '' cves: @@ -38164,6 +38193,36 @@ software: references: - '' last_updated: '2021-12-21T00:00:00' + - vendor: Google + product: Chrome + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security.googleblog.com/2021/12/apache-log4j-vulnerability.html + notes: Chrome Browser releases, infrastructure and admin console are not using + versions of Log4j affected by the vulnerability. + references: + - '' + last_updated: '2022-01-14' - vendor: Gradle product: Gradle cves: @@ -61941,6 +62000,130 @@ software: references: - '' last_updated: '2021-12-23T00:00:00' + - vendor: Opto 22 + product: GROOV-AR1, GROOV-AR1-BASE, GROOV-AR1-SNAP + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - < 4.3g + fixed_versions: + - 4.3g + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blog.opto22.com/optoblog/new-update-to-address-log4shell/log4j-exploit + notes: The Log4j vulnerability affects all products running groov View software + references: + - '' + last_updated: '2022-01-13T00:00:00' + - vendor: Opto 22 + product: GROOV-AT1, GROOV-AT1-SNAP + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - < 4.3g + fixed_versions: + - 4.3g + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blog.opto22.com/optoblog/new-update-to-address-log4shell/log4j-exploit + notes: The Log4j vulnerability affects all products running groov View software + references: + - '' + last_updated: '2022-01-13T00:00:00' + - vendor: Opto 22 + product: GROOV-SVR-WIN, GROOV-SVR-WIN-BASE, GROOV-SVR-WIN-SNAP + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - < 4.3g + fixed_versions: + - 4.3g + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blog.opto22.com/optoblog/new-update-to-address-log4shell/log4j-exploit + notes: The Log4j vulnerability affects all products running groov View software + references: + - '' + last_updated: '2022-01-13T00:00:00' + - vendor: Opto 22 + product: GRV-EPIC-PR1, GRV-EPIC-PR2 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - < 3.3.2 + fixed_versions: + - 3.3.2 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blog.opto22.com/optoblog/new-update-to-address-log4shell/log4j-exploit + notes: The Log4j vulnerability affects all products running groov View software + references: + - '' + last_updated: '2022-01-13T00:00:00' - vendor: Oracle product: '' cves: diff --git a/data/cisagov_A.yml b/data/cisagov_A.yml index d7019ba..7a6ce38 100644 --- a/data/cisagov_A.yml +++ b/data/cisagov_A.yml @@ -2958,6 +2958,35 @@ software: references: - '' last_updated: '2021-12-22T00:00:00' + - vendor: ARC Informatique + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.pcvuesolutions.com/support/index.php/en/security-bulletin/1141-security-bulletin-2021-1 + notes: '' + references: + - '' + last_updated: '2022-01-13T00:00:00' - vendor: Arca Noae product: '' cves: diff --git a/data/cisagov_G.yml b/data/cisagov_G.yml index e152d2f..a4fcb96 100644 --- a/data/cisagov_G.yml +++ b/data/cisagov_G.yml @@ -654,6 +654,35 @@ software: references: - '' last_updated: '2022-01-12T07:18:52+00:00' + - vendor: Google + product: Chrome + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security.googleblog.com/2021/12/apache-log4j-vulnerability.html + notes: Chrome Browser releases, infrastructure and admin console are not using versions of Log4j affected by the vulnerability. + references: + - '' + last_updated: '2022-01-14' - vendor: Google Cloud product: AI Platform Data Labeling cves: diff --git a/data/cisagov_O.yml b/data/cisagov_O.yml index 06d60ae..4751f7c 100644 --- a/data/cisagov_O.yml +++ b/data/cisagov_O.yml @@ -586,6 +586,130 @@ software: references: - '' last_updated: '2021-12-23T00:00:00' + - vendor: Opto 22 + product: GRV-EPIC-PR1, GRV-EPIC-PR2 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - < 3.3.2 + fixed_versions: + - 3.3.2 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blog.opto22.com/optoblog/new-update-to-address-log4shell/log4j-exploit + notes: The Log4j vulnerability affects all products running groov View software + references: + - '' + last_updated: '2022-01-13T00:00:00' + - vendor: Opto 22 + product: GROOV-AR1, GROOV-AR1-BASE, GROOV-AR1-SNAP + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - < 4.3g + fixed_versions: + - 4.3g + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blog.opto22.com/optoblog/new-update-to-address-log4shell/log4j-exploit + notes: The Log4j vulnerability affects all products running groov View software + references: + - '' + last_updated: '2022-01-13T00:00:00' + - vendor: Opto 22 + product: GROOV-AT1, GROOV-AT1-SNAP + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - < 4.3g + fixed_versions: + - 4.3g + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blog.opto22.com/optoblog/new-update-to-address-log4shell/log4j-exploit + notes: The Log4j vulnerability affects all products running groov View software + references: + - '' + last_updated: '2022-01-13T00:00:00' + - vendor: Opto 22 + product: GROOV-SVR-WIN, GROOV-SVR-WIN-BASE, GROOV-SVR-WIN-SNAP + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - < 4.3g + fixed_versions: + - 4.3g + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blog.opto22.com/optoblog/new-update-to-address-log4shell/log4j-exploit + notes: The Log4j vulnerability affects all products running groov View software + references: + - '' + last_updated: '2022-01-13T00:00:00' - vendor: Oracle product: '' cves: