From 6ce0502844489e5cd6c9098a3e41e71299e5f33c Mon Sep 17 00:00:00 2001 From: inl-ics <96266975+inl-ics@users.noreply.github.com> Date: Thu, 13 Jan 2022 16:02:16 -0700 Subject: [PATCH 01/11] Update cisagov_A.yml Added ARC Informatique --- data/cisagov_A.yml | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/data/cisagov_A.yml b/data/cisagov_A.yml index d7019ba..7a6ce38 100644 --- a/data/cisagov_A.yml +++ b/data/cisagov_A.yml @@ -2958,6 +2958,35 @@ software: references: - '' last_updated: '2021-12-22T00:00:00' + - vendor: ARC Informatique + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.pcvuesolutions.com/support/index.php/en/security-bulletin/1141-security-bulletin-2021-1 + notes: '' + references: + - '' + last_updated: '2022-01-13T00:00:00' - vendor: Arca Noae product: '' cves: From aba33b5f056b8711c26546de7a808e8210b297d4 Mon Sep 17 00:00:00 2001 From: inl-ics <96266975+inl-ics@users.noreply.github.com> Date: Thu, 13 Jan 2022 16:04:36 -0700 Subject: [PATCH 02/11] Update cisagov_O.yml Added Opto 22 --- data/cisagov_O.yml | 124 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 124 insertions(+) diff --git a/data/cisagov_O.yml b/data/cisagov_O.yml index 06d60ae..a0ee5b5 100644 --- a/data/cisagov_O.yml +++ b/data/cisagov_O.yml @@ -586,6 +586,130 @@ software: references: - '' last_updated: '2021-12-23T00:00:00' + - vendor: Opto 22 + product: GRV-EPIC-PR1, GRV-EPIC-PR2 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - < 3.3.2 + fixed_versions: + - 3.3.2 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blog.opto22.com/optoblog/new-update-to-address-log4shell/log4j-exploit + notes: The Log4j vulnerability affects all products running groov View software + references: + - '' + last_updated: '2022-01-13T00:00:00' + - vendor: Opto 22 + product: GROOV-AR1, GROOV-AR1-BASE, GROOV-AR1-SNAP + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - < 4.3g + fixed_versions: + - 4.3g + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blog.opto22.com/optoblog/new-update-to-address-log4shell/log4j-exploit + notes: The Log4j vulnerability affects all products running groov View software + references: + - '' + last_updated: '2022-01-13T00:00:00' + - vendor: Opto 22 + product: GROOV-AT1, GROOV-AT1-SNAP + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - < 4.3g + fixed_versions: + - 4.3g + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blog.opto22.com/optoblog/new-update-to-address-log4shell/log4j-exploit + notes: The Log4j vulnerability affects all products running groov View software + references: + - '' + last_updated: '2022-01-13T00:00:00' + - vendor: Opto 22 + product: GROOV-SVR-WIN, GROOV-SVR-WIN-BASE, GROOV-SVR-WIN-SNAP + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - < 4.3g + fixed_versions: + - 4.3g + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blog.opto22.com/optoblog/new-update-to-address-log4shell/log4j-exploit + notes: The Log4j vulnerability affects all products running groov View software + references: + - '' + last_updated: '2022-01-13T00:00:00' - vendor: Oracle product: '' cves: From 92552d44a5b071e09607d948690f6faee9cc83a7 Mon Sep 17 00:00:00 2001 From: inl-ics <96266975+inl-ics@users.noreply.github.com> Date: Thu, 13 Jan 2022 16:34:51 -0700 Subject: [PATCH 03/11] Update cisagov_O.yml fixed the spaces --- data/cisagov_O.yml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/data/cisagov_O.yml b/data/cisagov_O.yml index a0ee5b5..aa27a52 100644 --- a/data/cisagov_O.yml +++ b/data/cisagov_O.yml @@ -597,9 +597,9 @@ software: cve-2021-44228: investigated: true affected_versions: - - < 3.3.2 + - < 3.3.2 fixed_versions: - - 3.3.2 + - 3.3.2 unaffected_versions: [] cve-2021-45046: investigated: false @@ -628,9 +628,9 @@ software: cve-2021-44228: investigated: true affected_versions: - - < 4.3g + - < 4.3g fixed_versions: - - 4.3g + - 4.3g unaffected_versions: [] cve-2021-45046: investigated: false @@ -659,9 +659,9 @@ software: cve-2021-44228: investigated: true affected_versions: - - < 4.3g + - < 4.3g fixed_versions: - - 4.3g + - 4.3g unaffected_versions: [] cve-2021-45046: investigated: false @@ -690,9 +690,9 @@ software: cve-2021-44228: investigated: true affected_versions: - - < 4.3g + - < 4.3g fixed_versions: - - 4.3g + - 4.3g unaffected_versions: [] cve-2021-45046: investigated: false From 