mirror of
https://github.com/cisagov/log4j-affected-db.git
synced 2024-11-25 09:50:47 +00:00
Merge branch 'develop' into patch-1
This commit is contained in:
commit
3247341401
5 changed files with 371 additions and 0 deletions
|
@ -125,6 +125,7 @@ NOTE: This file is automatically generated. To submit updates, please refer to
|
|||
| Aptible | Aptible | ElasticSearch 5.x | | Affected | [link](https://status.aptible.com/incidents/gk1rh440h36s?u=zfbcrbt2lkv4) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
|
||||
| Aqua Security | | | | Unknown | [link](https://docs.google.com/document/d/e/2PACX-1vSmFR3oHPXOih1wENKd7RXn0dsHzgPUe91jJwDTsaVxJtcJEroktWNLq7BMUx9v7oDZRHqLVgkJnqCm/pub) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
|
||||
| Arbiter Systems | All | | | Unknown | [link](https://www.arbiter.com/news/index.php?id=4403) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 |
|
||||
| ARC Informatique | All | | | Not Affected | [link](https://www.pcvuesolutions.com/support/index.php/en/security-bulletin/1141-security-bulletin-2021-1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-13 |
|
||||
| Arca Noae | | | | Unknown | [link](https://www.arcanoae.com/apache-log4j-vulnerability-cve-2021-44228/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
|
||||
| Arcserve | Arcserve Backup | | | Not Affected | [link](https://support.storagecraft.com/s/article/Log4J-Update) | | [https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 |
|
||||
| Arcserve | Arcserve Continuous Availability | | | Not Affected | [link](https://support.storagecraft.com/s/article/Log4J-Update) | | [https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 |
|
||||
|
@ -1307,6 +1308,7 @@ NOTE: This file is automatically generated. To submit updates, please refer to
|
|||
| Google Cloud | Virtual Private Cloud | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 |
|
||||
| Google Cloud | Web Security Scanner | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 |
|
||||
| Google Cloud | Workflows | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 |
|
||||
| Google | Chrome | | | Not Affected | [link](https://security.googleblog.com/2021/12/apache-log4j-vulnerability.html) | Chrome Browser releases, infrastructure and admin console are not using versions of Log4j affected by the vulnerability. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-14 |
|
||||
| Gradle | Gradle | | | Unknown | [link](https://blog.gradle.org/log4j-vulnerability) | Gradle Scala Compiler Plugin depends upon log4j-core but it is not used. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
|
||||
| Gradle | Gradle Enterprise | < 2021.3.6 | | Affected | [link](https://security.gradle.com/advisory/2021-11) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
|
||||
| Gradle | Gradle Enterprise Build Cache Node | < 10.1 | | Affected | [link](https://security.gradle.com/advisory/2021-11) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
|
||||
|
@ -2119,6 +2121,10 @@ NOTE: This file is automatically generated. To submit updates, please refer to
|
|||
| OpenNMS | | | | Unknown | [link](https://www.opennms.com/en/blog/2021-12-10-opennms-products-affected-by-apache-log4j-vulnerability-cve-2021-44228/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
|
||||
| OpenSearch | | | | Unknown | [link](https://discuss.opendistrocommunity.dev/t/log4j-patch-for-cve-2021-44228/7950) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
|
||||
| OpenText | | | | Unknown | [link](https://www.opentext.com/support/log4j-remote-code-execution-advisory) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-23 |
|
||||
| Opto 22 | GROOV-AR1, GROOV-AR1-BASE, GROOV-AR1-SNAP | < 4.3g | 4.3g | Fixed | [link](https://blog.opto22.com/optoblog/new-update-to-address-log4shell/log4j-exploit) | The Log4j vulnerability affects all products running groov View software | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-13 |
|
||||
| Opto 22 | GROOV-AT1, GROOV-AT1-SNAP | < 4.3g | 4.3g | Fixed | [link](https://blog.opto22.com/optoblog/new-update-to-address-log4shell/log4j-exploit) | The Log4j vulnerability affects all products running groov View software | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-13 |
|
||||
| Opto 22 | GROOV-SVR-WIN, GROOV-SVR-WIN-BASE, GROOV-SVR-WIN-SNAP | < 4.3g | 4.3g | Fixed | [link](https://blog.opto22.com/optoblog/new-update-to-address-log4shell/log4j-exploit) | The Log4j vulnerability affects all products running groov View software | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-13 |
|
||||
| Opto 22 | GRV-EPIC-PR1, GRV-EPIC-PR2 | < 3.3.2 | 3.3.2 | Fixed | [link](https://blog.opto22.com/optoblog/new-update-to-address-log4shell/log4j-exploit) | The Log4j vulnerability affects all products running groov View software | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-13 |
|
||||
| Oracle | | | | Unknown | [link](https://www.oracle.com/security-alerts/alert-cve-2021-44228.html) | The support document is available to customers only and has not been reviewed by CISA | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 |
|
||||
| Oracle | Enterprise Manager | 13.5, 13.4 & 13.3.2 | | Affected | [link](https://www.oracle.com/security-alerts/alert-cve-2021-44228.html) | Patch status and other security guidance is restricted to Oracle account/support members. The support document is available to customers only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 |
|
||||
| Oracle | Exadata | <21.3.4 | | Affected | [link](https://www.oracle.com/security-alerts/alert-cve-2021-44228.html) | Patch status and other security guidance is restricted to Oracle account/support members. The support document is available to customers only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 |
|
||||
|
|
183
data/cisagov.yml
183
data/cisagov.yml
|
@ -3104,6 +3104,35 @@ software:
|
|||
references:
|
||||
- ''
|
||||
last_updated: '2021-12-22T00:00:00'
|
||||
- vendor: ARC Informatique
|
||||
product: All
|
||||
cves:
|
||||
cve-2021-4104:
|
||||
investigated: false
|
||||
affected_versions: []
|
||||
fixed_versions: []
|
||||
unaffected_versions: []
|
||||
cve-2021-44228:
|
||||
investigated: true
|
||||
affected_versions: []
|
||||
fixed_versions: []
|
||||
unaffected_versions: []
|
||||
cve-2021-45046:
|
||||
investigated: false
|
||||
affected_versions: []
|
||||
fixed_versions: []
|
||||
unaffected_versions: []
|
||||
cve-2021-45105:
|
||||
investigated: false
|
||||
affected_versions: []
|
||||
fixed_versions: []
|
||||
unaffected_versions: []
|
||||
vendor_links:
|
||||
- https://www.pcvuesolutions.com/support/index.php/en/security-bulletin/1141-security-bulletin-2021-1
|
||||
notes: ''
|
||||
references:
|
||||
- ''
|
||||
last_updated: '2022-01-13T00:00:00'
|
||||
- vendor: Arca Noae
|
||||
product: ''
|
||||
cves:
|
||||
|
@ -38164,6 +38193,36 @@ software:
|
|||
references:
|
||||
- ''
|
||||
last_updated: '2021-12-21T00:00:00'
|
||||
- vendor: Google
|
||||
product: Chrome
|
||||
cves:
|
||||
cve-2021-4104:
|
||||
investigated: false
|
||||
affected_versions: []
|
||||
fixed_versions: []
|
||||
unaffected_versions: []
|
||||
cve-2021-44228:
|
||||
investigated: true
|
||||
affected_versions: []
|
||||
fixed_versions: []
|
||||
unaffected_versions: []
|
||||
cve-2021-45046:
|
||||
investigated: true
|
||||
affected_versions: []
|
||||
fixed_versions: []
|
||||
unaffected_versions: []
|
||||
cve-2021-45105:
|
||||
investigated: false
|
||||
affected_versions: []
|
||||
fixed_versions: []
|
||||
unaffected_versions: []
|
||||
vendor_links:
|
||||
- https://security.googleblog.com/2021/12/apache-log4j-vulnerability.html
|
||||
notes: Chrome Browser releases, infrastructure and admin console are not using
|
||||
versions of Log4j affected by the vulnerability.
|
||||
references:
|
||||
- ''
|
||||
last_updated: '2022-01-14'
|
||||
- vendor: Gradle
|
||||
product: Gradle
|
||||
cves:
|
||||
|
@ -61941,6 +62000,130 @@ software:
|
|||
references:
|
||||
- ''
|
||||
last_updated: '2021-12-23T00:00:00'
|
||||
- vendor: Opto 22
|
||||
product: GROOV-AR1, GROOV-AR1-BASE, GROOV-AR1-SNAP
|
||||
cves:
|
||||
cve-2021-4104:
|
||||
investigated: false
|
||||
affected_versions: []
|
||||
fixed_versions: []
|
||||
unaffected_versions: []
|
||||
cve-2021-44228:
|
||||
investigated: true
|
||||
affected_versions:
|
||||
- < 4.3g
|
||||
fixed_versions:
|
||||
- 4.3g
|
||||
unaffected_versions: []
|
||||
cve-2021-45046:
|
||||
investigated: false
|
||||
affected_versions: []
|
||||
fixed_versions: []
|
||||
unaffected_versions: []
|
||||
cve-2021-45105:
|
||||
investigated: false
|
||||
affected_versions: []
|
||||
fixed_versions: []
|
||||
unaffected_versions: []
|
||||
vendor_links:
|
||||
- https://blog.opto22.com/optoblog/new-update-to-address-log4shell/log4j-exploit
|
||||
notes: The Log4j vulnerability affects all products running groov View software
|
||||
references:
|
||||
- ''
|
||||
last_updated: '2022-01-13T00:00:00'
|
||||
- vendor: Opto 22
|
||||
product: GROOV-AT1, GROOV-AT1-SNAP
|
||||
cves:
|
||||
cve-2021-4104:
|
||||
investigated: false
|
||||
affected_versions: []
|
||||
fixed_versions: []
|
||||
unaffected_versions: []
|
||||
cve-2021-44228:
|
||||
investigated: true
|
||||
affected_versions:
|
||||
- < 4.3g
|
||||
fixed_versions:
|
||||
- 4.3g
|
||||
unaffected_versions: []
|
||||
cve-2021-45046:
|
||||
investigated: false
|
||||
affected_versions: []
|
||||
fixed_versions: []
|
||||
unaffected_versions: []
|
||||
cve-2021-45105:
|
||||
investigated: false
|
||||
affected_versions: []
|
||||
fixed_versions: []
|
||||
unaffected_versions: []
|
||||
vendor_links:
|
||||
- https://blog.opto22.com/optoblog/new-update-to-address-log4shell/log4j-exploit
|
||||
notes: The Log4j vulnerability affects all products running groov View software
|
||||
references:
|
||||
- ''
|
||||
last_updated: '2022-01-13T00:00:00'
|
||||
- vendor: Opto 22
|
||||
product: GROOV-SVR-WIN, GROOV-SVR-WIN-BASE, GROOV-SVR-WIN-SNAP
|
||||
cves:
|
||||
cve-2021-4104:
|
||||
investigated: false
|
||||
affected_versions: []
|
||||
fixed_versions: []
|
||||
unaffected_versions: []
|
||||
cve-2021-44228:
|
||||
investigated: true
|
||||
affected_versions:
|
||||
- < 4.3g
|
||||
fixed_versions:
|
||||
- 4.3g
|
||||
unaffected_versions: []
|
||||
cve-2021-45046:
|
||||
investigated: false
|
||||
affected_versions: []
|
||||
fixed_versions: []
|
||||
unaffected_versions: []
|
||||
cve-2021-45105:
|
||||
investigated: false
|
||||
affected_versions: []
|
||||
fixed_versions: []
|
||||
unaffected_versions: []
|
||||
vendor_links:
|
||||
- https://blog.opto22.com/optoblog/new-update-to-address-log4shell/log4j-exploit
|
||||
notes: The Log4j vulnerability affects all products running groov View software
|
||||
references:
|
||||
- ''
|
||||
last_updated: '2022-01-13T00:00:00'
|
||||
- vendor: Opto 22
|
||||
product: GRV-EPIC-PR1, GRV-EPIC-PR2
|
||||
cves:
|
||||
cve-2021-4104:
|
||||
investigated: false
|
||||
affected_versions: []
|
||||
fixed_versions: []
|
||||
unaffected_versions: []
|
||||
cve-2021-44228:
|
||||
investigated: true
|
||||
affected_versions:
|
||||
- < 3.3.2
|
||||
fixed_versions:
|
||||
- 3.3.2
|
||||
unaffected_versions: []
|
||||
cve-2021-45046:
|
||||
investigated: false
|
||||
affected_versions: []
|
||||
fixed_versions: []
|
||||
unaffected_versions: []
|
||||
cve-2021-45105:
|
||||
investigated: false
|
||||
affected_versions: []
|
||||
fixed_versions: []
|
||||
unaffected_versions: []
|
||||
vendor_links:
|
||||
- https://blog.opto22.com/optoblog/new-update-to-address-log4shell/log4j-exploit
|
||||
notes: The Log4j vulnerability affects all products running groov View software
|
||||
references:
|
||||
- ''
|
||||
last_updated: '2022-01-13T00:00:00'
|
||||
- vendor: Oracle
|
||||
product: ''
|
||||
cves:
|
||||
|
|
|
@ -2958,6 +2958,35 @@ software:
|
|||
references:
|
||||
- ''
|
||||
last_updated: '2021-12-22T00:00:00'
|
||||
- vendor: ARC Informatique
|
||||
product: All
|
||||
cves:
|
||||
cve-2021-4104:
|
||||
investigated: false
|
||||
affected_versions: []
|
||||
fixed_versions: []
|
||||
unaffected_versions: []
|
||||
cve-2021-44228:
|
||||
investigated: true
|
||||
affected_versions: []
|
||||
fixed_versions: []
|
||||
unaffected_versions: []
|
||||
cve-2021-45046:
|
||||
investigated: false
|
||||
affected_versions: []
|
||||
fixed_versions: []
|
||||
unaffected_versions: []
|
||||
cve-2021-45105:
|
||||
investigated: false
|
||||
affected_versions: []
|
||||
fixed_versions: []
|
||||
unaffected_versions: []
|
||||
vendor_links:
|
||||
- https://www.pcvuesolutions.com/support/index.php/en/security-bulletin/1141-security-bulletin-2021-1
|
||||
notes: ''
|
||||
references:
|
||||
- ''
|
||||
last_updated: '2022-01-13T00:00:00'
|
||||
- vendor: Arca Noae
|
||||
product: ''
|
||||
cves:
|
||||
|
|
|
@ -654,6 +654,35 @@ software:
|
|||
references:
|
||||
- ''
|
||||
last_updated: '2022-01-12T07:18:52+00:00'
|
||||
- vendor: Google
|
||||
product: Chrome
|
||||
cves:
|
||||
cve-2021-4104:
|
||||
investigated: false
|
||||
affected_versions: []
|
||||
fixed_versions: []
|
||||
unaffected_versions: []
|
||||
cve-2021-44228:
|
||||
investigated: true
|
||||
affected_versions: []
|
||||
fixed_versions: []
|
||||
unaffected_versions: []
|
||||
cve-2021-45046:
|
||||
investigated: true
|
||||
affected_versions: []
|
||||
fixed_versions: []
|
||||
unaffected_versions: []
|
||||
cve-2021-45105:
|
||||
investigated: false
|
||||
affected_versions: []
|
||||
fixed_versions: []
|
||||
unaffected_versions: []
|
||||
vendor_links:
|
||||
- https://security.googleblog.com/2021/12/apache-log4j-vulnerability.html
|
||||
notes: Chrome Browser releases, infrastructure and admin console are not using versions of Log4j affected by the vulnerability.
|
||||
references:
|
||||
- ''
|
||||
last_updated: '2022-01-14'
|
||||
- vendor: Google Cloud
|
||||
product: AI Platform Data Labeling
|
||||
cves:
|
||||
|
|
|
@ -586,6 +586,130 @@ software:
|
|||
references:
|
||||
- ''
|
||||
last_updated: '2021-12-23T00:00:00'
|
||||
- vendor: Opto 22
|
||||
product: GRV-EPIC-PR1, GRV-EPIC-PR2
|
||||
cves:
|
||||
cve-2021-4104:
|
||||
investigated: false
|
||||
affected_versions: []
|
||||
fixed_versions: []
|
||||
unaffected_versions: []
|
||||
cve-2021-44228:
|
||||
investigated: true
|
||||
affected_versions:
|
||||
- < 3.3.2
|
||||
fixed_versions:
|
||||
- 3.3.2
|
||||
unaffected_versions: []
|
||||
cve-2021-45046:
|
||||
investigated: false
|
||||
affected_versions: []
|
||||
fixed_versions: []
|
||||
unaffected_versions: []
|
||||
cve-2021-45105:
|
||||
investigated: false
|
||||
affected_versions: []
|
||||
fixed_versions: []
|
||||
unaffected_versions: []
|
||||
vendor_links:
|
||||
- https://blog.opto22.com/optoblog/new-update-to-address-log4shell/log4j-exploit
|
||||
notes: The Log4j vulnerability affects all products running groov View software
|
||||
references:
|
||||
- ''
|
||||
last_updated: '2022-01-13T00:00:00'
|
||||
- vendor: Opto 22
|
||||
product: GROOV-AR1, GROOV-AR1-BASE, GROOV-AR1-SNAP
|
||||
cves:
|
||||
cve-2021-4104:
|
||||
investigated: false
|
||||
affected_versions: []
|
||||
fixed_versions: []
|
||||
unaffected_versions: []
|
||||
cve-2021-44228:
|
||||
investigated: true
|
||||
affected_versions:
|
||||
- < 4.3g
|
||||
fixed_versions:
|
||||
- 4.3g
|
||||
unaffected_versions: []
|
||||
cve-2021-45046:
|
||||
investigated: false
|
||||
affected_versions: []
|
||||
fixed_versions: []
|
||||
unaffected_versions: []
|
||||
cve-2021-45105:
|
||||
investigated: false
|
||||
affected_versions: []
|
||||
fixed_versions: []
|
||||
unaffected_versions: []
|
||||
vendor_links:
|
||||
- https://blog.opto22.com/optoblog/new-update-to-address-log4shell/log4j-exploit
|
||||
notes: The Log4j vulnerability affects all products running groov View software
|
||||
references:
|
||||
- ''
|
||||
last_updated: '2022-01-13T00:00:00'
|
||||
- vendor: Opto 22
|
||||
product: GROOV-AT1, GROOV-AT1-SNAP
|
||||
cves:
|
||||
cve-2021-4104:
|
||||
investigated: false
|
||||
affected_versions: []
|
||||
fixed_versions: []
|
||||
unaffected_versions: []
|
||||
cve-2021-44228:
|
||||
investigated: true
|
||||
affected_versions:
|
||||
- < 4.3g
|
||||
fixed_versions:
|
||||
- 4.3g
|
||||
unaffected_versions: []
|
||||
cve-2021-45046:
|
||||
investigated: false
|
||||
affected_versions: []
|
||||
fixed_versions: []
|
||||
unaffected_versions: []
|
||||
cve-2021-45105:
|
||||
investigated: false
|
||||
affected_versions: []
|
||||
fixed_versions: []
|
||||
unaffected_versions: []
|
||||
vendor_links:
|
||||
- https://blog.opto22.com/optoblog/new-update-to-address-log4shell/log4j-exploit
|
||||
notes: The Log4j vulnerability affects all products running groov View software
|
||||
references:
|
||||
- ''
|
||||
last_updated: '2022-01-13T00:00:00'
|
||||
- vendor: Opto 22
|
||||
product: GROOV-SVR-WIN, GROOV-SVR-WIN-BASE, GROOV-SVR-WIN-SNAP
|
||||
cves:
|
||||
cve-2021-4104:
|
||||
investigated: false
|
||||
affected_versions: []
|
||||
fixed_versions: []
|
||||
unaffected_versions: []
|
||||
cve-2021-44228:
|
||||
investigated: true
|
||||
affected_versions:
|
||||
- < 4.3g
|
||||
fixed_versions:
|
||||
- 4.3g
|
||||
unaffected_versions: []
|
||||
cve-2021-45046:
|
||||
investigated: false
|
||||
affected_versions: []
|
||||
fixed_versions: []
|
||||
unaffected_versions: []
|
||||
cve-2021-45105:
|
||||
investigated: false
|
||||
affected_versions: []
|
||||
fixed_versions: []
|
||||
unaffected_versions: []
|
||||
vendor_links:
|
||||
- https://blog.opto22.com/optoblog/new-update-to-address-log4shell/log4j-exploit
|
||||
notes: The Log4j vulnerability affects all products running groov View software
|
||||
references:
|
||||
- ''
|
||||
last_updated: '2022-01-13T00:00:00'
|
||||
- vendor: Oracle
|
||||
product: ''
|
||||
cves:
|
||||
|
|
Loading…
Reference in a new issue