912eaf5394a77541c1d310c740c0251331d0053a Mon Sep 17 00:00:00 2001 From: Lcerkov <96153185+Lcerkov@users.noreply.github.com> Date: Fri, 14 Jan 2022 01:25:28 -0500 Subject: [PATCH 04/11] Update cisagov_G.yml --- data/cisagov_G.yml | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/data/cisagov_G.yml b/data/cisagov_G.yml index e152d2f..d0d19a8 100644 --- a/data/cisagov_G.yml +++ b/data/cisagov_G.yml @@ -654,6 +654,35 @@ software: references: - '' last_updated: '2022-01-12T07:18:52+00:00' + - vendor: Google + product: Chrome + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security.googleblog.com/2021/12/apache-log4j-vulnerability.html + notes: Chrome Browser releases, infrastructure and admin console are not using versions of Log4j affected by the vulnerability. + references: + - '' + last_updated: '2022-01-14' - vendor: Google Cloud product: AI Platform Data Labeling cves: From af7e901ced88111978f80d9fbb4304e93263a9b5 Mon Sep 17 00:00:00 2001 From: Lcerkov <96153185+Lcerkov@users.noreply.github.com> Date: Fri, 14 Jan 2022 01:28:57 -0500 Subject: [PATCH 05/11] Update cisagov_G.yml --- data/cisagov_G.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/cisagov_G.yml b/data/cisagov_G.yml index d0d19a8..a4fcb96 100644 --- a/data/cisagov_G.yml +++ b/data/cisagov_G.yml @@ -682,7 +682,7 @@ software: notes: Chrome Browser releases, infrastructure and admin console are not using versions of Log4j affected by the vulnerability. references: - '' - last_updated: '2022-01-14' + last_updated: '2022-01-14' - vendor: Google Cloud product: AI Platform Data Labeling cves: From b07a1af9fe6299ad41c993fe0ebf865499fff243 Mon Sep 17 00:00:00 2001 From: cisagovbot <65734717+cisagovbot@users.noreply.github.com> Date: Fri, 14 Jan 2022 06:32:53 +0000 Subject: [PATCH 06/11] Update the software list --- SOFTWARE-LIST.md | 1 + data/cisagov.yml | 30 ++++++++++++++++++++++++++++++ 2 files changed, 31 insertions(+) diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md index 3329dec..5dd3c53 100644 --- a/SOFTWARE-LIST.md +++ b/SOFTWARE-LIST.md @@ -1307,6 +1307,7 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Google Cloud | Virtual Private Cloud | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | | Google Cloud | Web Security Scanner | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | Google Cloud | Workflows | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google | Chrome | | | Not Affected | [link](https://security.googleblog.com/2021/12/apache-log4j-vulnerability.html) | Chrome Browser releases, infrastructure and admin console are not using versions of Log4j affected by the vulnerability. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-14 | | Gradle | Gradle | | | Unknown | [link](https://blog.gradle.org/log4j-vulnerability) | Gradle Scala Compiler Plugin depends upon log4j-core but it is not used. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Gradle | Gradle Enterprise | < 2021.3.6 | | Affected | [link](https://security.gradle.com/advisory/2021-11) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Gradle | Gradle Enterprise Build Cache Node | < 10.1 | | Affected | [link](https://security.gradle.com/advisory/2021-11) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | diff --git a/data/cisagov.yml b/data/cisagov.yml index 3238526..8ae95e8 100644 --- a/data/cisagov.yml +++ b/data/cisagov.yml @@ -38164,6 +38164,36 @@ software: references: - '' last_updated: '2021-12-21T00:00:00' + - vendor: Google + product: Chrome + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security.googleblog.com/2021/12/apache-log4j-vulnerability.html + notes: Chrome Browser releases, infrastructure and admin console are not using + versions of Log4j affected by the vulnerability. + references: + - '' + last_updated: '2022-01-14' - vendor: Gradle product: Gradle cves: From 19ae9a99c9a0969ce17777670bbb34eb3f73f036 Mon Sep 17 00:00:00 2001 From: Lcerkov <96153185+Lcerkov@users.noreply.github.com> Date: Fri, 14 Jan 2022 11:57:04 -0500 Subject: [PATCH 07/11] Update data/cisagov_O.yml --- data/cisagov_O.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/cisagov_O.yml b/data/cisagov_O.yml index aa27a52..2948402 100644 --- a/data/cisagov_O.yml +++ b/data/cisagov_O.yml @@ -598,7 +598,7 @@ software: investigated: true affected_versions: - < 3.3.2 - fixed_versions: + fixed_versions: - 3.3.2 unaffected_versions: [] cve-2021-45046: From 2e864bc42c8a5e37de3c21a04e96d0721859e4cb Mon Sep 17 00:00:00 2001 From: Lcerkov <96153185+Lcerkov@users.noreply.github.com> Date: Fri, 14 Jan 2022 11:57:10 -0500 Subject: [PATCH 08/11] Update data/cisagov_O.yml --- data/cisagov_O.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/cisagov_O.yml b/data/cisagov_O.yml index 2948402..ee69877 100644 --- a/data/cisagov_O.yml +++ b/data/cisagov_O.yml @@ -629,7 +629,7 @@ software: investigated: true affected_versions: - < 4.3g - fixed_versions: + fixed_versions: - 4.3g unaffected_versions: [] cve-2021-45046: From 99517e7087af4e568185ac1bc71f9fdc4d2c0369 Mon Sep 17 00:00:00 2001 From: Lcerkov <96153185+Lcerkov@users.noreply.github.com> Date: Fri, 14 Jan 2022 11:57:16 -0500 Subject: [PATCH 09/11] Update data/cisagov_O.yml --- data/cisagov_O.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/cisagov_O.yml b/data/cisagov_O.yml index ee69877..8ef5f5c 100644 --- a/data/cisagov_O.yml +++ b/data/cisagov_O.yml @@ -691,7 +691,7 @@ software: investigated: true affected_versions: - < 4.3g - fixed_versions: + fixed_versions: - 4.3g unaffected_versions: [] cve-2021-45046: From 5ff0d8469be1a34d8747835cf4e8e23909c7d488 Mon Sep 17 00:00:00 2001 From: Lcerkov <96153185+Lcerkov@users.noreply.github.com> Date: Fri, 14 Jan 2022 11:57:21 -0500 Subject: [PATCH 10/11] Update data/cisagov_O.yml --- data/cisagov_O.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/cisagov_O.yml b/data/cisagov_O.yml index 8ef5f5c..4751f7c 100644 --- a/data/cisagov_O.yml +++ b/data/cisagov_O.yml @@ -660,7 +660,7 @@ software: investigated: true affected_versions: - < 4.3g - fixed_versions: + fixed_versions: - 4.3g unaffected_versions: [] cve-2021-45046: From 22c1a1d140aacd59e2d784a949c5e32730c31e0e Mon Sep 17 00:00:00 2001 From: cisagovbot <65734717+cisagovbot@users.noreply.github.com> Date: Fri, 14 Jan 2022 17:01:40 +0000 Subject: [PATCH 11/11] Update the software list --- SOFTWARE-LIST.md | 5 ++ data/cisagov.yml | 153 +++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 158 insertions(+) diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md index 5dd3c53..659761c 100644 --- a/SOFTWARE-LIST.md +++ b/SOFTWARE-LIST.md @@ -125,6 +125,7 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Aptible | Aptible | ElasticSearch 5.x | | Affected | [link](https://status.aptible.com/incidents/gk1rh440h36s?u=zfbcrbt2lkv4) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Aqua Security | | | | Unknown | [link](https://docs.google.com/document/d/e/2PACX-1vSmFR3oHPXOih1wENKd7RXn0dsHzgPUe91jJwDTsaVxJtcJEroktWNLq7BMUx9v7oDZRHqLVgkJnqCm/pub) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Arbiter Systems | All | | | Unknown | [link](https://www.arbiter.com/news/index.php?id=4403) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| ARC Informatique | All | | | Not Affected | [link](https://www.pcvuesolutions.com/support/index.php/en/security-bulletin/1141-security-bulletin-2021-1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-13 | | Arca Noae | | | | Unknown | [link](https://www.arcanoae.com/apache-log4j-vulnerability-cve-2021-44228/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Arcserve | Arcserve Backup | | | Not Affected | [link](https://support.storagecraft.com/s/article/Log4J-Update) | | [https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Arcserve | Arcserve Continuous Availability | | | Not Affected | [link](https://support.storagecraft.com/s/article/Log4J-Update) | | [https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | @@ -2120,6 +2121,10 @@ NOTE: This file is automatically generated. To submit updates, please refer to | OpenNMS | | | | Unknown | [link](https://www.opennms.com/en/blog/2021-12-10-opennms-products-affected-by-apache-log4j-vulnerability-cve-2021-44228/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | OpenSearch | | | | Unknown | [link](https://discuss.opendistrocommunity.dev/t/log4j-patch-for-cve-2021-44228/7950) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | OpenText | | | | Unknown | [link](https://www.opentext.com/support/log4j-remote-code-execution-advisory) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-23 | +| Opto 22 | GROOV-AR1, GROOV-AR1-BASE, GROOV-AR1-SNAP | < 4.3g | 4.3g | Fixed | [link](https://blog.opto22.com/optoblog/new-update-to-address-log4shell/log4j-exploit) | The Log4j vulnerability affects all products running groov View software | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-13 | +| Opto 22 | GROOV-AT1, GROOV-AT1-SNAP | < 4.3g | 4.3g | Fixed | [link](https://blog.opto22.com/optoblog/new-update-to-address-log4shell/log4j-exploit) | The Log4j vulnerability affects all products running groov View software | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-13 | +| Opto 22 | GROOV-SVR-WIN, GROOV-SVR-WIN-BASE, GROOV-SVR-WIN-SNAP | < 4.3g | 4.3g | Fixed | [link](https://blog.opto22.com/optoblog/new-update-to-address-log4shell/log4j-exploit) | The Log4j vulnerability affects all products running groov View software | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-13 | +| Opto 22 | GRV-EPIC-PR1, GRV-EPIC-PR2 | < 3.3.2 | 3.3.2 | Fixed | [link](https://blog.opto22.com/optoblog/new-update-to-address-log4shell/log4j-exploit) | The Log4j vulnerability affects all products running groov View software | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-13 | | Oracle | | | | Unknown | [link](https://www.oracle.com/security-alerts/alert-cve-2021-44228.html) | The support document is available to customers only and has not been reviewed by CISA | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | | Oracle | Enterprise Manager | 13.5, 13.4 & 13.3.2 | | Affected | [link](https://www.oracle.com/security-alerts/alert-cve-2021-44228.html) | Patch status and other security guidance is restricted to Oracle account/support members. The support document is available to customers only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | | Oracle | Exadata | <21.3.4 | | Affected | [link](https://www.oracle.com/security-alerts/alert-cve-2021-44228.html) | Patch status and other security guidance is restricted to Oracle account/support members. The support document is available to customers only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | diff --git a/data/cisagov.yml b/data/cisagov.yml index 8ae95e8..6111ad1 100644 --- a/data/cisagov.yml +++ b/data/cisagov.yml @@ -3104,6 +3104,35 @@ software: references: - '' last_updated: '2021-12-22T00:00:00' + - vendor: ARC Informatique + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.pcvuesolutions.com/support/index.php/en/security-bulletin/1141-security-bulletin-2021-1 + notes: '' + references: + - '' + last_updated: '2022-01-13T00:00:00' - vendor: Arca Noae product: '' cves: @@ -61971,6 +62000,130 @@ software: references: - '' last_updated: '2021-12-23T00:00:00' + - vendor: Opto 22 + product: GROOV-AR1, GROOV-AR1-BASE, GROOV-AR1-SNAP + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - < 4.3g + fixed_versions: + - 4.3g + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blog.opto22.com/optoblog/new-update-to-address-log4shell/log4j-exploit + notes: The Log4j vulnerability affects all products running groov View software + references: + - '' + last_updated: '2022-01-13T00:00:00' + - vendor: Opto 22 + product: GROOV-AT1, GROOV-AT1-SNAP + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - < 4.3g + fixed_versions: + - 4.3g + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blog.opto22.com/optoblog/new-update-to-address-log4shell/log4j-exploit + notes: The Log4j vulnerability affects all products running groov View software + references: + - '' + last_updated: '2022-01-13T00:00:00' + - vendor: Opto 22 + product: GROOV-SVR-WIN, GROOV-SVR-WIN-BASE, GROOV-SVR-WIN-SNAP + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - < 4.3g + fixed_versions: + - 4.3g + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blog.opto22.com/optoblog/new-update-to-address-log4shell/log4j-exploit + notes: The Log4j vulnerability affects all products running groov View software + references: + - '' + last_updated: '2022-01-13T00:00:00' + - vendor: Opto 22 + product: GRV-EPIC-PR1, GRV-EPIC-PR2 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - < 3.3.2 + fixed_versions: + - 3.3.2 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blog.opto22.com/optoblog/new-update-to-address-log4shell/log4j-exploit + notes: The Log4j vulnerability affects all products running groov View software + references: + - '' + last_updated: '2022-01-13T00:00:00' - vendor: Oracle product: '' cves: