diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md index 56ad28e..b622af4 100644 --- a/SOFTWARE-LIST.md +++ b/SOFTWARE-LIST.md @@ -1188,11 +1188,11 @@ NOTE: This file is automatically generated. To submit updates, please refer to | eXtreme Hosting | | | | Unknown | [link](https://extremehosting.nl/log4shell-log4j/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Extreme Networks | | | | Unknown | [link](https://extremeportal.force.com/ExtrArticleDetail?an=000100806) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Extron | | | | Unknown | [link](https://www.extron.com/featured/Security-at-Extron/extron-security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| F-Secure | Elements Connector | | | Unknown | [link](https://community.f-secure.com/common-business-en/kb/articles/9226-the-log4j-vulnerability-cve-2021-44228-which-f-secure-products-are-affected-what-it-means-what-steps-should-you-take) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| F-Secure | Endpoint Proxy | 13-15 | | Affected | [link](https://status.f-secure.com/incidents/sk8vmr0h34pd) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| F-Secure | Messaging Security Gateway | | | Unknown | [link](https://community.f-secure.com/common-business-en/kb/articles/9226-the-log4j-vulnerability-cve-2021-44228-which-f-secure-products-are-affected-what-it-means-what-steps-should-you-take) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| F-Secure | Policy Manager | 13-15 | | Affected | [link](https://status.f-secure.com/incidents/sk8vmr0h34pd) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| F-Secure | Policy Manager Proxy | 13-15 | | Affected | [link](https://status.f-secure.com/incidents/sk8vmr0h34pd) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| F-Secure | Elements Connector | | | Fixed | [link](https://community.f-secure.com/common-business-en/kb/articles/9226-the-log4j-vulnerability-cve-2021-44228-which-f-secure-products-are-affected-what-it-means-what-steps-should-you-take) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| F-Secure | Endpoint Proxy | | 13 through 15 | Fixed | [link](https://status.f-secure.com/incidents/sk8vmr0h34pd) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| F-Secure | Messaging Security Gateway | | | Fixed | [link](https://community.f-secure.com/common-business-en/kb/articles/9226-the-log4j-vulnerability-cve-2021-44228-which-f-secure-products-are-affected-what-it-means-what-steps-should-you-take) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| F-Secure | Policy Manager | | 13 through 15 | Fixed | [link](https://status.f-secure.com/incidents/sk8vmr0h34pd) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| F-Secure | Policy Manager Proxy | | 13 through 15 | Fixed | [link](https://status.f-secure.com/incidents/sk8vmr0h34pd) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | F5 | BIG-IP (all modules) | | | Not Affected | [link](https://support.f5.com/csp/article/K19026212) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | F5 | BIG-IQ Centralized Management | | | Not Affected | [link](https://support.f5.com/csp/article/K19026212) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | F5 | F5OS | | | Not Affected | [link](https://support.f5.com/csp/article/K19026212) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | @@ -1204,59 +1204,101 @@ NOTE: This file is automatically generated. To submit updates, please refer to | F5 | NGINX Plus | | | Not Affected | [link](https://support.f5.com/csp/article/K19026212) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | F5 | NGINX Service Mesh | | | Not Affected | [link](https://support.f5.com/csp/article/K19026212) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | F5 | NGINX Unit | | | Not Affected | [link](https://support.f5.com/csp/article/K19026212) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| F5 | Traffix SDC | 5.x (5.2.0 CF1, 5.1.0 CF-30 - 5.1.0 CF-33) | | Affected | [link](https://support.f5.com/csp/article/K19026212) | Vulnerable components: EMS-ELK components (Fluentd + Elastic Search + Kibana), Element Management System | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| FAST LTA | | | | Unknown | [link](https://blog.fast-lta.de/en/log4j2-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Fastly | | | | Unknown | [link](https://www.fastly.com/blog/digging-deeper-into-log4shell-0day-rce-exploit-found-in-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| FedEx | Ship Manager Software | Unknown | | Affected | [link](https://www.fedex.com/en-us/shipping/ship-manager/software.html#tab-4) | Note: FedEx is aware of the issue related to the Log4j Remote Code Execution vulnerability affecting various Apache products. We are actively assessing the situation and taking necessary action as appropriate. As a result, we are temporarily unable to provide a link to download the FedEx Ship Manager software or generate product keys needed for registration of FedEx Ship Manager software. We are working to have this resolved as quickly as possible and apologize for the inconvenience. For related questions or the most updated information, customers should check FedEx Updates for Apache Log4j Issue or contact their Customer Technology representative. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Fiix | Fiix CMMS Core | | v5 | Fixed | [link](https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605) | The product has been updated to Log4j version 2.15. An additional patch is being developed to update to 2.16. No user interaction is required. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| FileCap | | | | Unknown | [link](https://mailchi.mp/3f82266e0717/filecap-update-version-511) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| FileCatalyst | | | | Unknown | [link](https://support.filecatalyst.com/index.php/Knowledgebase/Article/View/advisory-log4j-zero-day-security-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| FileCloud | | | | Unknown | [link](https://www.getfilecloud.com/supportdocs/display/cloud/Advisory+2021-12-2+Impact+of+Apache+Log4j2+Vulnerability+on+FileCloud+Customers) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| FileWave | | | | Unknown | [link](https://kb.filewave.com/display/KB/Security+Notice:+Apache+log4j+Vulnerability+CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| FINVI | | | | Unknown | [link](https://finvi.com/support/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| FireDaemon | | | | Unknown | [link](https://kb.firedaemon.com/support/solutions/articles/4000178630) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Fisher & Paykel Healthcare | | | | Unknown | [link](https://www.fphcare.com/us/our-company/contact-us/product-security/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Flexagon | | | | Unknown | [link](https://flexagon.com/what-is-the-impact-of-log4j-vulnerability-cve-2021-44228-on-flexdeploy/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Flexera | | | | Unknown | [link](https://community.flexera.com/t5/Community-Notices/Flexera-s-response-to-Apache-Log4j-2-remote-code-execution/ba-p/216934) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Forcepoint | DLP Manager | | | Unknown | [link](https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Forcepoint | Forcepoint Cloud Security Gateway (CSG) | | | Unknown | [link](https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Forcepoint | Next Generation Firewall (NGFW) | | | Unknown | [link](https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Forcepoint | Next Generation Firewall, NGFW VPN Client, Forcepoint User ID service and Sidewinder | | | Unknown | [link](https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Forcepoint | One Endpoint | | | Unknown | [link](https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Forcepoint | Security Manager (Web, Email and DLP) | | | Unknown | [link](https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Forescout | | | | Unknown | [link](https://forescout.force.com/support/s/article/Important-security-information-related-to-Apache-Log4j-utility-CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| ForgeRock | Autonomous Identity | | | Unknown | [link](https://backstage.forgerock.com/knowledge/kb/book/b21824339#1_bzBa) | all other ForgeRock products Not vulnerable | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Fortinet | FortiAIOps | | | Unknown | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Fortinet | FortiAnalyzer | | | Unknown | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Fortinet | FortiAnalyzer Cloud | | | Unknown | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Fortinet | FortiAP | | | Unknown | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Fortinet | FortiAuthenticator | | | Unknown | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Fortinet | FortiCASB | | | Unknown | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Fortinet | FortiConvertor | | | Unknown | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Fortinet | FortiDeceptor | | | Unknown | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Fortinet | FortiEDR Agent | | | Unknown | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Fortinet | FortiEDR Cloud | | | Unknown | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Fortinet | FortiGate Cloud | | | Unknown | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Fortinet | FortiGSLB Cloud | | | Unknown | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Fortinet | FortiMail | | | Unknown | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Fortinet | FortiManager | | | Unknown | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Fortinet | FortiManager Cloud | | | Unknown | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Fortinet | FortiNAC | | | Unknown | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Fortinet | FortiNAC | | | Unknown | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Fortinet | FortiOS (includes FortiGate & FortiWiFi) | | | Unknown | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Fortinet | FortiPhish Cloud | | | Unknown | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Fortinet | FortiPolicy | | | Unknown | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Fortinet | FortiPortal | | | Unknown | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Fortinet | FortiRecorder | | | Unknown | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Fortinet | FortiSIEM | | | Unknown | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Fortinet | FortiSOAR | | | Unknown | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Fortinet | FortiSwicth Cloud in FortiLANCloud | | | Unknown | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Fortinet | FortiSwitch & FortiSwitchManager | | | Unknown | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Fortinet | FortiToken Cloud | | | Unknown | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Fortinet | FortiVoice | | | Unknown | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Fortinet | FortiWeb Cloud | | | Unknown | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Fortinet | ShieldX | | | Unknown | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| FTAPI | | | | Unknown | [link](https://www.ftapi.com/blog/kritische-sicherheitslucke-in-log4j-ftapi-reagiert/#) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| F5 | Traffix SDC | 5.x, 5.2.0 CF1, 5.1.0 CF-30 - 5.1.0 CF-33 | | Affected | [link](https://support.f5.com/csp/article/K19026212) | Vulnerable components: EMS-ELK components (Fluentd + Elastic Search + Kibana), Element Management System | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| FAST LTA | All | | | Unknown | [link](https://blog.fast-lta.de/en/log4j2-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fastly | All | | | Unknown | [link](https://www.fastly.com/blog/digging-deeper-into-log4shell-0day-rce-exploit-found-in-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| FedEx | Ship Manager Software | 340x | | Affected | [link](https://www.fedex.com/en-us/shipping/ship-manager/software.html#tab-4) | Note - FedEx is aware of the issue related to the Log4j Remote Code Execution vulnerability affecting various Apache products. We are actively assessing the situation and taking necessary action as appropriate. As a result, we are temporarily unable to provide a link to download the FedEx Ship Manager software or generate product keys needed for registration of FedEx Ship Manager software. We are working to have this resolved as quickly as possible and apologize for the inconvenience. For related questions or the most updated information, customers should check FedEx Updates for Apache Log4j Issue or contact their Customer Technology representative. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| FedEx | Ship Manager Software | | 3509 | Fixed | [link](https://www.fedex.com/en-us/shipping/ship-manager/software.html#tab-4) | Note - FedEx is aware of the issue related to the Log4j Remote Code Execution vulnerability affecting various Apache products. We are actively assessing the situation and taking necessary action as appropriate. As a result, we are temporarily unable to provide a link to download the FedEx Ship Manager software or generate product keys needed for registration of FedEx Ship Manager software. We are working to have this resolved as quickly as possible and apologize for the inconvenience. For related questions or the most updated information, customers should check FedEx Updates for Apache Log4j Issue or contact their Customer Technology representative. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Fiix | Fiix CMMS Core | | v5 | Fixed | [link](https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605) | The product has been updated to Log4j version 2.15. An additional patch is being developed to update to 2.16. No user interaction is required. This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| FileCap | Plugins | | | Not Affected | [link](https://filecap.com/blog-posts/detecteer-log4shell-exploitatie-pogingen) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| FileCap | Server | | 5.1.3 | Fixed | [link](https://filecap.com/blog-posts/detecteer-log4shell-exploitatie-pogingen) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| FileCatalyst | All | | | Unknown | [link](https://support.filecatalyst.com/index.php/Knowledgebase/Article/View/advisory-log4j-zero-day-security-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| FileCloud | All | | | Unknown | [link](https://www.getfilecloud.com/supportdocs/display/cloud/Advisory+2021-12-2+Impact+of+Apache+Log4j2+Vulnerability+on+FileCloud+Customers) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| FileWave | All | | | Unknown | [link](https://kb.filewave.com/display/KB/Security+Notice:+Apache+log4j+Vulnerability+CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| FileZilla | All | | | Not Affected | [link](https://forum.filezilla-project.org/viewtopic.php?f=6&t=54338) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| FINVI | All | | | Unknown | [link](https://finvi.com/support/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| FireDaemon | All | | | Unknown | [link](https://kb.firedaemon.com/support/solutions/articles/4000178630) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fisher & Paykel Healthcare | All | | | Not Affected | [link](https://www.fphcare.com/us/our-company/contact-us/product-security/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Flexagon | All | | | Unknown | [link](https://flexagon.com/what-is-the-impact-of-log4j-vulnerability-cve-2021-44228-on-flexdeploy/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Flexera | All | | | Unknown | [link](https://community.flexera.com/t5/Community-Notices/Flexera-s-response-to-Apache-Log4j-2-remote-code-execution/ba-p/216934) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Forcepoint | Advanced Malware Detection | | | Not Affected | [link](https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Forcepoint | Behavioral Analytics | | | Unknown | [link](https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Forcepoint | Bitglass SSE | | | Not Affected | [link](https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Forcepoint | CASB | | | Unknown | [link](https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Forcepoint | Cloud Security Gateway (CSG) | | | Not Affected | [link](https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Forcepoint | Content Gateway | | | Not Affected | [link](https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Forcepoint | DDP/DUP/DPS | | | Unknown | [link](https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Forcepoint | Directory Synchronization | | | Not Affected | [link](https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Forcepoint | DLP Manager | | | Fixed | [link](https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Forcepoint | Email Security | | | Not Affected | [link](https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Forcepoint | Insider Threat | | | Not Affected | [link](https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Forcepoint | Next Generation Firewall (NGFW) | | | Not Affected | [link](https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Forcepoint | NGFW Security Management Center | | | Fixed | [link](https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Forcepoint | NGFW Virtual SMC Appliances | | | Fixed | [link](https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Forcepoint | NGFW VPN Client | | | Fixed | [link](https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Forcepoint | One Endpoint | | | Not Affected | [link](https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Forcepoint | Security Manager (Web, Email and DLP) | | | Fixed | [link](https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Forcepoint | Sidewinder | | | Fixed | [link](https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Forcepoint | User ID service | | | Fixed | [link](https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Forcepoint | Web Security | | | Unknown | [link](https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Forescout | All | | | Unknown | [link](https://forescout.force.com/support/s/article/Important-security-information-related-to-Apache-Log4j-utility-CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| ForgeRock | Autonomous Identity | | | Fixed | [link](https://backstage.forgerock.com/knowledge/kb/book/b21824339#1_bzBa) | All other ForgeRock products not affected. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | Autonomous Identity | | | Fixed | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiADC | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiAI | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiAIOps | | 1.0.2 | Fixed | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiAnalyzer | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiAnalyzer Big Cloud | | 6.4.7, 7.0.2 | Fixed | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiAnalyzer Cloud | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiAP | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiAuthenticator | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiCache | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiCarrier | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiCASB | | | Fixed | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiClient | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiClient Cloud | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiClient EMS | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiConnect | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiConverter Portal | | | Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiCWP | | | Fixed | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiDDoS | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiDDoS-F | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiDeceptor | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiEDR Agent | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiEDR Cloud | | | Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiExtender Cloud | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiGate Cloud | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiGSLB Cloud | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiInsight | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiIsolator | | 2.3.4 | Fixed | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiLAN Cloud | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiMail | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiManager | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiManager Cloud | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiMonitor | | | Fixed | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiNAC | | | Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiOS (includes FortiGate & FortiWiFi) | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiPenTest | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiPhish Cloud | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiPolicy | | | Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiPortal | | | Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiPresence | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiProxy | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiRecorder | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiSandbox | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiSASE | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiSIEM | | | Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiSOAR | | | Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiSwitch & FortiSwitchManager | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiSwitch Cloud in FortiLANCloud | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiTester | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiToken Cloud | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiVoice | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiWeb Cloud | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiWLC | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiWLM | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | ShieldX | | | Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| FTAPI | All | | | Unknown | [link](https://www.ftapi.com/blog/kritische-sicherheitslucke-in-log4j-ftapi-reagiert/#) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Fuji Electric | MONITOUCH TS1000 series | | | Not Affected | [link](https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | | Fuji Electric | MONITOUCH TS1000S series | | | Not Affected | [link](https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | | Fuji Electric | MONITOUCH TS2000 series | | | Not Affected | [link](https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | @@ -1265,8 +1307,50 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Fuji Electric | MONITOUCH X1 series | | | Not Affected | [link](https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | | Fuji Electric | TELLUS and V-Server | | | Not Affected | [link](https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | | Fuji Electric | V-SFT | | | Not Affected | [link](https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | -| Fujitsu | | | | Unknown | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| FusionAuth | FusionAuth | | | Not Affected | [link](https://fusionauth.io/blog/2021/12/10/log4j-fusionauth/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | AIS Connect | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | Bean Connect | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | BS2000 Hardware | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | BS2000 Software | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | BX400 | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | BX900 MMB | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | eLux RP on FUTRO | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | ETERNUS AB/HB | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | ETERNUS CS800 | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | ETERNUS CS8000 | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | ETERNUS DX/AF | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | ETERNUS JX | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | ETERNUS LT140/260 | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | ETERNUS LT20/40/60 | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | ETERNUS SF | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | ETERNUS SF MA | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | FlexFrame | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | INTELLIEGDLE A/G | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | iRMC on PRIMERGY | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | ISM for PRIMERGY, PQ | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | NECoP | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | openFT | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | openSEAS | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | openUTM | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | openUTM (WebAdm.) | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | PRIMEFLEX for MS S2D | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | PTC Axeda (AIS Con.) | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | SBAX2 | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | SBAX3 | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | SecDocs | | | Fixed | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | ServerView IM | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | ServerView OM | | | Fixed | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | ServerView OM/UM | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | ServerView RAID | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | ServerView Rem. Con. | | | Unknown | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | ServerView VIOM | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | SOA Pro. Mgmt. Service | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | SOA SysRollout Service | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | SVS Services for ISM | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | SVS UME + LinuxLife | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | SVS VMware Op. Mgr. | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | SVS VMware vCenter | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | Web Transactions | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| FusionAuth | All | | | Not Affected | [link](https://fusionauth.io/blog/2021/12/10/log4j-fusionauth/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | GE Digital | All | | | Unknown | [link](https://digitalsupport.ge.com/communities/en_US/Alert/GE-Security-Advisories) | This advisory is available to customers only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | | GE Digital Grid | All | | | Unknown | [link](https://digitalenergy.service-now.com/csm?id=kb_category&kb_category=b8bc715b879c89103f22a93e0ebb3585) | This advisory is available to customers only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | | GE Gas Power | Asset Performance Management (APM) | | | Fixed | [link](https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf) | GE Digital has fixed the log4j issue on the APM. Validation and test completed in development environment and the team is currently deploying the fixes in the production environment. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | @@ -2235,6 +2319,7 @@ NOTE: This file is automatically generated. To submit updates, please refer to | LOGalyze | SIEM & log analyzer tool | v4.x | | Affected | [link](https://sourceforge.net/software/product/LOGalyze/) | local-log4j-vuln-scanner result: indicator for vulnerable component found in /logalyze/lib/log4j-1.2.17.jar (org/apache/log4j/net/SocketNode.class): log4j 1.2.17 | [Forks (github.com)](https://github.com/search?q=logalyzer&s=updated&type=Repositories) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | | LogiAnalytics | | | | Unknown | [link](https://devnet.logianalytics.com/hc/en-us/articles/4415781801751-Statement-on-Log4j-Vulnerability-CVE-2021-44228-) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | LogicMonitor | LogicMonitor Platform | | | Unknown | [link](https://www.logicmonitor.com/support/log4shell-security-vulnerability-cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Logit.io | Logit.io Platform | | | Not Affected | [link](https://logit.io/blog/post/logit-io-log4shell-security-update) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-07 | | LogMeIn | | | | Unknown | [link](https://community.logmein.com/t5/LogMeIn-Central-Discussions/LOG4J-Vulnerability/m-p/280317/highlight/true#M8327) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | LogRhythm | | | | Unknown | [link](https://community.logrhythm.com/t5/Product-Security/LogRhythm-Response-to-the-Apache-Log4J-Vulnerability-Log4Shell/td-p/494068) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Looker | Looker | 21.0, 21.6, 21.12, 21.16, 21.18, 21.20 | | Affected | [link](https://docs.google.com/document/d/e/2PACX-1vQGN1AYNMHxsRQ9AZNu1bKyTGRUSK_9xkQBge-nu4p8PYvBKIYHhc3914KTfVtDFIXtDhc3k6SZnR2M/pub) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | @@ -3256,28 +3341,136 @@ NOTE: This file is automatically generated. To submit updates, please refer to | WSO2 | Stream Integrator | | >= 1.0.0 | Fixed | [link](https://docs.wso2.com/pages/viewpage.action?pageId=180948677) | A temporary mitigation is available while vendor works on update. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | | WSO2 | Stream Integrator Tooling | | >= 1.0.0 | Fixed | [link](https://docs.wso2.com/pages/viewpage.action?pageId=180948677) | A temporary mitigation is available while vendor works on update. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | | WSO2 | Stream Processor | | >= 4.0.0 | Fixed | [link](https://docs.wso2.com/pages/viewpage.action?pageId=180948677) | A temporary mitigation is available while vendor works on update. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | -| XCP-ng | | | | Unknown | [link](https://xcp-ng.org/forum/topic/5315/log4j-vulnerability-impact) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| XCP-ng | All | | | Not Affected | [link](https://xcp-ng.org/forum/topic/5315/log4j-vulnerability-impact) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | XenForo | | | | Unknown | [link](https://xenforo.com/community/threads/psa-potential-security-vulnerability-in-elasticsearch-5-via-apache-log4j-log4shell.201145/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Xerox | | | | Unknown | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2021/12/Xerox-Special-Bulletin-XRX21-021-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.6.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| XPertDoc | | | | Unknown | [link](https://kb.xpertdoc.com/pages/viewpage.action?pageId=87622727) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| XPLG | | | | Unknown | [link](https://www.xplg.com/log4j-vulnerability-exploit-log4shell-xplg-secure/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| XWIKI | | | | Unknown | [link](https://forum.xwiki.org/t/log4j-cve-2021-44228-log4shell-zero-day-vulnerability/9557) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Xylem | Aquatalk | | | Unknown | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Xylem | Avensor | | | Unknown | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Xylem | Configuration change complete | | | Unknown | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Xylem | Sensus Analytics | | | Unknown | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Xylem | Sensus Automation Control Configuration change complete | | | Unknown | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Xylem | Sensus Cathodic Protection Mitigation in process Mitigation in process | | | Unknown | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Xylem | Sensus FieldLogic LogServer | | | Unknown | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Xylem | Sensus Lighting Control | | | Unknown | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Xylem | Sensus NetMetrics Configuration change complete | | | Unknown | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| Xerox | AltaLink Products | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | CareAR | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | ColorQube 8700 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | ColorQube 8870 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | ColorQube 8880 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | ColorQube 9201 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | ColorQube 9301 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | DocuCentre SC2020 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | ElemX | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | FreeFlow Core | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | FreeFlow Express to Print | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | FreeFlow Makeready | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | FreeFlow Output Manager | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | FreeFlow Print Manager - APP | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | FreeFlow Variable Information Suite | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Nuvera EA Perfecting Production Systems | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Nuvera EA Production Systems | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Phaser 3300 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Phaser 3320 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Phaser 3330 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Phaser 3435 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Phaser 3600 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Phaser 3610 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Phaser 3635 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Phaser 4510 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Phaser 4622 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Phaser 6000 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Phaser 6020 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Phaser 6022 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Phaser 6280 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Phaser 6510 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Phaser 6600 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Phaser 6700 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Phaser 7800 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Phaser 8860 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | PrimeLink Products | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Versalink Products | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 33xx | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 3615 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 4260 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 4265 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 5135 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 5150 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 5225 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 5230 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 53XX | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 5645 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 5655 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 5740 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 5745 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 5755 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 5765 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 58XX | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 5945 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 5955 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 6025 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 6400 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 6515 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 6605 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 6655 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 7425 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 7435 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 7525 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 7535 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 7556 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 7830 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 7835 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 7855 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 7970i | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre ECXX | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox Account Payable Services | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox App Gallery | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox B1022/25 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox B225 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox B230 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox B235 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox B310 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox Baltoro HF Inkjet Press | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox Branded ConnectKey Applications | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox C230 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox C235 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox C310 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox Campaigns on Demand | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox Color EC70 Printer | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox D110 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox D125 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox D95A | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox Digital Mailroom Services | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox ECXX | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox ED125 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox ED95A | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox iGen 5 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox Instant Print Kiosk | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox Intelligent Workplace Services (All Including XDM, XDA, CWW) | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox Iridesse Production Press | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox J75 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox Print and Scan Experience | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox Team Availability Application | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox Versant 180 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox Versant 280 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox Versant 3100 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox Versant 4100 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox Workflow Central Platform | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox Workplace Kiosk | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox Workplace Suite | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox Workspace Cloud | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | XMPie Data-Driven Print and VDP | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | XMPie Omnichannel Communications | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | XMPie Web to Print | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| XPertDoc | All | | | Unknown | [link](https://kb.xpertdoc.com/pages/viewpage.action?pageId=87622727) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| XPLG | All | | | Unknown | [link](https://www.xplg.com/log4j-vulnerability-exploit-log4shell-xplg-secure/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| XWIKI | All | | | Unknown | [link](https://forum.xwiki.org/t/log4j-cve-2021-44228-log4shell-zero-day-vulnerability/9557) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xylem | Aquatalk | | | Fixed | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| Xylem | Avensor | | | Fixed | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| Xylem | Configuration change complete | | | Fixed | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| Xylem | Sensus Analytics | | | Fixed | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| Xylem | Sensus Automation Control Configuration change complete | | | Fixed | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| Xylem | Sensus Cathodic Protection Mitigation in process Mitigation in process | | | Affected | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| Xylem | Sensus FieldLogic LogServer | | | Affected | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| Xylem | Sensus Lighting Control | | | Fixed | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| Xylem | Sensus NetMetrics Configuration change complete | | | Fixed | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | | Xylem | Sensus RNI On Prem | 4.7 through 4.10, 4.4 through 4.6, 4.2 | | Affected | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Xylem | Sensus RNI Saas | 4.7 through 4.10, 4.4 through 4.6, 4.2 | | Affected | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Xylem | Sensus SCS | | | Unknown | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Xylem | Smart Irrigation | | | Unknown | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Xylem | Water Loss Management (Visenti) | | | Unknown | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Xylem | Xylem Cloud | | | Unknown | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Xylem | Xylem Edge Gateway (xGW) | | | Unknown | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| Xylem | Sensus RNI Saas | | 4.7 through 4.10, 4.4 through 4.6, 4.2 | Fixed | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| Xylem | Sensus SCS | | | Fixed | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| Xylem | Smart Irrigation | | | Affected | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| Xylem | Water Loss Management (Visenti) | | | Fixed | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| Xylem | Xylem Cloud | | | Fixed | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| Xylem | Xylem Edge Gateway (xGW) | | | Fixed | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | | Yahoo | Vespa | | | Not Affected | [link](https://blog.vespa.ai/log4j-vulnerability/) | Your Vespa application may still be affected if log4j is included in your application package. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Yellowbrick | | | | Unknown | [link](https://support.yellowbrick.com/hc/en-us/articles/4412586575379-Security-Advisory-Yellowbrick-is-NOT-Affected-by-the-Log4Shell-Vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | YellowFin | All | | 8.0.10.3, 9.7.0.2 | Fixed | [link](https://community.yellowfinbi.com/announcement/notice-critical-vulnerability-in-log4j2) | v7 and v6 releases are not affected unless you have manually upgraded to Log4j2. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | diff --git a/data/cisagov.yml b/data/cisagov.yml index 6ea4b0f..b94a050 100644 --- a/data/cisagov.yml +++ b/data/cisagov.yml @@ -34779,9 +34779,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -34809,9 +34810,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 13-15 - fixed_versions: [] + affected_versions: [] + fixed_versions: + - 13 through 15 unaffected_versions: [] cve-2021-45046: investigated: false @@ -34838,9 +34839,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -34868,9 +34870,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 13-15 - fixed_versions: [] + affected_versions: [] + fixed_versions: + - 13 through 15 unaffected_versions: [] cve-2021-45046: investigated: false @@ -34898,9 +34900,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 13-15 - fixed_versions: [] + affected_versions: [] + fixed_versions: + - 13 through 15 unaffected_versions: [] cve-2021-45046: investigated: false @@ -34961,7 +34963,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 7.x-8.x + - 7.x - 8.x cve-2021-45046: investigated: false affected_versions: [] @@ -35259,8 +35261,9 @@ software: cve-2021-44228: investigated: true affected_versions: - - 5.x (5.2.0 CF1 - - 5.1.0 CF-30 - 5.1.0 CF-33) + - 5.x + - 5.2.0 CF1 + - 5.1.0 CF-30 - 5.1.0 CF-33 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -35281,7 +35284,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: FAST LTA - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -35310,7 +35313,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fastly - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -35349,7 +35352,7 @@ software: cve-2021-44228: investigated: false affected_versions: - - Unknown + - 340x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -35364,14 +35367,51 @@ software: unaffected_versions: [] vendor_links: - https://www.fedex.com/en-us/shipping/ship-manager/software.html#tab-4 - notes: 'Note: FedEx is aware of the issue related to the Log4j Remote Code Execution + notes: Note - FedEx is aware of the issue related to the Log4j Remote Code Execution vulnerability affecting various Apache products. We are actively assessing the situation and taking necessary action as appropriate. As a result, we are temporarily unable to provide a link to download the FedEx Ship Manager software or generate product keys needed for registration of FedEx Ship Manager software. We are working to have this resolved as quickly as possible and apologize for the inconvenience. For related questions or the most updated information, customers should check - FedEx Updates for Apache Log4j Issue or contact their Customer Technology representative.' + FedEx Updates for Apache Log4j Issue or contact their Customer Technology representative. + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: FedEx + product: Ship Manager Software + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: + - '3509' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fedex.com/en-us/shipping/ship-manager/software.html#tab-4 + notes: Note - FedEx is aware of the issue related to the Log4j Remote Code Execution + vulnerability affecting various Apache products. We are actively assessing the + situation and taking necessary action as appropriate. As a result, we are temporarily + unable to provide a link to download the FedEx Ship Manager software or generate + product keys needed for registration of FedEx Ship Manager software. We are + working to have this resolved as quickly as possible and apologize for the inconvenience. + For related questions or the most updated information, customers should check + FedEx Updates for Apache Log4j Issue or contact their Customer Technology representative. references: - '' last_updated: '2021-12-15T00:00:00' @@ -35402,12 +35442,13 @@ software: vendor_links: - https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605 notes: The product has been updated to Log4j version 2.15. An additional patch - is being developed to update to 2.16. No user interaction is required. + is being developed to update to 2.16. No user interaction is required. This + advisory is available to customer only and has not been reviewed by CISA. references: - '' last_updated: '2021-12-15T00:00:00' - vendor: FileCap - product: '' + product: Plugins cves: cve-2021-4104: investigated: false @@ -35415,10 +35456,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://filecap.com/blog-posts/detecteer-log4shell-exploitatie-pogingen + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: FileCap + product: Server + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 5.1.3 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -35430,13 +35502,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://mailchi.mp/3f82266e0717/filecap-update-version-511 + - https://filecap.com/blog-posts/detecteer-log4shell-exploitatie-pogingen notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: FileCatalyst - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -35465,7 +35537,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: FileCloud - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -35494,7 +35566,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: FileWave - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -35522,8 +35594,38 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: FileZilla + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forum.filezilla-project.org/viewtopic.php?f=6&t=54338 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: FINVI - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -35552,7 +35654,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: FireDaemon - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -35581,7 +35683,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fisher & Paykel Healthcare - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -35589,10 +35691,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -35610,7 +35713,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Flexagon - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -35639,7 +35742,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Flexera - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -35668,7 +35771,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Forcepoint - product: DLP Manager + product: Advanced Malware Detection cves: cve-2021-4104: investigated: false @@ -35676,10 +35779,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -35692,12 +35796,13 @@ software: unaffected_versions: [] vendor_links: - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F - notes: '' + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Forcepoint - product: Forcepoint Cloud Security Gateway (CSG) + product: Behavioral Analytics cves: cve-2021-4104: investigated: false @@ -35721,12 +35826,13 @@ software: unaffected_versions: [] vendor_links: - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F - notes: '' + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Forcepoint - product: Next Generation Firewall (NGFW) + product: Bitglass SSE cves: cve-2021-4104: investigated: false @@ -35734,10 +35840,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -35750,13 +35857,13 @@ software: unaffected_versions: [] vendor_links: - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F - notes: '' + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Forcepoint - product: Next Generation Firewall, NGFW VPN Client, Forcepoint User ID service - and Sidewinder + product: CASB cves: cve-2021-4104: investigated: false @@ -35780,12 +35887,13 @@ software: unaffected_versions: [] vendor_links: - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F - notes: '' + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Forcepoint - product: One Endpoint + product: Cloud Security Gateway (CSG) cves: cve-2021-4104: investigated: false @@ -35793,10 +35901,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -35809,12 +35918,13 @@ software: unaffected_versions: [] vendor_links: - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F - notes: '' + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Forcepoint - product: Security Manager (Web, Email and DLP) + product: Content Gateway cves: cve-2021-4104: investigated: false @@ -35822,10 +35932,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -35838,12 +35949,13 @@ software: unaffected_versions: [] vendor_links: - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F - notes: '' + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Forescout - product: '' + - vendor: Forcepoint + product: DDP/DUP/DPS cves: cve-2021-4104: investigated: false @@ -35866,13 +35978,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forescout.force.com/support/s/article/Important-security-information-related-to-Apache-Log4j-utility-CVE-2021-44228 - notes: '' + - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: ForgeRock - product: Autonomous Identity + - vendor: Forcepoint + product: Directory Synchronization cves: cve-2021-4104: investigated: false @@ -35880,10 +35993,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -35895,13 +36009,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://backstage.forgerock.com/knowledge/kb/book/b21824339#1_bzBa - notes: all other ForgeRock products Not vulnerable + - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fortinet - product: FortiAIOps + - vendor: Forcepoint + product: DLP Manager cves: cve-2021-4104: investigated: false @@ -35909,9 +36024,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -35924,13 +36040,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 - notes: '' + - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fortinet - product: FortiAnalyzer + - vendor: Forcepoint + product: Email Security cves: cve-2021-4104: investigated: false @@ -35938,10 +36055,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -35953,13 +36071,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 - notes: '' + - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fortinet - product: FortiAnalyzer Cloud + - vendor: Forcepoint + product: Insider Threat cves: cve-2021-4104: investigated: false @@ -35967,10 +36086,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -35982,13 +36102,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 - notes: '' + - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fortinet - product: FortiAP + - vendor: Forcepoint + product: Next Generation Firewall (NGFW) cves: cve-2021-4104: investigated: false @@ -35996,10 +36117,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -36011,13 +36133,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 - notes: '' + - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fortinet - product: FortiAuthenticator + - vendor: Forcepoint + product: NGFW Security Management Center cves: cve-2021-4104: investigated: false @@ -36025,9 +36148,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -36040,13 +36164,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 - notes: '' + - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fortinet - product: FortiCASB + - vendor: Forcepoint + product: NGFW Virtual SMC Appliances cves: cve-2021-4104: investigated: false @@ -36054,9 +36179,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -36069,13 +36195,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 - notes: '' + - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fortinet - product: FortiConvertor + - vendor: Forcepoint + product: NGFW VPN Client cves: cve-2021-4104: investigated: false @@ -36083,9 +36210,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -36098,13 +36226,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 - notes: '' + - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fortinet - product: FortiDeceptor + - vendor: Forcepoint + product: One Endpoint cves: cve-2021-4104: investigated: false @@ -36112,10 +36241,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -36127,13 +36257,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 - notes: '' + - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fortinet - product: FortiEDR Agent + - vendor: Forcepoint + product: Security Manager (Web, Email and DLP) cves: cve-2021-4104: investigated: false @@ -36141,9 +36272,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -36156,13 +36288,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 - notes: '' + - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fortinet - product: FortiEDR Cloud + - vendor: Forcepoint + product: Sidewinder cves: cve-2021-4104: investigated: false @@ -36170,9 +36303,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -36185,13 +36319,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 - notes: '' + - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fortinet - product: FortiGate Cloud + - vendor: Forcepoint + product: User ID service cves: cve-2021-4104: investigated: false @@ -36199,9 +36334,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -36214,13 +36350,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 - notes: '' + - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fortinet - product: FortiGSLB Cloud + - vendor: Forcepoint + product: Web Security cves: cve-2021-4104: investigated: false @@ -36243,13 +36380,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 - notes: '' + - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fortinet - product: FortiMail + - vendor: Forescout + product: All cves: cve-2021-4104: investigated: false @@ -36272,13 +36410,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 + - https://forescout.force.com/support/s/article/Important-security-information-related-to-Apache-Log4j-utility-CVE-2021-44228 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fortinet - product: FortiManager + - vendor: ForgeRock + product: Autonomous Identity cves: cve-2021-4104: investigated: false @@ -36286,10 +36424,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://backstage.forgerock.com/knowledge/kb/book/b21824339#1_bzBa + notes: All other ForgeRock products not affected. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: Autonomous Identity + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -36307,7 +36476,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet - product: FortiManager Cloud + product: FortiADC cves: cve-2021-4104: investigated: false @@ -36315,10 +36484,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -36336,7 +36506,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet - product: FortiNAC + product: FortiAI cves: cve-2021-4104: investigated: false @@ -36344,10 +36514,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -36365,7 +36536,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet - product: FortiNAC + product: FortiAIOps cves: cve-2021-4104: investigated: false @@ -36373,9 +36544,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 1.0.2 unaffected_versions: [] cve-2021-45046: investigated: false @@ -36394,7 +36566,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet - product: FortiOS (includes FortiGate & FortiWiFi) + product: FortiAnalyzer cves: cve-2021-4104: investigated: false @@ -36402,10 +36574,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -36423,7 +36596,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet - product: FortiPhish Cloud + product: FortiAnalyzer Big Cloud cves: cve-2021-4104: investigated: false @@ -36431,9 +36604,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 6.4.7 + - 7.0.2 unaffected_versions: [] cve-2021-45046: investigated: false @@ -36452,7 +36627,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet - product: FortiPolicy + product: FortiAnalyzer Cloud cves: cve-2021-4104: investigated: false @@ -36460,10 +36635,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -36481,7 +36657,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet - product: FortiPortal + product: FortiAP cves: cve-2021-4104: investigated: false @@ -36489,10 +36665,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -36510,7 +36687,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet - product: FortiRecorder + product: FortiAuthenticator cves: cve-2021-4104: investigated: false @@ -36518,10 +36695,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -36539,7 +36717,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet - product: FortiSIEM + product: FortiCache cves: cve-2021-4104: investigated: false @@ -36547,10 +36725,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -36568,7 +36747,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet - product: FortiSOAR + product: FortiCarrier cves: cve-2021-4104: investigated: false @@ -36576,10 +36755,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -36597,7 +36777,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet - product: FortiSwicth Cloud in FortiLANCloud + product: FortiCASB cves: cve-2021-4104: investigated: false @@ -36605,9 +36785,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -36626,7 +36807,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet - product: FortiSwitch & FortiSwitchManager + product: FortiClient cves: cve-2021-4104: investigated: false @@ -36634,10 +36815,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -36655,7 +36837,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet - product: FortiToken Cloud + product: FortiClient Cloud cves: cve-2021-4104: investigated: false @@ -36663,10 +36845,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -36684,7 +36867,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet - product: FortiVoice + product: FortiClient EMS cves: cve-2021-4104: investigated: false @@ -36692,10 +36875,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -36713,7 +36897,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet - product: FortiWeb Cloud + product: FortiConnect cves: cve-2021-4104: investigated: false @@ -36721,10 +36905,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -36742,7 +36927,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet - product: ShieldX + product: FortiConverter Portal cves: cve-2021-4104: investigated: false @@ -36750,8 +36935,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -36770,8 +36956,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: FTAPI - product: '' + - vendor: Fortinet + product: FortiCWP cves: cve-2021-4104: investigated: false @@ -36779,9 +36965,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -36794,16 +36981,16 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ftapi.com/blog/kritische-sicherheitslucke-in-log4j-ftapi-reagiert/# + - https://www.fortiguard.com/psirt/FG-IR-21-245 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fuji Electric - product: MONITOUCH TS1000 series + - vendor: Fortinet + product: FortiDDoS cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -36812,28 +36999,28 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + - https://www.fortiguard.com/psirt/FG-IR-21-245 notes: '' references: - '' - last_updated: '2022-02-02T00:00:00' - - vendor: Fuji Electric - product: MONITOUCH TS1000S series + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiDDoS-F cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -36842,28 +37029,28 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + - https://www.fortiguard.com/psirt/FG-IR-21-245 notes: '' references: - '' - last_updated: '2022-02-02T00:00:00' - - vendor: Fuji Electric - product: MONITOUCH TS2000 series + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiDeceptor cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -36872,28 +37059,28 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + - https://www.fortiguard.com/psirt/FG-IR-21-245 notes: '' references: - '' - last_updated: '2022-02-02T00:00:00' - - vendor: Fuji Electric - product: MONITOUCH V8 series + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiEDR Agent cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -36902,58 +37089,58 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + - https://www.fortiguard.com/psirt/FG-IR-21-245 notes: '' references: - '' - last_updated: '2022-02-02T00:00:00' - - vendor: Fuji Electric - product: MONITOUCH V9 series + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiEDR Cloud cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - '' fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + - https://www.fortiguard.com/psirt/FG-IR-21-245 notes: '' references: - '' - last_updated: '2022-02-02T00:00:00' - - vendor: Fuji Electric - product: MONITOUCH X1 series + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiExtender Cloud cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -36962,28 +37149,28 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + - https://www.fortiguard.com/psirt/FG-IR-21-245 notes: '' references: - '' - last_updated: '2022-02-02T00:00:00' - - vendor: Fuji Electric - product: TELLUS and V-Server + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiGate Cloud cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -36992,29 +37179,28 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - Version 3 - - Version 4 + - '' cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + - https://www.fortiguard.com/psirt/FG-IR-21-245 notes: '' references: - '' - last_updated: '2022-02-02T00:00:00' - - vendor: Fuji Electric - product: V-SFT + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiGSLB Cloud cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -37023,26 +37209,25 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - Version 5 - - Version 6 + - '' cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + - https://www.fortiguard.com/psirt/FG-IR-21-245 notes: '' references: - '' - last_updated: '2022-02-02T00:00:00' - - vendor: Fujitsu - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiInsight cves: cve-2021-4104: investigated: false @@ -37050,10 +37235,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37065,13 +37251,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + - https://www.fortiguard.com/psirt/FG-IR-21-245 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: FusionAuth - product: FusionAuth + - vendor: Fortinet + product: FortiIsolator cves: cve-2021-4104: investigated: false @@ -37081,9 +37267,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '1.32' + fixed_versions: + - 2.3.4 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -37095,13 +37281,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://fusionauth.io/blog/2021/12/10/log4j-fusionauth/ + - https://www.fortiguard.com/psirt/FG-IR-21-245 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: GE Digital - product: All + - vendor: Fortinet + product: FortiLAN Cloud cves: cve-2021-4104: investigated: false @@ -37109,10 +37295,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37124,14 +37311,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://digitalsupport.ge.com/communities/en_US/Alert/GE-Security-Advisories - notes: This advisory is available to customers only and has not been reviewed - by CISA. + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: GE Digital Grid - product: All + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiMail cves: cve-2021-4104: investigated: false @@ -37139,10 +37325,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37154,14 +37341,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://digitalenergy.service-now.com/csm?id=kb_category&kb_category=b8bc715b879c89103f22a93e0ebb3585 - notes: This advisory is available to customers only and has not been reviewed - by CISA. + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: GE Gas Power - product: Asset Performance Management (APM) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiManager cves: cve-2021-4104: investigated: false @@ -37171,9 +37357,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: + fixed_versions: [] + unaffected_versions: - '' - unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -37185,15 +37371,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf - notes: GE Digital has fixed the log4j issue on the APM. Validation and test completed - in development environment and the team is currently deploying the fixes in - the production environment. + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: GE Gas Power - product: Baseline Security Center (BSC) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiManager Cloud cves: cve-2021-4104: investigated: false @@ -37202,10 +37386,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '' + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37217,14 +37401,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf - notes: GE Gas Power is still validating the workaround provided by FoxGuard in - Technical Information Notice – M1221-S01. + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: GE Gas Power - product: Baseline Security Center (BSC) 2.0 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiMonitor cves: cve-2021-4104: investigated: false @@ -37248,16 +37431,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf - notes: GE Gas Power has tested and validated the component of the BSC 2.0 that - is impacted (McAfee SIEM 11.x). The update and instructions can be downloaded - from link in reference section. This update is available to customer only and - has not been reviewed by CISA. + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' references: - - '[Customer Portal Update](https://gepowerpac.servicenow.com/kb_view.do?sysparm_article=KB0029420)' - last_updated: '2021-12-22T00:00:00' - - vendor: GE Gas Power - product: Control Server + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiNAC cves: cve-2021-4104: investigated: false @@ -37281,14 +37461,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf - notes: Please see vCenter. Control Server is not directly impacted. It is impacted - through vCenter. + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: GE Gas Power - product: MyFleet + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiOS (includes FortiGate & FortiWiFi) cves: cve-2021-4104: investigated: false @@ -37298,9 +37477,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: + fixed_versions: [] + unaffected_versions: - '' - unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -37312,13 +37491,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf - notes: Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: GE Gas Power - product: OPM Performance Intelligence + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiPenTest cves: cve-2021-4104: investigated: false @@ -37328,9 +37507,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: + fixed_versions: [] + unaffected_versions: - '' - unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -37342,13 +37521,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf - notes: Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: GE Gas Power - product: OPM Performance Planning + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiPhish Cloud cves: cve-2021-4104: investigated: false @@ -37358,9 +37537,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: + fixed_versions: [] + unaffected_versions: - '' - unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -37372,13 +37551,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf - notes: Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: GE Gas Power - product: Tag Mapping Service + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiPolicy cves: cve-2021-4104: investigated: false @@ -37387,9 +37566,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: + affected_versions: - '' + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -37402,13 +37581,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf - notes: Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: GE Gas Power - product: vCenter + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiPortal cves: cve-2021-4104: investigated: false @@ -37417,9 +37596,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: + affected_versions: - '' + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -37432,15 +37611,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf - notes: GE Gas Power has tested and validated the update provided by Vmware. The - update and instructions can be downloaded from link in reference section. This - update is available to customer only and has not been reviewed by CISA. + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' references: - - '[Customer Portal Update](https://gepowerpac.servicenow.com/kb_view.do?sysparm_article=KB0029417)' - last_updated: '2021-12-22T00:00:00' - - vendor: GE Healthcare - product: '' + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiPresence cves: cve-2021-4104: investigated: false @@ -37448,10 +37625,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37463,14 +37641,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://securityupdate.gehealthcare.com - notes: This advisory is not available at the time of this review, due to maintence - on the GE Healthcare website. + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Gearset - product: All + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiProxy cves: cve-2021-4104: investigated: false @@ -37478,10 +37655,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37493,13 +37671,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.gearset.com/en/articles/5806813-gearset-log4j-statement-dec-2021 + - https://www.fortiguard.com/psirt/FG-IR-21-245 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Genesys - product: All + - vendor: Fortinet + product: FortiRecorder cves: cve-2021-4104: investigated: false @@ -37507,10 +37685,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37522,13 +37701,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.genesys.com/blog/post/genesys-update-on-the-apache-log4j-vulnerability + - https://www.fortiguard.com/psirt/FG-IR-21-245 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: GeoServer - product: All + - vendor: Fortinet + product: FortiSandbox cves: cve-2021-4104: investigated: false @@ -37536,10 +37715,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37551,13 +37731,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - http://geoserver.org/announcements/2021/12/13/logj4-rce-statement.html + - https://www.fortiguard.com/psirt/FG-IR-21-245 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: GeoSolutions - product: GeoNetwork + - vendor: Fortinet + product: FortiSASE cves: cve-2021-4104: investigated: false @@ -37567,8 +37747,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: All - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37580,13 +37761,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.geocat.net/knowledgebase/125/Log4j-RCE-CVE-2021-44228-vulnerability-patch.html + - https://www.fortiguard.com/psirt/FG-IR-21-245 notes: '' references: - '' - last_updated: '2021-12-16T07:18:50+00:00' - - vendor: GeoSolutions - product: GeoServer + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiSIEM cves: cve-2021-4104: investigated: false @@ -37595,10 +37776,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - '' fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -37610,13 +37791,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.geocat.net/knowledgebase/125/Log4j-RCE-CVE-2021-44228-vulnerability-patch.html + - https://www.fortiguard.com/psirt/FG-IR-21-245 notes: '' references: - '' - last_updated: '2021-12-16T07:18:50+00:00' - - vendor: Gerrit Code Review - product: All + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiSOAR cves: cve-2021-4104: investigated: false @@ -37624,8 +37805,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -37639,13 +37821,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.gerritcodereview.com/2021-12-13-log4j-statement.html + - https://www.fortiguard.com/psirt/FG-IR-21-245 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: GFI Software - product: All + - vendor: Fortinet + product: FortiSwitch & FortiSwitchManager cves: cve-2021-4104: investigated: false @@ -37653,10 +37835,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37668,13 +37851,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://techtalk.gfi.com/impact-of-log4j-vulnerability-on-gfi/ + - https://www.fortiguard.com/psirt/FG-IR-21-245 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: GFI Software - product: Kerio Connect + - vendor: Fortinet + product: FortiSwitch Cloud in FortiLANCloud cves: cve-2021-4104: investigated: false @@ -37684,9 +37867,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: + fixed_versions: [] + unaffected_versions: - '' - unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -37698,13 +37881,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://techtalk.gfi.com/impact-of-log4j-vulnerability-on-gfi/ + - https://www.fortiguard.com/psirt/FG-IR-21-245 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Ghidra - product: All + - vendor: Fortinet + product: FortiTester cves: cve-2021-4104: investigated: false @@ -37712,10 +37895,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37727,13 +37911,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://github.com/NationalSecurityAgency/ghidra/blob/2c73c72f0ba2720c6627be4005a721a5ebd64b46/README.md#warning + - https://www.fortiguard.com/psirt/FG-IR-21-245 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Ghisler - product: Total Commander + - vendor: Fortinet + product: FortiToken Cloud cves: cve-2021-4104: investigated: false @@ -37757,13 +37941,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ghisler.com/whatsnew.htm - notes: Third Party plugins might contain log4j. + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Gigamon - product: Fabric Manager + - vendor: Fortinet + product: FortiVoice cves: cve-2021-4104: investigated: false @@ -37773,9 +37957,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - <5.13.01.02 - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37787,14 +37971,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.gigamon.com/gigamoncp/s/my-gigamon - notes: Updates available via the Gigamon Support Portal. This advisory available - to customers only and has not been reviewed by CISA. + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: GitHub - product: GitHub + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiWeb Cloud cves: cve-2021-4104: investigated: false @@ -37804,9 +37987,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - GitHub.com and GitHub Enterprise Cloud - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37818,13 +38001,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://github.blog/2021-12-13-githubs-response-to-log4j-vulnerability-cve-2021-44228/ + - https://www.fortiguard.com/psirt/FG-IR-21-245 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: GitHub - product: GitHub Enterprise Server + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiWLC cves: cve-2021-4104: investigated: false @@ -37834,12 +38017,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - 3.0.22 - - 3.1.14 - - 3.2.6 - - 3.3.1 - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37851,13 +38031,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://github.blog/2021-12-13-githubs-response-to-log4j-vulnerability-cve-2021-44228/ + - https://www.fortiguard.com/psirt/FG-IR-21-245 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: GitLab - product: All + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiWLM cves: cve-2021-4104: investigated: false @@ -37881,13 +38061,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forum.gitlab.com/t/cve-2021-4428/62763/8 + - https://www.fortiguard.com/psirt/FG-IR-21-245 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: GitLab - product: DAST Analyzer + - vendor: Fortinet + product: ShieldX cves: cve-2021-4104: investigated: false @@ -37896,10 +38076,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: + affected_versions: - '' + fixed_versions: [] + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -37911,13 +38091,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forum.gitlab.com/t/cve-2021-4428/62763/8 + - https://www.fortiguard.com/psirt/FG-IR-21-245 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: GitLab - product: Dependency Scanning + - vendor: FTAPI + product: All cves: cve-2021-4104: investigated: false @@ -37925,10 +38105,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - '' + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -37941,252 +38120,255 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forum.gitlab.com/t/cve-2021-4428/62763/8 + - https://www.ftapi.com/blog/kritische-sicherheitslucke-in-log4j-ftapi-reagiert/# notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: GitLab - product: Gemnasium-Maven + - vendor: Fuji Electric + product: MONITOUCH TS1000 series cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - '' - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forum.gitlab.com/t/cve-2021-4428/62763/8 + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: GitLab - product: PMD OSS + last_updated: '2022-02-02T00:00:00' + - vendor: Fuji Electric + product: MONITOUCH TS1000S series cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - '' - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forum.gitlab.com/t/cve-2021-4428/62763/8 + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: GitLab - product: SAST + last_updated: '2022-02-02T00:00:00' + - vendor: Fuji Electric + product: MONITOUCH TS2000 series cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - '' - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forum.gitlab.com/t/cve-2021-4428/62763/8 + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: GitLab - product: Spotbugs + last_updated: '2022-02-02T00:00:00' + - vendor: Fuji Electric + product: MONITOUCH V8 series cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - '' - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forum.gitlab.com/t/cve-2021-4428/62763/8 + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Globus - product: All + last_updated: '2022-02-02T00:00:00' + - vendor: Fuji Electric + product: MONITOUCH V9 series cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://groups.google.com/a/globus.org/g/discuss/c/FJK0q0NoUC4 + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: GoAnywhere - product: Agents + last_updated: '2022-02-02T00:00:00' + - vendor: Fuji Electric + product: MONITOUCH X1 series cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - '' - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf notes: '' references: - '' - last_updated: '2021-12-18T00:00:00' - - vendor: GoAnywhere - product: Gateway + last_updated: '2022-02-02T00:00:00' + - vendor: Fuji Electric + product: TELLUS and V-Server cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - Version 2.7.0 or later - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - Version 3 + - Version 4 cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf notes: '' references: - '' - last_updated: '2021-12-18T00:00:00' - - vendor: GoAnywhere - product: MFT + last_updated: '2022-02-02T00:00:00' + - vendor: Fuji Electric + product: V-SFT cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - Version 5.3.0 or later - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - Version 5 + - Version 6 cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf notes: '' references: - '' - last_updated: '2021-12-18T00:00:00' - - vendor: GoAnywhere - product: MFT Agents + last_updated: '2022-02-02T00:00:00' + - vendor: Fujitsu + product: AIS Connect cves: cve-2021-4104: investigated: false @@ -38195,10 +38377,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 1.4.2 or later + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38210,13 +38392,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps - notes: Versions less than GoAnywhere Agent version 1.4.2 are not affected. + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' references: - '' - last_updated: '2021-12-18T00:00:00' - - vendor: GoAnywhere - product: Open PGP Studio + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: Bean Connect cves: cve-2021-4104: investigated: false @@ -38226,9 +38408,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: + fixed_versions: [] + unaffected_versions: - '' - unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -38240,13 +38422,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf notes: '' references: - '' - last_updated: '2021-12-18T00:00:00' - - vendor: GoAnywhere - product: Suveyor/400 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: BS2000 Hardware cves: cve-2021-4104: investigated: false @@ -38270,13 +38452,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf notes: '' references: - '' - last_updated: '2021-12-18T00:00:00' - - vendor: GoCD - product: All + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: BS2000 Software cves: cve-2021-4104: investigated: false @@ -38284,10 +38466,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38299,13 +38482,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.gocd.org/2021/12/14/log4j-vulnerability.html + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: Google - product: Chrome + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: BX400 cves: cve-2021-4104: investigated: false @@ -38319,7 +38502,7 @@ software: unaffected_versions: - '' cve-2021-45046: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -38329,14 +38512,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://security.googleblog.com/2021/12/apache-log4j-vulnerability.html - notes: Chrome Browser releases, infrastructure and admin console are not using - versions of Log4j affected by the vulnerability. + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' references: - '' - last_updated: '2022-01-14' - - vendor: Google Cloud - product: Access Transparency + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: BX900 MMB cves: cve-2021-4104: investigated: false @@ -38360,14 +38542,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Actifio + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: eLux RP on FUTRO cves: cve-2021-4104: investigated: false @@ -38391,16 +38572,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Actifio has identified limited exposure to the Log4j 2 vulnerability and - has released a hotfix to address this vulnerability. Visit [https://now.actifio.com](https://now.actifio.com) - for the full statement and to obtain the hotfix (available to Actifio customers - only). + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: AI Platform Data Labeling + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: ETERNUS AB/HB cves: cve-2021-4104: investigated: false @@ -38424,14 +38602,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: AI Platform Neural Architecture Search (NAS) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: ETERNUS CS800 cves: cve-2021-4104: investigated: false @@ -38455,14 +38632,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: AI Platform Training and Prediction + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: ETERNUS CS8000 cves: cve-2021-4104: investigated: false @@ -38486,14 +38662,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Anthos + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: ETERNUS DX/AF cves: cve-2021-4104: investigated: false @@ -38517,17 +38692,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate - logging solution that uses Log4j 2. We strongly encourage customers who manage - Anthos environments to identify components dependent on Log4j 2 and update them - to the latest version. + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Anthos Config Management + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: ETERNUS JX cves: cve-2021-4104: investigated: false @@ -38551,14 +38722,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Anthos Connect + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: ETERNUS LT140/260 cves: cve-2021-4104: investigated: false @@ -38582,14 +38752,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Anthos Hub + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: ETERNUS LT20/40/60 cves: cve-2021-4104: investigated: false @@ -38613,14 +38782,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Anthos Identity Service + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: ETERNUS SF cves: cve-2021-4104: investigated: false @@ -38644,14 +38812,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Anthos on VMWare + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: ETERNUS SF MA cves: cve-2021-4104: investigated: false @@ -38675,18 +38842,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. We strongly encourage customers to check - VMware recommendations documented in VMSA-2021-0028 and deploy fixes or workarounds - to their VMware products as they become available. We also recommend customers - review their respective applications and workloads affected by the same vulnerabilities - and apply appropriate patches. + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Anthos Premium Software + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: FlexFrame cves: cve-2021-4104: investigated: false @@ -38710,14 +38872,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Anthos Service Mesh + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: INTELLIEGDLE A/G cves: cve-2021-4104: investigated: false @@ -38741,14 +38902,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Apigee + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: iRMC on PRIMERGY cves: cve-2021-4104: investigated: false @@ -38772,19 +38932,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Apigee installed Log4j 2 in its Apigee Edge VMs, but the software was not - used and therefore the VMs were not impacted by the issues in CVE-2021-44228 - and CVE-2021-45046. Apigee updated Log4j 2 to v.2.16 as an additional precaution. - It is possible that customers may have introduced custom resources that are - using vulnerable versions of Log4j. We strongly encourage customers who manage - Apigee environments to identify components dependent on Log4j and update them - to the latest version. Visit the Apigee Incident Report for more information. + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Google Cloud - product: App Engine + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: ISM for PRIMERGY, PQ cves: cve-2021-4104: investigated: false @@ -38808,17 +38962,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate - logging solution that uses Log4j 2. We strongly encourage customers who manage - App Engine environments to identify components dependent on Log4j 2 and update - them to the latest version. + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: AppSheet + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: NECoP cves: cve-2021-4104: investigated: false @@ -38842,17 +38992,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: The AppSheet core platform runs on non-JVM (non-Java) based runtimes. At - this time, we have identified no impact to core AppSheet functionality. Additionally, - we have patched one Java-based auxiliary service in our platform. We will continue - to monitor for affected services and patch or remediate as required. If you - have any questions or require assistance, contact AppSheet Support. + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Artifact Registry + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: openFT cves: cve-2021-4104: investigated: false @@ -38876,14 +39022,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Assured Workloads + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: openSEAS cves: cve-2021-4104: investigated: false @@ -38907,14 +39052,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: AutoML + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: openUTM cves: cve-2021-4104: investigated: false @@ -38938,14 +39082,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: AutoML Natural Language + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: openUTM (WebAdm.) cves: cve-2021-4104: investigated: false @@ -38969,14 +39112,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: AutoML Tables + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: PRIMEFLEX for MS S2D cves: cve-2021-4104: investigated: false @@ -39000,14 +39142,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: AutoML Translation + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: PTC Axeda (AIS Con.) cves: cve-2021-4104: investigated: false @@ -39031,14 +39172,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: AutoML Video + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: SBAX2 cves: cve-2021-4104: investigated: false @@ -39062,14 +39202,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: AutoML Vision + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: SBAX3 cves: cve-2021-4104: investigated: false @@ -39093,14 +39232,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: BigQuery + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: SecDocs cves: cve-2021-4104: investigated: false @@ -39110,9 +39248,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: + fixed_versions: - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -39124,14 +39262,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: BigQuery Data Transfer Service + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: ServerView IM cves: cve-2021-4104: investigated: false @@ -39155,14 +39292,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: BigQuery Omni + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: ServerView OM cves: cve-2021-4104: investigated: false @@ -39172,9 +39308,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: + fixed_versions: - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -39186,15 +39322,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: BigQuery Omni, which runs on AWS and Azure infrastructure, does not use - Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. - We continue to work with AWS and Azure to assess the situation. + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' references: - '' - last_updated: '2021-12-19T00:00:00' - - vendor: Google Cloud - product: Binary Authorization + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: ServerView OM/UM cves: cve-2021-4104: investigated: false @@ -39218,14 +39352,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Certificate Manager + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: ServerView RAID cves: cve-2021-4104: investigated: false @@ -39249,14 +39382,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Chronicle + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: ServerView Rem. Con. cves: cve-2021-4104: investigated: false @@ -39264,11 +39396,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -39280,14 +39411,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Google Cloud - product: Cloud Asset Inventory + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: ServerView VIOM cves: cve-2021-4104: investigated: false @@ -39311,14 +39441,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Cloud Bigtable + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: SOA Pro. Mgmt. Service cves: cve-2021-4104: investigated: false @@ -39342,14 +39471,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' references: - '' - last_updated: '2021-12-19T00:00:00' - - vendor: Google Cloud - product: Cloud Build + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: SOA SysRollout Service cves: cve-2021-4104: investigated: false @@ -39373,17 +39501,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate - logging solution that uses Log4j 2. We strongly encourage customers who manage - Cloud Build environments to identify components dependent on Log4j 2 and update - them to the latest version. + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Cloud CDN + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: SVS Services for ISM cves: cve-2021-4104: investigated: false @@ -39407,14 +39531,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Google Cloud - product: Cloud Composer + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: SVS UME + LinuxLife cves: cve-2021-4104: investigated: false @@ -39438,19 +39561,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. Cloud Composer does not use Log4j 2 and - is not impacted by the issues in CVE-2021-44228 and CVE-2021-45046. It is possible - that customers may have imported or introduced other dependencies via DAGs, - installed PyPI modules, plugins, or other services that are using vulnerable - versions of Log4j 2. We strongly encourage customers, who manage Composer environments - to identify components dependent on Log4j 2 and update them to the latest version. + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Google Cloud - product: Cloud Console App + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: SVS VMware Op. Mgr. cves: cve-2021-4104: investigated: false @@ -39474,14 +39591,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Cloud Data Loss Prevention + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: SVS VMware vCenter cves: cve-2021-4104: investigated: false @@ -39505,14 +39621,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Cloud Debugger + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: Web Transactions cves: cve-2021-4104: investigated: false @@ -39536,14 +39651,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Cloud Deployment Manager + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: FusionAuth + product: All cves: cve-2021-4104: investigated: false @@ -39555,7 +39669,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - '1.32' cve-2021-45046: investigated: false affected_versions: [] @@ -39567,14 +39681,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://fusionauth.io/blog/2021/12/10/log4j-fusionauth/ + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Cloud DNS + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GE Digital + product: All cves: cve-2021-4104: investigated: false @@ -39582,11 +39695,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -39598,14 +39710,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://digitalsupport.ge.com/communities/en_US/Alert/GE-Security-Advisories + notes: This advisory is available to customers only and has not been reviewed + by CISA. references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Google Cloud - product: Cloud Endpoints + last_updated: '2021-12-22T00:00:00' + - vendor: GE Digital Grid + product: All cves: cve-2021-4104: investigated: false @@ -39613,11 +39725,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -39629,14 +39740,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://digitalenergy.service-now.com/csm?id=kb_category&kb_category=b8bc715b879c89103f22a93e0ebb3585 + notes: This advisory is available to customers only and has not been reviewed + by CISA. references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Cloud External Key Manager (EKM) + last_updated: '2021-12-22T00:00:00' + - vendor: GE Gas Power + product: Asset Performance Management (APM) cves: cve-2021-4104: investigated: false @@ -39646,9 +39757,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: + fixed_versions: - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -39660,14 +39771,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf + notes: GE Digital has fixed the log4j issue on the APM. Validation and test completed + in development environment and the team is currently deploying the fixes in + the production environment. references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Cloud Functions + last_updated: '2021-12-22T00:00:00' + - vendor: GE Gas Power + product: Baseline Security Center (BSC) cves: cve-2021-4104: investigated: false @@ -39676,10 +39788,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: + affected_versions: - '' + fixed_versions: [] + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -39691,17 +39803,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate - logging solution that uses Log4j 2. We strongly encourage customers who manage - Cloud Functions environments to identify components dependent on Log4j 2 and - update them to the latest version. + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf + notes: GE Gas Power is still validating the workaround provided by FoxGuard in + Technical Information Notice – M1221-S01. references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Cloud Hardware Security Module (HSM) + last_updated: '2021-12-22T00:00:00' + - vendor: GE Gas Power + product: Baseline Security Center (BSC) 2.0 cves: cve-2021-4104: investigated: false @@ -39711,9 +39820,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: + fixed_versions: - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -39725,14 +39834,16 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf + notes: GE Gas Power has tested and validated the component of the BSC 2.0 that + is impacted (McAfee SIEM 11.x). The update and instructions can be downloaded + from link in reference section. This update is available to customer only and + has not been reviewed by CISA. references: - - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Cloud Interconnect + - '[Customer Portal Update](https://gepowerpac.servicenow.com/kb_view.do?sysparm_article=KB0029420)' + last_updated: '2021-12-22T00:00:00' + - vendor: GE Gas Power + product: Control Server cves: cve-2021-4104: investigated: false @@ -39741,10 +39852,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: + affected_versions: - '' + fixed_versions: [] + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -39756,14 +39867,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf + notes: Please see vCenter. Control Server is not directly impacted. It is impacted + through vCenter. references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Cloud Intrusion Detection System (IDS) + last_updated: '2021-12-22T00:00:00' + - vendor: GE Gas Power + product: MyFleet cves: cve-2021-4104: investigated: false @@ -39773,9 +39884,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: + fixed_versions: - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -39787,14 +39898,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf + notes: Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Cloud Key Management Service + last_updated: '2021-12-22T00:00:00' + - vendor: GE Gas Power + product: OPM Performance Intelligence cves: cve-2021-4104: investigated: false @@ -39804,9 +39914,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: + fixed_versions: - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -39818,14 +39928,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf + notes: Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Cloud Load Balancing + last_updated: '2021-12-22T00:00:00' + - vendor: GE Gas Power + product: OPM Performance Planning cves: cve-2021-4104: investigated: false @@ -39835,9 +39944,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: + fixed_versions: - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -39849,14 +39958,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf + notes: Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Google Cloud - product: Cloud Logging + last_updated: '2021-12-22T00:00:00' + - vendor: GE Gas Power + product: Tag Mapping Service cves: cve-2021-4104: investigated: false @@ -39866,9 +39974,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: + fixed_versions: - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -39880,14 +39988,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf + notes: Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Cloud Natural Language API + last_updated: '2021-12-22T00:00:00' + - vendor: GE Gas Power + product: vCenter cves: cve-2021-4104: investigated: false @@ -39897,9 +40004,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: + fixed_versions: - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -39911,14 +40018,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf + notes: GE Gas Power has tested and validated the update provided by Vmware. The + update and instructions can be downloaded from link in reference section. This + update is available to customer only and has not been reviewed by CISA. references: - - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Cloud Network Address Translation (NAT) + - '[Customer Portal Update](https://gepowerpac.servicenow.com/kb_view.do?sysparm_article=KB0029417)' + last_updated: '2021-12-22T00:00:00' + - vendor: GE Healthcare + product: '' cves: cve-2021-4104: investigated: false @@ -39926,11 +40034,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -39942,14 +40049,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://securityupdate.gehealthcare.com + notes: This advisory is not available at the time of this review, due to maintence + on the GE Healthcare website. references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Google Cloud - product: Cloud Profiler + last_updated: '2021-12-22T00:00:00' + - vendor: Gearset + product: All cves: cve-2021-4104: investigated: false @@ -39957,11 +40064,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -39973,14 +40079,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://docs.gearset.com/en/articles/5806813-gearset-log4j-statement-dec-2021 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Cloud Router + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Genesys + product: All cves: cve-2021-4104: investigated: false @@ -39988,11 +40093,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -40004,14 +40108,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.genesys.com/blog/post/genesys-update-on-the-apache-log4j-vulnerability + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Google Cloud - product: Cloud Run + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GeoServer + product: All cves: cve-2021-4104: investigated: false @@ -40019,11 +40122,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -40035,17 +40137,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate - logging solution that uses Log4j 2. We strongly encourage customers who manage - Cloud Run environments to identify components dependent on Log4j 2 and update - them to the latest version. + - http://geoserver.org/announcements/2021/12/13/logj4-rce-statement.html + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Cloud Run for Anthos + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GeoSolutions + product: GeoNetwork cves: cve-2021-4104: investigated: false @@ -40055,9 +40153,8 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' + fixed_versions: All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -40069,17 +40166,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate - logging solution that uses Log4j 2. We strongly encourage customers who manage - Cloud Run for Anthos environments to identify components dependent on Log4j - 2 and update them to the latest version. + - https://my.geocat.net/knowledgebase/125/Log4j-RCE-CVE-2021-44228-vulnerability-patch.html + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Cloud Scheduler + last_updated: '2021-12-16T07:18:50+00:00' + - vendor: GeoSolutions + product: GeoServer cves: cve-2021-4104: investigated: false @@ -40091,7 +40184,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -40103,14 +40196,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://my.geocat.net/knowledgebase/125/Log4j-RCE-CVE-2021-44228-vulnerability-patch.html + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Cloud SDK + last_updated: '2021-12-16T07:18:50+00:00' + - vendor: Gerrit Code Review + product: All cves: cve-2021-4104: investigated: false @@ -40118,11 +40210,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -40134,14 +40225,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.gerritcodereview.com/2021-12-13-log4j-statement.html + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Cloud Shell + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GFI Software + product: All cves: cve-2021-4104: investigated: false @@ -40149,11 +40239,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -40165,17 +40254,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate - logging solution that uses Log4j 2. We strongly encourage customers who manage - Cloud Shell environments to identify components dependent on Log4j 2 and update - them to the latest version. + - https://techtalk.gfi.com/impact-of-log4j-vulnerability-on-gfi/ + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Cloud Source Repositories + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GFI Software + product: Kerio Connect cves: cve-2021-4104: investigated: false @@ -40185,9 +40270,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: + fixed_versions: - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -40199,14 +40284,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://techtalk.gfi.com/impact-of-log4j-vulnerability-on-gfi/ + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Cloud Spanner + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Ghidra + product: All cves: cve-2021-4104: investigated: false @@ -40214,11 +40298,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -40230,14 +40313,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://github.com/NationalSecurityAgency/ghidra/blob/2c73c72f0ba2720c6627be4005a721a5ebd64b46/README.md#warning + notes: '' references: - '' - last_updated: '2021-12-19T00:00:00' - - vendor: Google Cloud - product: Cloud SQL + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Ghisler + product: Total Commander cves: cve-2021-4104: investigated: false @@ -40261,14 +40343,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.ghisler.com/whatsnew.htm + notes: Third Party plugins might contain log4j. references: - '' - last_updated: '2021-12-19T00:00:00' - - vendor: Google Cloud - product: Cloud Storage + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Gigamon + product: Fabric Manager cves: cve-2021-4104: investigated: false @@ -40278,9 +40359,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' + fixed_versions: + - <5.13.01.02 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -40292,14 +40373,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://community.gigamon.com/gigamoncp/s/my-gigamon + notes: Updates available via the Gigamon Support Portal. This advisory available + to customers only and has not been reviewed by CISA. references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Google Cloud - product: Cloud Tasks + last_updated: '2021-12-21T00:00:00' + - vendor: GitHub + product: GitHub cves: cve-2021-4104: investigated: false @@ -40309,9 +40390,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' + fixed_versions: + - GitHub.com and GitHub Enterprise Cloud + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -40323,14 +40404,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://github.blog/2021-12-13-githubs-response-to-log4j-vulnerability-cve-2021-44228/ + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Cloud Trace + last_updated: '2021-12-17T00:00:00' + - vendor: GitHub + product: GitHub Enterprise Server cves: cve-2021-4104: investigated: false @@ -40340,9 +40420,12 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' + fixed_versions: + - 3.0.22 + - 3.1.14 + - 3.2.6 + - 3.3.1 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -40354,14 +40437,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://github.blog/2021-12-13-githubs-response-to-log4j-vulnerability-cve-2021-44228/ + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Cloud Traffic Director + last_updated: '2021-12-17T00:00:00' + - vendor: GitLab + product: All cves: cve-2021-4104: investigated: false @@ -40385,14 +40467,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://forum.gitlab.com/t/cve-2021-4428/62763/8 + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Google Cloud - product: Cloud Translation + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GitLab + product: DAST Analyzer cves: cve-2021-4104: investigated: false @@ -40416,14 +40497,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://forum.gitlab.com/t/cve-2021-4428/62763/8 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Cloud Vision + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GitLab + product: Dependency Scanning cves: cve-2021-4104: investigated: false @@ -40433,9 +40513,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: + fixed_versions: - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -40447,14 +40527,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://forum.gitlab.com/t/cve-2021-4428/62763/8 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Cloud Vision OCR On-Prem + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GitLab + product: Gemnasium-Maven cves: cve-2021-4104: investigated: false @@ -40464,9 +40543,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: + fixed_versions: - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -40478,14 +40557,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://forum.gitlab.com/t/cve-2021-4428/62763/8 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Cloud VPN + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GitLab + product: PMD OSS cves: cve-2021-4104: investigated: false @@ -40495,9 +40573,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: + fixed_versions: - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -40509,14 +40587,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://forum.gitlab.com/t/cve-2021-4428/62763/8 + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Google Cloud - product: CompilerWorks + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GitLab + product: SAST cves: cve-2021-4104: investigated: false @@ -40526,9 +40603,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: + fixed_versions: - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -40540,14 +40617,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://forum.gitlab.com/t/cve-2021-4428/62763/8 + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Google Cloud - product: Compute Engine + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GitLab + product: Spotbugs cves: cve-2021-4104: investigated: false @@ -40557,9 +40633,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: + fixed_versions: - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -40571,16 +40647,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Compute Engine does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. For those using Google Cloud VMware Engine, - we are working with VMware and tracking VMSA-2021-0028.1. We will deploy fixes - to Google Cloud VMware Engine as they become available. + - https://forum.gitlab.com/t/cve-2021-4428/62763/8 + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Google Cloud - product: Contact Center AI (CCAI) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Globus + product: All cves: cve-2021-4104: investigated: false @@ -40588,11 +40661,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -40604,14 +40676,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://groups.google.com/a/globus.org/g/discuss/c/FJK0q0NoUC4 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Contact Center AI Insights + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GoAnywhere + product: Agents cves: cve-2021-4104: investigated: false @@ -40621,9 +40692,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: + fixed_versions: - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -40635,14 +40706,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Container Registry + last_updated: '2021-12-18T00:00:00' + - vendor: GoAnywhere + product: Gateway cves: cve-2021-4104: investigated: false @@ -40652,9 +40722,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' + fixed_versions: + - Version 2.7.0 or later + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -40666,14 +40736,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Data Catalog + last_updated: '2021-12-18T00:00:00' + - vendor: GoAnywhere + product: MFT cves: cve-2021-4104: investigated: false @@ -40683,9 +40752,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' + fixed_versions: + - Version 5.3.0 or later + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -40697,16 +40766,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Data Catalog has been updated to mitigate the issues identified in CVE-2021-44228 - and CVE-2021-45046. We strongly encourage customers who introduced their own - connectors to identify dependencies on Log4j 2 and update them to the latest - version. + - https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Google Cloud - product: Data Fusion + last_updated: '2021-12-18T00:00:00' + - vendor: GoAnywhere + product: MFT Agents cves: cve-2021-4104: investigated: false @@ -40715,10 +40781,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 1.4.2 or later fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -40730,17 +40796,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Data Fusion does not use Log4j 2, but uses Dataproc as one of the options - to execute pipelines. Dataproc released new images on December 18, 2021 to address - the vulnerability in CVE-2021-44228 and CVE-2021-45046. Customers must follow - instructions in a notification sent on December 18, 2021 with the subject line - “Important information about Data Fusion.” + - https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps + notes: Versions less than GoAnywhere Agent version 1.4.2 are not affected. references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Google Cloud - product: Database Migration Service (DMS) + last_updated: '2021-12-18T00:00:00' + - vendor: GoAnywhere + product: Open PGP Studio cves: cve-2021-4104: investigated: false @@ -40750,9 +40812,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: + fixed_versions: - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -40764,14 +40826,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps + notes: '' references: - '' - last_updated: '2021-12-19T00:00:00' - - vendor: Google Cloud - product: Dataflow + last_updated: '2021-12-18T00:00:00' + - vendor: GoAnywhere + product: Suveyor/400 cves: cve-2021-4104: investigated: false @@ -40795,18 +40856,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: 'Dataflow does not use Log4j 2 and is not impacted by the issues in CVE-2021-44228 - and CVE-2021-45046. If you have changed dependencies or default behavior, it - is strongly recommended you verify there is no dependency on vulnerable versions - Log4j 2. Customers have been provided details and instructions in a notification - sent on December 17, 2021 with the subject line “Update #1 to Important information - about Dataflow.”' + - https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Google Cloud - product: Dataproc + last_updated: '2021-12-18T00:00:00' + - vendor: GoCD + product: All cves: cve-2021-4104: investigated: false @@ -40814,11 +40870,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -40830,16 +40885,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Dataproc released new images on December 18, 2021 to address the vulnerabilities - in CVE-2021-44228 and CVE-2021-45046. Customers must follow the instructions - in notifications sent on December 18, 2021 with the subject line “Important - information about Dataproc” with Dataproc documentation. + - https://www.gocd.org/2021/12/14/log4j-vulnerability.html + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Google Cloud - product: Dataproc Metastore + last_updated: '2022-01-12T07:18:52+00:00' + - vendor: Google + product: Chrome cves: cve-2021-4104: investigated: false @@ -40853,7 +40905,7 @@ software: unaffected_versions: - '' cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -40863,17 +40915,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Dataproc Metastore has been updated to mitigate the issues identified in - CVE-2021-44228 and CVE-2021-45046. Customers who need to take actions were sent - two notifications with instructions on December 17, 2021 with the subject line - “Important information regarding Log4j 2 vulnerability in your gRPC-enabled - Dataproc Metastore.” + - https://security.googleblog.com/2021/12/apache-log4j-vulnerability.html + notes: Chrome Browser releases, infrastructure and admin console are not using + versions of Log4j affected by the vulnerability. references: - '' - last_updated: '2021-12-20T00:00:00' + last_updated: '2022-01-14' - vendor: Google Cloud - product: Datastore + product: Access Transparency cves: cve-2021-4104: investigated: false @@ -40902,9 +40951,42 @@ software: in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-19T00:00:00' + last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Datastream + product: Actifio + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cloud.google.com/log4j2-security-advisory + notes: Actifio has identified limited exposure to the Log4j 2 vulnerability and + has released a hotfix to address this vulnerability. Visit [https://now.actifio.com](https://now.actifio.com) + for the full statement and to obtain the hotfix (available to Actifio customers + only). + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: AI Platform Data Labeling cves: cve-2021-4104: investigated: false @@ -40933,9 +41015,9 @@ software: in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-19T00:00:00' + last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Dialogflow Essentials (ES) + product: AI Platform Neural Architecture Search (NAS) cves: cve-2021-4104: investigated: false @@ -40966,7 +41048,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Document AI + product: AI Platform Training and Prediction cves: cve-2021-4104: investigated: false @@ -40997,7 +41079,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Event Threat Detection + product: Anthos cves: cve-2021-4104: investigated: false @@ -41023,12 +41105,15 @@ software: vendor_links: - https://cloud.google.com/log4j2-security-advisory notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate + logging solution that uses Log4j 2. We strongly encourage customers who manage + Anthos environments to identify components dependent on Log4j 2 and update them + to the latest version. references: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Eventarc + product: Anthos Config Management cves: cve-2021-4104: investigated: false @@ -41059,7 +41144,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Filestore + product: Anthos Connect cves: cve-2021-4104: investigated: false @@ -41084,15 +41169,13 @@ software: unaffected_versions: [] vendor_links: - https://cloud.google.com/log4j2-security-advisory - notes: Log4j 2 is contained within the Filestore service; there is a technical - control in place that mitigates the vulnerabilities in CVE-2021-44228 and CVE-2021-45046. - Log4j 2 will be updated to the latest version as part of the scheduled rollout - in January 2022. + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Firebase + product: Anthos Hub cves: cve-2021-4104: investigated: false @@ -41123,7 +41206,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Firestore + product: Anthos Identity Service cves: cve-2021-4104: investigated: false @@ -41152,9 +41235,9 @@ software: in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-19T00:00:00' + last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Game Servers + product: Anthos on VMWare cves: cve-2021-4104: investigated: false @@ -41180,12 +41263,16 @@ software: vendor_links: - https://cloud.google.com/log4j2-security-advisory notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + in CVE-2021-44228 and CVE-2021-45046. We strongly encourage customers to check + VMware recommendations documented in VMSA-2021-0028 and deploy fixes or workarounds + to their VMware products as they become available. We also recommend customers + review their respective applications and workloads affected by the same vulnerabilities + and apply appropriate patches. references: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Google Cloud Armor + product: Anthos Premium Software cves: cve-2021-4104: investigated: false @@ -41214,9 +41301,9 @@ software: in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-20T00:00:00' + last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Google Cloud Armor Managed Protection Plus + product: Anthos Service Mesh cves: cve-2021-4104: investigated: false @@ -41245,9 +41332,9 @@ software: in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-20T00:00:00' + last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Google Cloud VMware Engine + product: Apigee cves: cve-2021-4104: investigated: false @@ -41272,13 +41359,18 @@ software: unaffected_versions: [] vendor_links: - https://cloud.google.com/log4j2-security-advisory - notes: We are working with VMware and tracking VMSA-2021-0028.1. We will deploy - fixes as they become available. + notes: Apigee installed Log4j 2 in its Apigee Edge VMs, but the software was not + used and therefore the VMs were not impacted by the issues in CVE-2021-44228 + and CVE-2021-45046. Apigee updated Log4j 2 to v.2.16 as an additional precaution. + It is possible that customers may have introduced custom resources that are + using vulnerable versions of Log4j. We strongly encourage customers who manage + Apigee environments to identify components dependent on Log4j and update them + to the latest version. Visit the Apigee Incident Report for more information. references: - '' - last_updated: '2021-12-11T00:00:00' + last_updated: '2021-12-17T00:00:00' - vendor: Google Cloud - product: Google Kubernetes Engine + product: App Engine cves: cve-2021-4104: investigated: false @@ -41303,16 +41395,16 @@ software: unaffected_versions: [] vendor_links: - https://cloud.google.com/log4j2-security-advisory - notes: Google Kubernetes Engine does not use Log4j 2 and is not impacted by the - issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have - introduced a separate logging solution that uses Log4j 2. We strongly encourage - customers who manage Google Kubernetes Engine environments to identify components - dependent on Log4j 2 and update them to the latest version. + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate + logging solution that uses Log4j 2. We strongly encourage customers who manage + App Engine environments to identify components dependent on Log4j 2 and update + them to the latest version. references: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Healthcare Data Engine (HDE) + product: AppSheet cves: cve-2021-4104: investigated: false @@ -41337,13 +41429,16 @@ software: unaffected_versions: [] vendor_links: - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + notes: The AppSheet core platform runs on non-JVM (non-Java) based runtimes. At + this time, we have identified no impact to core AppSheet functionality. Additionally, + we have patched one Java-based auxiliary service in our platform. We will continue + to monitor for affected services and patch or remediate as required. If you + have any questions or require assistance, contact AppSheet Support. references: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Human-in-the-Loop AI + product: Artifact Registry cves: cve-2021-4104: investigated: false @@ -41374,7 +41469,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: IoT Core + product: Assured Workloads cves: cve-2021-4104: investigated: false @@ -41405,7 +41500,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Key Access Justifications (KAJ) + product: AutoML cves: cve-2021-4104: investigated: false @@ -41436,7 +41531,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Looker + product: AutoML Natural Language cves: cve-2021-4104: investigated: false @@ -41461,20 +41556,13 @@ software: unaffected_versions: [] vendor_links: - https://cloud.google.com/log4j2-security-advisory - notes: \Looker-hosted instances have been updated to a Looker version with Log4j v2.16. - Looker is currently working with third-party driver vendors to evaluate the - impact of the Log4j vulnerability. As Looker does not enable logging for these - drivers in Looker-hosted instances, no messages are logged. We conclude that - the vulnerability is mitigated. We continue to actively work with the vendors - to deploy a fix for these drivers. Looker customers who self-manage their Looker - instances have received instructions through their technical contacts on how - to take the necessary steps to address the vulnerability. Looker customers who - have questions or require assistance, please visit Looker Support. + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-18T00:00:00' + last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Media Translation API + product: AutoML Tables cves: cve-2021-4104: investigated: false @@ -41505,7 +41593,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Memorystore + product: AutoML Translation cves: cve-2021-4104: investigated: false @@ -41534,9 +41622,9 @@ software: in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-19T00:00:00' + last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Migrate for Anthos + product: AutoML Video cves: cve-2021-4104: investigated: false @@ -41567,7 +41655,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Migrate for Compute Engine (M4CE) + product: AutoML Vision cves: cve-2021-4104: investigated: false @@ -41592,16 +41680,13 @@ software: unaffected_versions: [] vendor_links: - https://cloud.google.com/log4j2-security-advisory - notes: M4CE has been updated to mitigate the issues identified in CVE-2021-44228 - and CVE-2021-45046. M4CE has been updated to version 4.11.9 to address the vulnerabilities. - A notification was sent to customers on December 17, 2021 with subject line - “Important information about CVE-2021-44228 and CVE-2021-45046” for M4CE V4.11 - or below. If you are on M4CE v5.0 or above, no action is needed. + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-19T00:00:00' + last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Network Connectivity Center + product: BigQuery cves: cve-2021-4104: investigated: false @@ -41630,9 +41715,9 @@ software: in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-20T00:00:00' + last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Network Intelligence Center + product: BigQuery Data Transfer Service cves: cve-2021-4104: investigated: false @@ -41661,9 +41746,9 @@ software: in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-20T00:00:00' + last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Network Service Tiers + product: BigQuery Omni cves: cve-2021-4104: investigated: false @@ -41688,13 +41773,14 @@ software: unaffected_versions: [] vendor_links: - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + notes: BigQuery Omni, which runs on AWS and Azure infrastructure, does not use + Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. + We continue to work with AWS and Azure to assess the situation. references: - '' - last_updated: '2021-12-20T00:00:00' + last_updated: '2021-12-19T00:00:00' - vendor: Google Cloud - product: Persistent Disk + product: Binary Authorization cves: cve-2021-4104: investigated: false @@ -41723,9 +41809,9 @@ software: in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-20T00:00:00' + last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Pub/Sub + product: Certificate Manager cves: cve-2021-4104: investigated: false @@ -41754,9 +41840,9 @@ software: in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-16T00:00:00' + last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Pub/Sub Lite + product: Chronicle cves: cve-2021-4104: investigated: false @@ -41782,15 +41868,12 @@ software: vendor_links: - https://cloud.google.com/log4j2-security-advisory notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate - logging solution that uses Log4j 2. We strongly encourage customers who manage - Pub/Sub Lite environments to identify components dependent on Log4j 2 and update - them to the latest version. + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-16T00:00:00' + last_updated: '2021-12-20T00:00:00' - vendor: Google Cloud - product: reCAPTCHA Enterprise + product: Cloud Asset Inventory cves: cve-2021-4104: investigated: false @@ -41821,7 +41904,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Recommendations AI + product: Cloud Bigtable cves: cve-2021-4104: investigated: false @@ -41850,9 +41933,9 @@ software: in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-21T00:00:00' + last_updated: '2021-12-19T00:00:00' - vendor: Google Cloud - product: Retail Search + product: Cloud Build cves: cve-2021-4104: investigated: false @@ -41878,12 +41961,15 @@ software: vendor_links: - https://cloud.google.com/log4j2-security-advisory notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate + logging solution that uses Log4j 2. We strongly encourage customers who manage + Cloud Build environments to identify components dependent on Log4j 2 and update + them to the latest version. references: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Risk Manager + product: Cloud CDN cves: cve-2021-4104: investigated: false @@ -41912,9 +41998,9 @@ software: in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-21T00:00:00' + last_updated: '2021-12-20T00:00:00' - vendor: Google Cloud - product: Secret Manager + product: Cloud Composer cves: cve-2021-4104: investigated: false @@ -41940,12 +42026,17 @@ software: vendor_links: - https://cloud.google.com/log4j2-security-advisory notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + in CVE-2021-44228 and CVE-2021-45046. Cloud Composer does not use Log4j 2 and + is not impacted by the issues in CVE-2021-44228 and CVE-2021-45046. It is possible + that customers may have imported or introduced other dependencies via DAGs, + installed PyPI modules, plugins, or other services that are using vulnerable + versions of Log4j 2. We strongly encourage customers, who manage Composer environments + to identify components dependent on Log4j 2 and update them to the latest version. references: - '' - last_updated: '2021-12-21T00:00:00' + last_updated: '2021-12-15T00:00:00' - vendor: Google Cloud - product: Security Command Center + product: Cloud Console App cves: cve-2021-4104: investigated: false @@ -41976,7 +42067,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Service Directory + product: Cloud Data Loss Prevention cves: cve-2021-4104: investigated: false @@ -42007,7 +42098,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Service Infrastructure + product: Cloud Debugger cves: cve-2021-4104: investigated: false @@ -42038,7 +42129,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Speaker ID + product: Cloud Deployment Manager cves: cve-2021-4104: investigated: false @@ -42069,7 +42160,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Speech-to-Text + product: Cloud DNS cves: cve-2021-4104: investigated: false @@ -42098,9 +42189,9 @@ software: in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-21T00:00:00' + last_updated: '2021-12-20T00:00:00' - vendor: Google Cloud - product: Speech-to-Text On-Prem + product: Cloud Endpoints cves: cve-2021-4104: investigated: false @@ -42131,7 +42222,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Storage Transfer Service + product: Cloud External Key Manager (EKM) cves: cve-2021-4104: investigated: false @@ -42160,9 +42251,9 @@ software: in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-20T00:00:00' + last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Talent Solution + product: Cloud Functions cves: cve-2021-4104: investigated: false @@ -42188,12 +42279,15 @@ software: vendor_links: - https://cloud.google.com/log4j2-security-advisory notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate + logging solution that uses Log4j 2. We strongly encourage customers who manage + Cloud Functions environments to identify components dependent on Log4j 2 and + update them to the latest version. references: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Text-to-Speech + product: Cloud Hardware Security Module (HSM) cves: cve-2021-4104: investigated: false @@ -42224,7 +42318,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Transcoder API + product: Cloud Interconnect cves: cve-2021-4104: investigated: false @@ -42255,7 +42349,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Transfer Appliance + product: Cloud Intrusion Detection System (IDS) cves: cve-2021-4104: investigated: false @@ -42286,7 +42380,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Video Intelligence API + product: Cloud Key Management Service cves: cve-2021-4104: investigated: false @@ -42317,7 +42411,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Virtual Private Cloud + product: Cloud Load Balancing cves: cve-2021-4104: investigated: false @@ -42348,7 +42442,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: Google Cloud - product: Web Security Scanner + product: Cloud Logging cves: cve-2021-4104: investigated: false @@ -42379,7 +42473,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Workflows + product: Cloud Natural Language API cves: cve-2021-4104: investigated: false @@ -42409,8 +42503,8 @@ software: references: - '' last_updated: '2021-12-21T00:00:00' - - vendor: Gradle - product: All + - vendor: Google Cloud + product: Cloud Network Address Translation (NAT) cves: cve-2021-4104: investigated: false @@ -42434,13 +42528,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.gradle.org/log4j-vulnerability - notes: Gradle Scala Compiler Plugin depends upon log4j-core but it is not used. + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Gradle - product: Gradle Enterprise + last_updated: '2021-12-20T00:00:00' + - vendor: Google Cloud + product: Cloud Profiler cves: cve-2021-4104: investigated: false @@ -42450,9 +42545,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - < 2021.3.6 - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -42464,13 +42559,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://security.gradle.com/advisory/2021-11 - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Gradle - product: Gradle Enterprise Build Cache Node + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Cloud Router cves: cve-2021-4104: investigated: false @@ -42480,9 +42576,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - < 10.1 - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -42494,13 +42590,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://security.gradle.com/advisory/2021-11 - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Gradle - product: Gradle Enterprise Test Distribution Agent + last_updated: '2021-12-20T00:00:00' + - vendor: Google Cloud + product: Cloud Run cves: cve-2021-4104: investigated: false @@ -42510,9 +42607,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - < 1.6.2 - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -42524,13 +42621,17 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://security.gradle.com/advisory/2021-11 - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate + logging solution that uses Log4j 2. We strongly encourage customers who manage + Cloud Run environments to identify components dependent on Log4j 2 and update + them to the latest version. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Grafana - product: All + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Cloud Run for Anthos cves: cve-2021-4104: investigated: false @@ -42554,13 +42655,17 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://grafana.com/blog/2021/12/14/grafana-labs-core-products-not-impacted-by-log4j-cve-2021-44228-and-related-vulnerabilities/ - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate + logging solution that uses Log4j 2. We strongly encourage customers who manage + Cloud Run for Anthos environments to identify components dependent on Log4j + 2 and update them to the latest version. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Grandstream - product: All + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Cloud Scheduler cves: cve-2021-4104: investigated: false @@ -42568,10 +42673,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -42583,13 +42689,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.grandstream.com/press-releases/grandstream-products-unaffected-by-log4j-vulnerability?hsLang=en - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Gravitee - product: Access Management + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Cloud SDK cves: cve-2021-4104: investigated: false @@ -42601,7 +42708,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 3.10.x + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -42613,13 +42720,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Gravitee - product: Access Management + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Cloud Shell cves: cve-2021-4104: investigated: false @@ -42631,7 +42739,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 3.5.x + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -42643,13 +42751,17 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate + logging solution that uses Log4j 2. We strongly encourage customers who manage + Cloud Shell environments to identify components dependent on Log4j 2 and update + them to the latest version. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Gravitee - product: Alert Engine + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Cloud Source Repositories cves: cve-2021-4104: investigated: false @@ -42661,7 +42773,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 1.5.x + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -42673,13 +42785,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Gravitee - product: Alert Engine + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Cloud Spanner cves: cve-2021-4104: investigated: false @@ -42691,7 +42804,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 1.4.x + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -42703,13 +42816,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Gravitee - product: API Management + last_updated: '2021-12-19T00:00:00' + - vendor: Google Cloud + product: Cloud SQL cves: cve-2021-4104: investigated: false @@ -42721,7 +42835,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 3.10.x + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -42733,13 +42847,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Gravitee - product: API Management + last_updated: '2021-12-19T00:00:00' + - vendor: Google Cloud + product: Cloud Storage cves: cve-2021-4104: investigated: false @@ -42751,7 +42866,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 3.5.x + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -42763,13 +42878,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Gravitee - product: Cockpit + last_updated: '2021-12-20T00:00:00' + - vendor: Google Cloud + product: Cloud Tasks cves: cve-2021-4104: investigated: false @@ -42781,7 +42897,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 1.4.x + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -42793,13 +42909,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Gravwell - product: All + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Cloud Trace cves: cve-2021-4104: investigated: false @@ -42823,13 +42940,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.gravwell.io/blog/cve-2021-44228-log4j-does-not-impact-gravwell-products - notes: Gravwell products do not use Java. + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Graylog - product: All + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Cloud Traffic Director cves: cve-2021-4104: investigated: false @@ -42839,12 +42957,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - 3.3.15 - - 4.0.14 - - 4.1.9 - - 4.2.3 - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -42856,15 +42971,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.graylog.org/post/graylog-update-for-log4j - notes: The vulnerable Log4j library is used to record GrayLogs own log information. - Vulnerability is not triggered when GrayLog stores exploitation vector from - an outer system. + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Graylog - product: Graylog Server + last_updated: '2021-12-20T00:00:00' + - vendor: Google Cloud + product: Cloud Translation cves: cve-2021-4104: investigated: false @@ -42874,9 +42988,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - All versions >= 1.2.0 and <= 4.2.2 - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -42888,13 +43002,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.graylog.org/post/graylog-update-for-log4j - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: GreenShot - product: All + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Cloud Vision cves: cve-2021-4104: investigated: false @@ -42918,13 +43033,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://greenshot.atlassian.net/browse/BUG-2871 - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: GSA - product: Cloud.gov + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Cloud Vision OCR On-Prem cves: cve-2021-4104: investigated: false @@ -42932,10 +43048,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -42947,13 +43064,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.gov/2021/12/14/log4j-buildpack-updates/ - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' last_updated: '2021-12-21T00:00:00' - - vendor: GuardedBox - product: All + - vendor: Google Cloud + product: Cloud VPN cves: cve-2021-4104: investigated: false @@ -42963,9 +43081,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - 3.1.2 - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -42977,13 +43095,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://twitter.com/GuardedBox/status/1469739834117799939 - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Guidewire - product: All + last_updated: '2021-12-20T00:00:00' + - vendor: Google Cloud + product: CompilerWorks cves: cve-2021-4104: investigated: false @@ -42991,10 +43110,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -43006,13 +43126,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.guidewire.com/s/article/Update-to-customers-who-have-questions-about-the-use-of-log4j-in-Guidewire-products - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: HAProxy - product: '' + last_updated: '2021-12-20T00:00:00' + - vendor: Google Cloud + product: Compute Engine cves: cve-2021-4104: investigated: false @@ -43020,10 +43141,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -43035,13 +43157,16 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.haproxy.com/blog/december-2021-log4shell-mitigation/ - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Compute Engine does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. For those using Google Cloud VMware Engine, + we are working with VMware and tracking VMSA-2021-0028.1. We will deploy fixes + to Google Cloud VMware Engine as they become available. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: HarmanPro AMX - product: '' + last_updated: '2021-12-20T00:00:00' + - vendor: Google Cloud + product: Contact Center AI (CCAI) cves: cve-2021-4104: investigated: false @@ -43049,10 +43174,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -43064,13 +43190,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.harmanpro.com/apache-log4j-vulnerability - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: HashiCorp - product: Boundary + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Contact Center AI Insights cves: cve-2021-4104: investigated: false @@ -43078,10 +43205,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -43093,13 +43221,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228 - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: HashiCorp - product: Consul + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Container Registry cves: cve-2021-4104: investigated: false @@ -43107,10 +43236,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -43122,13 +43252,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228 - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: HashiCorp - product: Consul Enterprise + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Data Catalog cves: cve-2021-4104: investigated: false @@ -43136,10 +43267,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -43151,13 +43283,16 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228 - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Data Catalog has been updated to mitigate the issues identified in CVE-2021-44228 + and CVE-2021-45046. We strongly encourage customers who introduced their own + connectors to identify dependencies on Log4j 2 and update them to the latest + version. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: HashiCorp - product: Nomad + last_updated: '2021-12-20T00:00:00' + - vendor: Google Cloud + product: Data Fusion cves: cve-2021-4104: investigated: false @@ -43165,10 +43300,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -43180,13 +43316,17 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228 - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Data Fusion does not use Log4j 2, but uses Dataproc as one of the options + to execute pipelines. Dataproc released new images on December 18, 2021 to address + the vulnerability in CVE-2021-44228 and CVE-2021-45046. Customers must follow + instructions in a notification sent on December 18, 2021 with the subject line + “Important information about Data Fusion.” references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: HashiCorp - product: Nomad Enterprise + last_updated: '2021-12-20T00:00:00' + - vendor: Google Cloud + product: Database Migration Service (DMS) cves: cve-2021-4104: investigated: false @@ -43194,10 +43334,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -43209,13 +43350,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228 - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: HashiCorp - product: Packer + last_updated: '2021-12-19T00:00:00' + - vendor: Google Cloud + product: Dataflow cves: cve-2021-4104: investigated: false @@ -43223,10 +43365,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -43238,13 +43381,18 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228 - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: 'Dataflow does not use Log4j 2 and is not impacted by the issues in CVE-2021-44228 + and CVE-2021-45046. If you have changed dependencies or default behavior, it + is strongly recommended you verify there is no dependency on vulnerable versions + Log4j 2. Customers have been provided details and instructions in a notification + sent on December 17, 2021 with the subject line “Update #1 to Important information + about Dataflow.”' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: HashiCorp - product: Terraform + last_updated: '2021-12-17T00:00:00' + - vendor: Google Cloud + product: Dataproc cves: cve-2021-4104: investigated: false @@ -43252,10 +43400,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -43267,13 +43416,16 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228 - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Dataproc released new images on December 18, 2021 to address the vulnerabilities + in CVE-2021-44228 and CVE-2021-45046. Customers must follow the instructions + in notifications sent on December 18, 2021 with the subject line “Important + information about Dataproc” with Dataproc documentation. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: HashiCorp - product: Terraform Enterprise + last_updated: '2021-12-20T00:00:00' + - vendor: Google Cloud + product: Dataproc Metastore cves: cve-2021-4104: investigated: false @@ -43281,10 +43433,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -43296,13 +43449,17 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228 - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Dataproc Metastore has been updated to mitigate the issues identified in + CVE-2021-44228 and CVE-2021-45046. Customers who need to take actions were sent + two notifications with instructions on December 17, 2021 with the subject line + “Important information regarding Log4j 2 vulnerability in your gRPC-enabled + Dataproc Metastore.” references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: HashiCorp - product: Vagrant + last_updated: '2021-12-20T00:00:00' + - vendor: Google Cloud + product: Datastore cves: cve-2021-4104: investigated: false @@ -43310,10 +43467,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -43325,13 +43483,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228 - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: HashiCorp - product: Vault + last_updated: '2021-12-19T00:00:00' + - vendor: Google Cloud + product: Datastream cves: cve-2021-4104: investigated: false @@ -43339,10 +43498,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -43354,13 +43514,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228 - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: HashiCorp - product: Vault Enterprise + last_updated: '2021-12-19T00:00:00' + - vendor: Google Cloud + product: Dialogflow Essentials (ES) cves: cve-2021-4104: investigated: false @@ -43368,10 +43529,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -43383,13 +43545,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228 - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: HashiCorp - product: Waypoint + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Document AI cves: cve-2021-4104: investigated: false @@ -43397,10 +43560,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -43412,13 +43576,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228 - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: HCL Software - product: BigFix Compliance + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Event Threat Detection cves: cve-2021-4104: investigated: false @@ -43430,7 +43595,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -43442,13 +43607,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0095486 - notes: Not Affected for related CVE-2021-45046 + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: HCL Software - product: BigFix Insights + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Eventarc cves: cve-2021-4104: investigated: false @@ -43460,7 +43626,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -43472,13 +43638,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0095486 - notes: Not Affected for related CVE-2021-45046 + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: HCL Software - product: BigFix Insights for Vulnerability Remediation + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Filestore cves: cve-2021-4104: investigated: false @@ -43490,7 +43657,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -43502,13 +43669,16 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0095486 - notes: Not Affected for related CVE-2021-45046 + - https://cloud.google.com/log4j2-security-advisory + notes: Log4j 2 is contained within the Filestore service; there is a technical + control in place that mitigates the vulnerabilities in CVE-2021-44228 and CVE-2021-45046. + Log4j 2 will be updated to the latest version as part of the scheduled rollout + in January 2022. references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: HCL Software - product: BigFix Inventory + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Firebase cves: cve-2021-4104: investigated: false @@ -43518,9 +43688,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - < 10.0.7 - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -43532,13 +43702,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0095486 - notes: Not Affected for related CVE-2021-45046 + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: HCL Software - product: BigFix Lifecycle + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Firestore cves: cve-2021-4104: investigated: false @@ -43550,7 +43721,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -43562,13 +43733,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0095486 - notes: Not Affected for related CVE-2021-45046 + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: HCL Software - product: BigFix Mobile + last_updated: '2021-12-19T00:00:00' + - vendor: Google Cloud + product: Game Servers cves: cve-2021-4104: investigated: false @@ -43580,7 +43752,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -43592,13 +43764,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0095486 - notes: Not Affected for related CVE-2021-45046 + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: HCL Software - product: BigFix Patch + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Google Cloud Armor cves: cve-2021-4104: investigated: false @@ -43610,7 +43783,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -43622,13 +43795,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0095486 - notes: Not Affected for related CVE-2021-45046 + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: HelpSystems Clearswift - product: '' + last_updated: '2021-12-20T00:00:00' + - vendor: Google Cloud + product: Google Cloud Armor Managed Protection Plus cves: cve-2021-4104: investigated: false @@ -43636,10 +43810,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -43651,13 +43826,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.helpsystems.com/kb-nav/kb-article/?id=37becc1c-255c-ec11-8f8f-6045bd006687 - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: HENIX - product: Squash TM + last_updated: '2021-12-20T00:00:00' + - vendor: Google Cloud + product: Google Cloud VMware Engine cves: cve-2021-4104: investigated: false @@ -43667,11 +43843,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - 1.21.7-1.22.9 - - 2.0.3-2.1.5 - - 2.2.0-3.0.2 - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -43683,13 +43857,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tm-en.doc.squashtest.com/v3/downloads.html#download-previous-versions - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: We are working with VMware and tracking VMSA-2021-0028.1. We will deploy + fixes as they become available. references: - '' - last_updated: '2021-12-23T00:00:00' - - vendor: Hexagon - product: '' + last_updated: '2021-12-11T00:00:00' + - vendor: Google Cloud + product: Google Kubernetes Engine cves: cve-2021-4104: investigated: false @@ -43697,10 +43872,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -43712,13 +43888,17 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportsi.hexagon.com/help/s/article/Security-Vulnerability-CVE-2021-44228-log4j-2?language=en_US - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Google Kubernetes Engine does not use Log4j 2 and is not impacted by the + issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have + introduced a separate logging solution that uses Log4j 2. We strongly encourage + customers who manage Google Kubernetes Engine environments to identify components + dependent on Log4j 2 and update them to the latest version. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Hikvision - product: '' + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Healthcare Data Engine (HDE) cves: cve-2021-4104: investigated: false @@ -43726,10 +43906,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -43741,13 +43922,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://video.xortec.de/media/pdf/87/e8/03/kw50_Update-for-Apache-Log4j2-Issue-Hikvision_official.pdf - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Hitachi Energy - product: 3rd party - Elastic Search, Kibana + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Human-in-the-Loop AI cves: cve-2021-4104: investigated: false @@ -43757,9 +43939,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - Elasticsearch 5.0.0+ - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -43771,14 +43953,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch - notes: Set the JVM option -Dlog4j2.formatMsgNoLookups=true and restart each node - of the cluster. + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Hitachi Energy - product: 3rd party - Oracle Database Components + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: IoT Core cves: cve-2021-4104: investigated: false @@ -43788,11 +43970,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - '12.1' - - '12.2' - - 19c - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -43804,15 +43984,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch - notes: As this is a third-party component, a separate patch management report - will be provided to customers with the steps to apply the Oracle provided patches - for these components. + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Hitachi Energy - product: Axis + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Key Access Justifications (KAJ) cves: cve-2021-4104: investigated: false @@ -43822,9 +44001,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - '3.6' - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -43836,14 +44015,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch - notes: No action is required by customers. Axis is a fully SaaS hosted solution - and the environment has been patched per the recommendations + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Hitachi Energy - product: Counterparty Settlement and Billing (CSB) + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Looker cves: cve-2021-4104: investigated: false @@ -43853,9 +44032,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - v6 - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -43867,13 +44046,21 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: \Looker-hosted instances have been updated to a Looker version with Log4j v2.16. + Looker is currently working with third-party driver vendors to evaluate the + impact of the Log4j vulnerability. As Looker does not enable logging for these + drivers in Looker-hosted instances, no messages are logged. We conclude that + the vulnerability is mitigated. We continue to actively work with the vendors + to deploy a fix for these drivers. Looker customers who self-manage their Looker + instances have received instructions through their technical contacts on how + to take the necessary steps to address the vulnerability. Looker customers who + have questions or require assistance, please visit Looker Support. references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Hitachi Energy - product: e-Mesh Monitor + last_updated: '2021-12-18T00:00:00' + - vendor: Google Cloud + product: Media Translation API cves: cve-2021-4104: investigated: false @@ -43881,10 +44068,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -43896,16 +44084,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch - notes: No end-user action needed. The affected e-Mesh Monitor part is at the cloud - offering side of which the remediation is handled by Hitachi Energy team. Remediation - is currently ongoing, and during this time period, e-Mesh Monitor edge device - is not able to upload data to cloud. + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Hitachi Energy - product: eSOMS + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Memorystore cves: cve-2021-4104: investigated: false @@ -43913,10 +44099,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -43928,13 +44115,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hitachienergy.com/offering/solutions/cybersecurity/alerts-and-notifications - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Hitachi Energy - product: FOXMAN-UN + last_updated: '2021-12-19T00:00:00' + - vendor: Google Cloud + product: Migrate for Anthos cves: cve-2021-4104: investigated: false @@ -43944,12 +44132,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - R15A - - R14B - - R14A - - R11B SP1 - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -43961,16 +44146,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch - notes: A patch is available for releases R15A, R14B, R14A and R11B SP1. . For - details on how to apply such patch, please refer to the technical bulletin “FOXMAN-UN - - Installation of Log4j Patch”, version A (1KHW029176) available in the Hitachi - Energy Customer Connect Portal. + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Hitachi Energy - product: FOXMAN-UN + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Migrate for Compute Engine (M4CE) cves: cve-2021-4104: investigated: false @@ -43980,9 +44163,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - R11A and R10 series - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -43994,14 +44177,17 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch - notes: Apply General Mitigations and upgrade to latest version. For upgrades, - please get in touch with your Hitachi Energy contacts. + - https://cloud.google.com/log4j2-security-advisory + notes: M4CE has been updated to mitigate the issues identified in CVE-2021-44228 + and CVE-2021-45046. M4CE has been updated to version 4.11.9 to address the vulnerabilities. + A notification was sent to customers on December 17, 2021 with subject line + “Important information about CVE-2021-44228 and CVE-2021-45046” for M4CE V4.11 + or below. If you are on M4CE v5.0 or above, no action is needed. references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Hitachi Energy - product: Lumada APM On-premises + last_updated: '2021-12-19T00:00:00' + - vendor: Google Cloud + product: Network Connectivity Center cves: cve-2021-4104: investigated: false @@ -44009,10 +44195,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -44024,13 +44211,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch - notes: See vendor advisory for instructions for various versions. + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Hitachi Energy - product: Lumada APM SaaS offering + last_updated: '2021-12-20T00:00:00' + - vendor: Google Cloud + product: Network Intelligence Center cves: cve-2021-4104: investigated: false @@ -44038,10 +44226,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -44053,14 +44242,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch - notes: No action is required by customers. The SaaS offering has been patched - per the recommendations. + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Hitachi Energy - product: Lumada EAM / FSM + last_updated: '2021-12-20T00:00:00' + - vendor: Google Cloud + product: Network Service Tiers cves: cve-2021-4104: investigated: false @@ -44070,11 +44259,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - v1.7.x - - v1.8.x - - v1.9.x - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -44086,13 +44273,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch - notes: See Section Mitigation Strategy in vendor advisory. + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Hitachi Energy - product: MMS Internal facing subcomponent. + last_updated: '2021-12-20T00:00:00' + - vendor: Google Cloud + product: Persistent Disk cves: cve-2021-4104: investigated: false @@ -44100,10 +44288,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -44115,13 +44304,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Hitachi Energy - product: Network Manager ADMS Network Model Server + last_updated: '2021-12-20T00:00:00' + - vendor: Google Cloud + product: Pub/Sub cves: cve-2021-4104: investigated: false @@ -44131,9 +44321,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - 9.1.0.32-9.1.0.44 - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -44145,13 +44335,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch - notes: See vendor advisory for instructions on mitigation steps. + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Hitachi Energy - product: Network Manager Outage Management Interface (CMI) + last_updated: '2021-12-16T00:00:00' + - vendor: Google Cloud + product: Pub/Sub Lite cves: cve-2021-4104: investigated: false @@ -44161,11 +44352,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - 9.0-9.10.44 - - 9.1.1 - - 10.3.4 - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -44177,13 +44366,17 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch - notes: See vendor advisory for instructions on mitigation steps. + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate + logging solution that uses Log4j 2. We strongly encourage customers who manage + Pub/Sub Lite environments to identify components dependent on Log4j 2 and update + them to the latest version. references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Hitachi Energy - product: nMarket Global I-SEM + last_updated: '2021-12-16T00:00:00' + - vendor: Google Cloud + product: reCAPTCHA Enterprise cves: cve-2021-4104: investigated: false @@ -44193,10 +44386,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - 3.7.15 - - 3.7.16 - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -44208,13 +44400,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Hitachi Energy - product: RelCare + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Recommendations AI cves: cve-2021-4104: investigated: false @@ -44224,9 +44417,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - 2.0.0 - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -44238,14 +44431,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch - notes: No action is required by customers. The RelCare SaaS hosted solution and - the on-premises have been patched per the recommendations. + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Hitachi Energy - product: UNEM + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Retail Search cves: cve-2021-4104: investigated: false @@ -44255,12 +44448,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - R15A - - R14B - - R14A - - R11B SP1 - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -44272,16 +44462,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch - notes: A patch is available for releases R15A, R14B, R14A and R11B SP1. For details - on how to apply such patch, please refer to the technical bulletin “UNEM - Installation - of Log4j Patch”, version A (1KHW029176) available in the Hitachi Energy Customer - Connect Portal. + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Hitachi Energy - product: UNEM + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Risk Manager cves: cve-2021-4104: investigated: false @@ -44291,9 +44479,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - R11A and R10 series - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -44305,14 +44493,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch - notes: Apply General Mitigations and upgrade to latest version. For upgrades, - please get in touch with your Hitachi Energy contacts. + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Hitachi Vantara - product: '' + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Secret Manager cves: cve-2021-4104: investigated: false @@ -44320,10 +44508,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -44335,13 +44524,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://knowledge.hitachivantara.com/Support_Information/Hitachi_Vantara_Security_Advisories/CVE-2021-44228_-_Apache_Log4j2 - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: HMS Industrial Networks AB - product: Cosy, Flexy and Ewon CD + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Security Command Center cves: cve-2021-4104: investigated: false @@ -44349,10 +44539,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -44364,13 +44555,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hms-networks.com/docs/librariesprovider6/cybersecurity/hms-security-advisory-2021-12-13-001---ewon-information-log4shell.pdf?sfvrsn=55d7f4d7_11 - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: HMS Industrial Networks AB - product: eCatcher Mobile applications + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Service Directory cves: cve-2021-4104: investigated: false @@ -44378,10 +44570,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -44393,13 +44586,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hms-networks.com/docs/librariesprovider6/cybersecurity/hms-security-advisory-2021-12-13-001---ewon-information-log4shell.pdf?sfvrsn=55d7f4d7_11 - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: HMS Industrial Networks AB - product: eCatcher Windows software + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Service Infrastructure cves: cve-2021-4104: investigated: false @@ -44407,10 +44601,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -44422,13 +44617,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hms-networks.com/docs/librariesprovider6/cybersecurity/hms-security-advisory-2021-12-13-001---ewon-information-log4shell.pdf?sfvrsn=55d7f4d7_11 - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: HMS Industrial Networks AB - product: Netbiter Hardware including EC, WS, and LC + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Speaker ID cves: cve-2021-4104: investigated: false @@ -44436,10 +44632,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -44451,13 +44648,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hms-networks.com/docs/librariesprovider6/cybersecurity/hms-security-advisory-2021-12-13-001---ewon-information-log4shell.pdf?sfvrsn=55d7f4d7_11 - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: HMS Industrial Networks AB - product: Talk2M including M2Web + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Speech-to-Text cves: cve-2021-4104: investigated: false @@ -44465,10 +44663,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -44480,13 +44679,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hms-networks.com/docs/librariesprovider6/cybersecurity/hms-security-advisory-2021-12-13-001---ewon-information-log4shell.pdf?sfvrsn=55d7f4d7_11 - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: HOLOGIC - product: Advanced Workflow Manager (AWM) + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Speech-to-Text On-Prem cves: cve-2021-4104: investigated: false @@ -44494,10 +44694,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -44509,15 +44710,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity - notes: While the Hologic software itself does not utilize Java/Log4J, the installed - APC PowerChute UPS with Business Edition v9.5 software installed may. APC is - still assessing its PowerChute software to determine if it is vulnerable. + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: Affirm Prone Biopsy System + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Storage Transfer Service cves: cve-2021-4104: investigated: false @@ -44525,10 +44725,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -44540,13 +44741,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: Brevera Breast Biopsy System + - vendor: Google Cloud + product: Talent Solution cves: cve-2021-4104: investigated: false @@ -44554,10 +44756,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -44569,13 +44772,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: Cenova Image Analytics Server + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Text-to-Speech cves: cve-2021-4104: investigated: false @@ -44583,10 +44787,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -44598,13 +44803,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: Dimensions / 3Dimensions Mammography System + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Transcoder API cves: cve-2021-4104: investigated: false @@ -44612,10 +44818,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -44627,13 +44834,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: Discovery Bone Densitometer + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Transfer Appliance cves: cve-2021-4104: investigated: false @@ -44641,10 +44849,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -44656,13 +44865,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: Faxitron CT Specimen Radiography System + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Video Intelligence API cves: cve-2021-4104: investigated: false @@ -44670,10 +44880,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -44685,16 +44896,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity - notes: While the Hologic software itself does not utilize Java/Log4J, there is - a utility program installed that may utilize Java and Log4J. This utility program - does not run on startup and is not required for system operation. Please contact - Hologic Service for assistance in removing this program. + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: Faxitron Specimen Radiography Systems + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Virtual Private Cloud cves: cve-2021-4104: investigated: false @@ -44702,10 +44911,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -44717,13 +44927,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: Fluoroscan Insight Mini C-Arm + - vendor: Google Cloud + product: Web Security Scanner cves: cve-2021-4104: investigated: false @@ -44731,10 +44942,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -44746,13 +44958,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: Horizon DXA Bone Densitometer + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Workflows cves: cve-2021-4104: investigated: false @@ -44760,10 +44973,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -44775,13 +44989,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: Rosetta DC Tomosynthesis Data Converter + last_updated: '2021-12-21T00:00:00' + - vendor: Gradle + product: All cves: cve-2021-4104: investigated: false @@ -44789,10 +45004,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -44804,13 +45020,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity - notes: '' + - https://blog.gradle.org/log4j-vulnerability + notes: Gradle Scala Compiler Plugin depends upon log4j-core but it is not used. references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: SecurView DX Workstation + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Gradle + product: Gradle Enterprise cves: cve-2021-4104: investigated: false @@ -44818,9 +45034,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - < 2021.3.6 unaffected_versions: [] cve-2021-45046: investigated: false @@ -44833,13 +45050,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + - https://security.gradle.com/advisory/2021-11 notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: SecurXChange Router + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Gradle + product: Gradle Enterprise Build Cache Node cves: cve-2021-4104: investigated: false @@ -44847,9 +45064,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - < 10.1 unaffected_versions: [] cve-2021-45046: investigated: false @@ -44862,13 +45080,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + - https://security.gradle.com/advisory/2021-11 notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: SuperSonic Imagine Ultrasound Products (Aixplorer & Aixplorer Mach) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Gradle + product: Gradle Enterprise Test Distribution Agent cves: cve-2021-4104: investigated: false @@ -44876,9 +45094,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - < 1.6.2 unaffected_versions: [] cve-2021-45046: investigated: false @@ -44891,13 +45110,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + - https://security.gradle.com/advisory/2021-11 notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: Trident HD Specimen Radiography System + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Grafana + product: All cves: cve-2021-4104: investigated: false @@ -44905,10 +45124,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -44920,13 +45140,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + - https://grafana.com/blog/2021/12/14/grafana-labs-core-products-not-impacted-by-log4j-cve-2021-44228-and-related-vulnerabilities/ notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: Unifi Workspace + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Grandstream + product: All cves: cve-2021-4104: investigated: false @@ -44949,15 +45169,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity - notes: While the Hologic software itself does not utilize Java/Log4J, the installed - APC PowerChute UPS with Business Edition v9.5 software installed may. APC is - still assessing its PowerChute software to determine if it is vulnerable. + - https://blog.grandstream.com/press-releases/grandstream-products-unaffected-by-log4j-vulnerability?hsLang=en + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: Windows Selenia Mammography System + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Gravitee + product: Access Management cves: cve-2021-4104: investigated: false @@ -44965,10 +45183,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 3.10.x cve-2021-45046: investigated: false affected_versions: [] @@ -44980,13 +45199,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + - https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Honeywell - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Gravitee + product: Access Management cves: cve-2021-4104: investigated: false @@ -44994,10 +45213,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 3.5.x cve-2021-45046: investigated: false affected_versions: [] @@ -45009,13 +45229,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.honeywell.com/us/en/press/2021/12/honeywells-statement-on-java-apache-log4j-logging-framework-vulnerability + - https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: HP - product: Teradici Cloud Access Controller + - vendor: Gravitee + product: Alert Engine cves: cve-2021-4104: investigated: false @@ -45025,9 +45245,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - < v113 - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - 1.5.x cve-2021-45046: investigated: false affected_versions: [] @@ -45039,13 +45259,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hp.com/us-en/document/ish_5268006-5268030-16 + - https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: HP - product: Teradici EMSDK + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Gravitee + product: Alert Engine cves: cve-2021-4104: investigated: false @@ -45055,9 +45275,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - < 1.0.6 - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - 1.4.x cve-2021-45046: investigated: false affected_versions: [] @@ -45069,13 +45289,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hp.com/us-en/document/ish_5268006-5268030-16 + - https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: HP - product: Teradici Management Console + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Gravitee + product: API Management cves: cve-2021-4104: investigated: false @@ -45085,9 +45305,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - < 21.10.3 - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - 3.10.x cve-2021-45046: investigated: false affected_versions: [] @@ -45099,13 +45319,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hp.com/us-en/document/ish_5268006-5268030-16 + - https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: HP - product: Teradici PCoIP Connection Manager + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Gravitee + product: API Management cves: cve-2021-4104: investigated: false @@ -45115,10 +45335,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - < 21.03.6 - - < 20.07.4 - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - 3.5.x cve-2021-45046: investigated: false affected_versions: [] @@ -45130,13 +45349,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hp.com/us-en/document/ish_5268006-5268030-16 + - https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: HP - product: Teradici PCoIP License Server + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Gravitee + product: Cockpit cves: cve-2021-4104: investigated: false @@ -45144,10 +45363,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 1.4.x cve-2021-45046: investigated: false affected_versions: [] @@ -45159,13 +45379,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hp.com/us-en/document/ish_5268006-5268030-16 + - https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: HPE - product: 3PAR StoreServ Arrays + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Gravwell + product: All cves: cve-2021-4104: investigated: false @@ -45173,10 +45393,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -45188,13 +45409,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.gravwell.io/blog/cve-2021-44228-log4j-does-not-impact-gravwell-products + notes: Gravwell products do not use Java. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: AirWave Management Platform + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Graylog + product: All cves: cve-2021-4104: investigated: false @@ -45202,9 +45423,13 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 3.3.15 + - 4.0.14 + - 4.1.9 + - 4.2.3 unaffected_versions: [] cve-2021-45046: investigated: false @@ -45217,13 +45442,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.graylog.org/post/graylog-update-for-log4j + notes: The vulnerable Log4j library is used to record GrayLogs own log information. + Vulnerability is not triggered when GrayLog stores exploitation vector from + an outer system. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Alletra 6000 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Graylog + product: Graylog Server cves: cve-2021-4104: investigated: false @@ -45231,9 +45458,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All versions >= 1.2.0 and <= 4.2.2 unaffected_versions: [] cve-2021-45046: investigated: false @@ -45246,13 +45474,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.graylog.org/post/graylog-update-for-log4j + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Alletra 9k + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GreenShot + product: All cves: cve-2021-4104: investigated: false @@ -45260,10 +45488,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -45275,13 +45504,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' - references: + - https://greenshot.atlassian.net/browse/BUG-2871 + notes: '' + references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Aruba Central + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GSA + product: Cloud.gov cves: cve-2021-4104: investigated: false @@ -45304,13 +45533,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://cloud.gov/2021/12/14/log4j-buildpack-updates/ + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Aruba ClearPass Policy Manager + last_updated: '2021-12-21T00:00:00' + - vendor: GuardedBox + product: All cves: cve-2021-4104: investigated: false @@ -45318,9 +45547,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 3.1.2 unaffected_versions: [] cve-2021-45046: investigated: false @@ -45333,13 +45563,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://twitter.com/GuardedBox/status/1469739834117799939 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Aruba ClearPass Policy Manager + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Guidewire + product: All cves: cve-2021-4104: investigated: false @@ -45362,13 +45592,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://community.guidewire.com/s/article/Update-to-customers-who-have-questions-about-the-use-of-log4j-in-Guidewire-products + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Aruba Instant (IAP) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: HAProxy + product: '' cves: cve-2021-4104: investigated: false @@ -45391,13 +45621,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.haproxy.com/blog/december-2021-log4shell-mitigation/ + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Aruba Location Services + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: HarmanPro AMX + product: '' cves: cve-2021-4104: investigated: false @@ -45420,13 +45650,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://help.harmanpro.com/apache-log4j-vulnerability + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Aruba NetEdit + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: HashiCorp + product: Boundary cves: cve-2021-4104: investigated: false @@ -45449,13 +45679,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Aruba PVOS Switches + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: HashiCorp + product: Consul cves: cve-2021-4104: investigated: false @@ -45478,13 +45708,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Aruba SDN VAN Controller + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: HashiCorp + product: Consul Enterprise cves: cve-2021-4104: investigated: false @@ -45507,13 +45737,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Aruba User Experience Insight (UXI) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: HashiCorp + product: Nomad cves: cve-2021-4104: investigated: false @@ -45536,13 +45766,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Aruba VIA Client + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: HashiCorp + product: Nomad Enterprise cves: cve-2021-4104: investigated: false @@ -45565,13 +45795,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: ArubaOS SD-WAN Controllers and Gateways + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: HashiCorp + product: Packer cves: cve-2021-4104: investigated: false @@ -45594,13 +45824,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: ArubaOS Wi-Fi Controllers and Gateways + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: HashiCorp + product: Terraform cves: cve-2021-4104: investigated: false @@ -45623,13 +45853,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: ArubaOS-CX switches + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: HashiCorp + product: Terraform Enterprise cves: cve-2021-4104: investigated: false @@ -45652,13 +45882,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: ArubaOS-S switches + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: HashiCorp + product: Vagrant cves: cve-2021-4104: investigated: false @@ -45681,13 +45911,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: BladeSystem Onboard Administrator + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: HashiCorp + product: Vault cves: cve-2021-4104: investigated: false @@ -45710,13 +45940,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Brocade 16Gb Fibre Channel SAN Switch for HPE Synergy + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: HashiCorp + product: Vault Enterprise cves: cve-2021-4104: investigated: false @@ -45739,13 +45969,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Brocade 16Gb SAN Switch for HPE BladeSystem c-Class + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: HashiCorp + product: Waypoint cves: cve-2021-4104: investigated: false @@ -45768,13 +45998,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Brocade 32Gb Fibre Channel SAN Switch for HPE Synergy + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: HCL Software + product: BigFix Compliance cves: cve-2021-4104: investigated: false @@ -45782,10 +46012,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -45797,13 +46028,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0095486 + notes: Not Affected for related CVE-2021-45046 references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Brocade Network Advisor + last_updated: '2021-12-15T00:00:00' + - vendor: HCL Software + product: BigFix Insights cves: cve-2021-4104: investigated: false @@ -45811,10 +46042,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -45826,13 +46058,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0095486 + notes: Not Affected for related CVE-2021-45046 references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: CloudAuth + last_updated: '2021-12-15T00:00:00' + - vendor: HCL Software + product: BigFix Insights for Vulnerability Remediation cves: cve-2021-4104: investigated: false @@ -45840,10 +46072,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -45855,13 +46088,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0095486 + notes: Not Affected for related CVE-2021-45046 references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: CloudPhysics + last_updated: '2021-12-15T00:00:00' + - vendor: HCL Software + product: BigFix Inventory cves: cve-2021-4104: investigated: false @@ -45869,9 +46102,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - < 10.0.7 unaffected_versions: [] cve-2021-45046: investigated: false @@ -45884,13 +46118,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0095486 + notes: Not Affected for related CVE-2021-45046 references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Compute Cloud Console + last_updated: '2021-12-15T00:00:00' + - vendor: HCL Software + product: BigFix Lifecycle cves: cve-2021-4104: investigated: false @@ -45898,10 +46132,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -45913,13 +46148,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0095486 + notes: Not Affected for related CVE-2021-45046 references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Compute operations manager- FW UPDATE SERVICE + last_updated: '2021-12-15T00:00:00' + - vendor: HCL Software + product: BigFix Mobile cves: cve-2021-4104: investigated: false @@ -45927,10 +46162,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -45942,13 +46178,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0095486 + notes: Not Affected for related CVE-2021-45046 references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: COS (Cray Operating System) + last_updated: '2021-12-15T00:00:00' + - vendor: HCL Software + product: BigFix Patch cves: cve-2021-4104: investigated: false @@ -45956,10 +46192,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -45971,13 +46208,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0095486 + notes: Not Affected for related CVE-2021-45046 references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Cray Systems Management (CSM) + last_updated: '2021-12-15T00:00:00' + - vendor: HelpSystems Clearswift + product: '' cves: cve-2021-4104: investigated: false @@ -46000,13 +46237,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://community.helpsystems.com/kb-nav/kb-article/?id=37becc1c-255c-ec11-8f8f-6045bd006687 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Custom SPP Portal [Link](https://spp.hpe.com/custom) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: HENIX + product: Squash TM cves: cve-2021-4104: investigated: false @@ -46014,9 +46251,12 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 1.21.7-1.22.9 + - 2.0.3-2.1.5 + - 2.2.0-3.0.2 unaffected_versions: [] cve-2021-45046: investigated: false @@ -46029,13 +46269,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://tm-en.doc.squashtest.com/v3/downloads.html#download-previous-versions + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Data Services Cloud Console + last_updated: '2021-12-23T00:00:00' + - vendor: Hexagon + product: '' cves: cve-2021-4104: investigated: false @@ -46058,13 +46298,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://supportsi.hexagon.com/help/s/article/Security-Vulnerability-CVE-2021-44228-log4j-2?language=en_US + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Harmony Data Platform + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Hikvision + product: '' cves: cve-2021-4104: investigated: false @@ -46087,13 +46327,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://video.xortec.de/media/pdf/87/e8/03/kw50_Update-for-Apache-Log4j2-Issue-Hikvision_official.pdf + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: HOP public services (grafana, vault, rancher, Jenkins) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Hitachi Energy + product: 3rd party - Elastic Search, Kibana cves: cve-2021-4104: investigated: false @@ -46101,9 +46341,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - Elasticsearch 5.0.0+ unaffected_versions: [] cve-2021-45046: investigated: false @@ -46116,13 +46357,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch + notes: Set the JVM option -Dlog4j2.formatMsgNoLookups=true and restart each node + of the cluster. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: HPE B-series SN2600B SAN Extension Switch + last_updated: '2022-01-05T00:00:00' + - vendor: Hitachi Energy + product: 3rd party - Oracle Database Components cves: cve-2021-4104: investigated: false @@ -46130,9 +46372,12 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '12.1' + - '12.2' + - 19c unaffected_versions: [] cve-2021-45046: investigated: false @@ -46145,13 +46390,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch + notes: As this is a third-party component, a separate patch management report + will be provided to customers with the steps to apply the Oracle provided patches + for these components. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: HPE B-series SN4000B SAN Extension Switch + last_updated: '2022-01-05T00:00:00' + - vendor: Hitachi Energy + product: Axis cves: cve-2021-4104: investigated: false @@ -46159,9 +46406,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '3.6' unaffected_versions: [] cve-2021-45046: investigated: false @@ -46174,13 +46422,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch + notes: No action is required by customers. Axis is a fully SaaS hosted solution + and the environment has been patched per the recommendations references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: HPE B-series SN6000B Fibre Channel Switch + last_updated: '2022-01-05T00:00:00' + - vendor: Hitachi Energy + product: Counterparty Settlement and Billing (CSB) cves: cve-2021-4104: investigated: false @@ -46188,9 +46437,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - v6 unaffected_versions: [] cve-2021-45046: investigated: false @@ -46203,13 +46453,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: HPE B-series SN6500B Fibre Channel Switch + last_updated: '2022-01-05T00:00:00' + - vendor: Hitachi Energy + product: e-Mesh Monitor cves: cve-2021-4104: investigated: false @@ -46232,13 +46482,16 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch + notes: No end-user action needed. The affected e-Mesh Monitor part is at the cloud + offering side of which the remediation is handled by Hitachi Energy team. Remediation + is currently ongoing, and during this time period, e-Mesh Monitor edge device + is not able to upload data to cloud. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: HPE B-series SN6600B Fibre Channel Switch + last_updated: '2022-01-05T00:00:00' + - vendor: Hitachi Energy + product: eSOMS cves: cve-2021-4104: investigated: false @@ -46261,13 +46514,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.hitachienergy.com/offering/solutions/cybersecurity/alerts-and-notifications + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: HPE B-series SN6650B Fibre Channel Switch + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Hitachi Energy + product: FOXMAN-UN cves: cve-2021-4104: investigated: false @@ -46275,9 +46528,13 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - R15A + - R14B + - R14A + - R11B SP1 unaffected_versions: [] cve-2021-45046: investigated: false @@ -46290,13 +46547,16 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch + notes: A patch is available for releases R15A, R14B, R14A and R11B SP1. . For + details on how to apply such patch, please refer to the technical bulletin “FOXMAN-UN + - Installation of Log4j Patch”, version A (1KHW029176) available in the Hitachi + Energy Customer Connect Portal. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: HPE B-series SN6700B Fibre Channel Switch + last_updated: '2022-01-05T00:00:00' + - vendor: Hitachi Energy + product: FOXMAN-UN cves: cve-2021-4104: investigated: false @@ -46304,9 +46564,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - R11A and R10 series unaffected_versions: [] cve-2021-45046: investigated: false @@ -46319,13 +46580,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch + notes: Apply General Mitigations and upgrade to latest version. For upgrades, + please get in touch with your Hitachi Energy contacts. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: HPE Customer Experience Assurance (CEA) + last_updated: '2022-01-05T00:00:00' + - vendor: Hitachi Energy + product: Lumada APM On-premises cves: cve-2021-4104: investigated: false @@ -46348,13 +46610,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch + notes: See vendor advisory for instructions for various versions. references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE Hardware Support Manager plug-in for VMware vSphere Lifecycle Manager + last_updated: '2022-01-05T00:00:00' + - vendor: Hitachi Energy + product: Lumada APM SaaS offering cves: cve-2021-4104: investigated: false @@ -46377,13 +46639,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch + notes: No action is required by customers. The SaaS offering has been patched + per the recommendations. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: HPE Home Location Register (HLR/I-HLR) + last_updated: '2022-01-05T00:00:00' + - vendor: Hitachi Energy + product: Lumada EAM / FSM cves: cve-2021-4104: investigated: false @@ -46391,9 +46654,12 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - v1.7.x + - v1.8.x + - v1.9.x unaffected_versions: [] cve-2021-45046: investigated: false @@ -46406,13 +46672,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch + notes: See Section Mitigation Strategy in vendor advisory. references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE Infosight for Servers + last_updated: '2022-01-05T00:00:00' + - vendor: Hitachi Energy + product: MMS Internal facing subcomponent. cves: cve-2021-4104: investigated: false @@ -46435,13 +46701,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: HPE Integrated Home Subscriber Server (I-HSS) + last_updated: '2022-01-05T00:00:00' + - vendor: Hitachi Energy + product: Network Manager ADMS Network Model Server cves: cve-2021-4104: investigated: false @@ -46449,9 +46715,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 9.1.0.32-9.1.0.44 unaffected_versions: [] cve-2021-45046: investigated: false @@ -46464,13 +46731,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch + notes: See vendor advisory for instructions on mitigation steps. references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE Intelligent Messaging (IM) + last_updated: '2022-01-05T00:00:00' + - vendor: Hitachi Energy + product: Network Manager Outage Management Interface (CMI) cves: cve-2021-4104: investigated: false @@ -46478,9 +46745,12 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 9.0-9.10.44 + - 9.1.1 + - 10.3.4 unaffected_versions: [] cve-2021-45046: investigated: false @@ -46493,13 +46763,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch + notes: See vendor advisory for instructions on mitigation steps. references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE Intelligent Network Server (INS) + last_updated: '2022-01-05T00:00:00' + - vendor: Hitachi Energy + product: nMarket Global I-SEM cves: cve-2021-4104: investigated: false @@ -46507,9 +46777,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 3.7.15 + - 3.7.16 unaffected_versions: [] cve-2021-45046: investigated: false @@ -46522,13 +46794,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE Multimedia Services Environment (MSE) + last_updated: '2022-01-05T00:00:00' + - vendor: Hitachi Energy + product: RelCare cves: cve-2021-4104: investigated: false @@ -46536,9 +46808,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 2.0.0 unaffected_versions: [] cve-2021-45046: investigated: false @@ -46551,13 +46824,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch + notes: No action is required by customers. The RelCare SaaS hosted solution and + the on-premises have been patched per the recommendations. references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE OC Convergent Communications Platform (OCCP) + last_updated: '2022-01-05T00:00:00' + - vendor: Hitachi Energy + product: UNEM cves: cve-2021-4104: investigated: false @@ -46565,9 +46839,13 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - R15A + - R14B + - R14A + - R11B SP1 unaffected_versions: [] cve-2021-45046: investigated: false @@ -46580,13 +46858,16 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch + notes: A patch is available for releases R15A, R14B, R14A and R11B SP1. For details + on how to apply such patch, please refer to the technical bulletin “UNEM - Installation + of Log4j Patch”, version A (1KHW029176) available in the Hitachi Energy Customer + Connect Portal. references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE OC Media Platform Media Resource Function (OCMP-MRF) + last_updated: '2022-01-05T00:00:00' + - vendor: Hitachi Energy + product: UNEM cves: cve-2021-4104: investigated: false @@ -46594,9 +46875,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - R11A and R10 series unaffected_versions: [] cve-2021-45046: investigated: false @@ -46609,13 +46891,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch + notes: Apply General Mitigations and upgrade to latest version. For upgrades, + please get in touch with your Hitachi Energy contacts. references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE OC Service Access Controller (OC SAC) + last_updated: '2022-01-05T00:00:00' + - vendor: Hitachi Vantara + product: '' cves: cve-2021-4104: investigated: false @@ -46638,13 +46921,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://knowledge.hitachivantara.com/Support_Information/Hitachi_Vantara_Security_Advisories/CVE-2021-44228_-_Apache_Log4j2 + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE OC Service Controller (OCSC) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: HMS Industrial Networks AB + product: Cosy, Flexy and Ewon CD cves: cve-2021-4104: investigated: false @@ -46667,71 +46950,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' - references: - - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE OC Universal Signaling Platform (OC-USP-M) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' - references: - - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE OneView - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.hms-networks.com/docs/librariesprovider6/cybersecurity/hms-security-advisory-2021-12-13-001---ewon-information-log4shell.pdf?sfvrsn=55d7f4d7_11 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: HPE OneView for VMware vRealize Operations (vROps) + last_updated: '2022-01-05T00:00:00' + - vendor: HMS Industrial Networks AB + product: eCatcher Mobile applications cves: cve-2021-4104: investigated: false @@ -46754,13 +46979,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.hms-networks.com/docs/librariesprovider6/cybersecurity/hms-security-advisory-2021-12-13-001---ewon-information-log4shell.pdf?sfvrsn=55d7f4d7_11 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: HPE OneView Global Dashboard + last_updated: '2022-01-05T00:00:00' + - vendor: HMS Industrial Networks AB + product: eCatcher Windows software cves: cve-2021-4104: investigated: false @@ -46783,13 +47008,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.hms-networks.com/docs/librariesprovider6/cybersecurity/hms-security-advisory-2021-12-13-001---ewon-information-log4shell.pdf?sfvrsn=55d7f4d7_11 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: HPE Performance Cluster Manager (HPCM) + last_updated: '2022-01-05T00:00:00' + - vendor: HMS Industrial Networks AB + product: Netbiter Hardware including EC, WS, and LC cves: cve-2021-4104: investigated: false @@ -46812,13 +47037,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.hms-networks.com/docs/librariesprovider6/cybersecurity/hms-security-advisory-2021-12-13-001---ewon-information-log4shell.pdf?sfvrsn=55d7f4d7_11 + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE Performance Manager (PM) + last_updated: '2022-01-05T00:00:00' + - vendor: HMS Industrial Networks AB + product: Talk2M including M2Web cves: cve-2021-4104: investigated: false @@ -46841,13 +47066,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.hms-networks.com/docs/librariesprovider6/cybersecurity/hms-security-advisory-2021-12-13-001---ewon-information-log4shell.pdf?sfvrsn=55d7f4d7_11 + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE Position Determination Entity (PDE) + last_updated: '2022-01-05T00:00:00' + - vendor: HOLOGIC + product: Advanced Workflow Manager (AWM) cves: cve-2021-4104: investigated: false @@ -46870,13 +47095,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: While the Hologic software itself does not utilize Java/Log4J, the installed + APC PowerChute UPS with Business Edition v9.5 software installed may. APC is + still assessing its PowerChute software to determine if it is vulnerable. references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE Secure Identity Broker (SIB) + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: Affirm Prone Biopsy System cves: cve-2021-4104: investigated: false @@ -46899,13 +47126,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE Service Activator (SA) + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: Brevera Breast Biopsy System cves: cve-2021-4104: investigated: false @@ -46928,13 +47155,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE Service Governance Framework (SGF) + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: Cenova Image Analytics Server cves: cve-2021-4104: investigated: false @@ -46957,13 +47184,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE Service Orchestration Manager (SOM) + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: Dimensions / 3Dimensions Mammography System cves: cve-2021-4104: investigated: false @@ -46986,13 +47213,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE Service Provisioner (SP) + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: Discovery Bone Densitometer cves: cve-2021-4104: investigated: false @@ -47015,13 +47242,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE Short Message Point-to-Point Gateway (SMPP) + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: Faxitron CT Specimen Radiography System cves: cve-2021-4104: investigated: false @@ -47044,13 +47271,16 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: While the Hologic software itself does not utilize Java/Log4J, there is + a utility program installed that may utilize Java and Log4J. This utility program + does not run on startup and is not required for system operation. Please contact + Hologic Service for assistance in removing this program. references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE Slingshot + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: Faxitron Specimen Radiography Systems cves: cve-2021-4104: investigated: false @@ -47073,13 +47303,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: HPE Smart Interaction Server (SIS) + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: Fluoroscan Insight Mini C-Arm cves: cve-2021-4104: investigated: false @@ -47102,13 +47332,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE SN3000B Fibre Channel Switch + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: Horizon DXA Bone Densitometer cves: cve-2021-4104: investigated: false @@ -47131,13 +47361,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: HPE SN8000B 4-Slot SAN Director Switch + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: Rosetta DC Tomosynthesis Data Converter cves: cve-2021-4104: investigated: false @@ -47160,13 +47390,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: HPE SN8000B 8-Slot SAN Backbone Director Switch + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: SecurView DX Workstation cves: cve-2021-4104: investigated: false @@ -47189,13 +47419,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: HPE SN8600B 4-Slot SAN Director Switch + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: SecurXChange Router cves: cve-2021-4104: investigated: false @@ -47218,13 +47448,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: HPE SN8600B 8-Slot SAN Director Switch + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: SuperSonic Imagine Ultrasound Products (Aixplorer & Aixplorer Mach) cves: cve-2021-4104: investigated: false @@ -47247,13 +47477,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: HPE SN8700B 4-Slot Director Switch + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: Trident HD Specimen Radiography System cves: cve-2021-4104: investigated: false @@ -47276,13 +47506,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: HPE SN8700B 8-Slot Director Switch + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: Unifi Workspace cves: cve-2021-4104: investigated: false @@ -47305,13 +47535,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: While the Hologic software itself does not utilize Java/Log4J, the installed + APC PowerChute UPS with Business Edition v9.5 software installed may. APC is + still assessing its PowerChute software to determine if it is vulnerable. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: HPE Subscriber, Network, and Application Policy (SNAP) + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: Windows Selenia Mammography System cves: cve-2021-4104: investigated: false @@ -47334,13 +47566,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE Subscription Manager (SM) + last_updated: '2021-12-20T00:00:00' + - vendor: Honeywell + product: '' cves: cve-2021-4104: investigated: false @@ -47363,13 +47595,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.honeywell.com/us/en/press/2021/12/honeywells-statement-on-java-apache-log4j-logging-framework-vulnerability + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE Synergy Image Streamer + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: HP + product: Teradici Cloud Access Controller cves: cve-2021-4104: investigated: false @@ -47377,10 +47609,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - < v113 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + vendor_links: + - https://support.hp.com/us-en/document/ish_5268006-5268030-16 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: HP + product: Teradici EMSDK + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - < 1.0.6 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -47392,13 +47655,103 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://support.hp.com/us-en/document/ish_5268006-5268030-16 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' + last_updated: '2021-12-17T00:00:00' + - vendor: HP + product: Teradici Management Console + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - < 21.10.3 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hp.com/us-en/document/ish_5268006-5268030-16 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: HP + product: Teradici PCoIP Connection Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - < 21.03.6 + - < 20.07.4 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hp.com/us-en/document/ish_5268006-5268030-16 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: HP + product: Teradici PCoIP License Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hp.com/us-en/document/ish_5268006-5268030-16 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' - vendor: HPE - product: HPE Systems Insight Manager (SIM) + product: 3PAR StoreServ Arrays cves: cve-2021-4104: investigated: false @@ -47427,7 +47780,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE Telecom Application Server (TAS) + product: AirWave Management Platform cves: cve-2021-4104: investigated: false @@ -47454,9 +47807,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-14T00:00:00' + last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE Unified Correlation and Automation (UCA) + product: Alletra 6000 cves: cve-2021-4104: investigated: false @@ -47483,9 +47836,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-14T00:00:00' + last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE Unified Mediation Bus (UMB) + product: Alletra 9k cves: cve-2021-4104: investigated: false @@ -47512,9 +47865,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-14T00:00:00' + last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE Unified OSS Console (UOC) + product: Aruba Central cves: cve-2021-4104: investigated: false @@ -47541,9 +47894,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-14T00:00:00' + last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE Unified Topology Manager (UTM) + product: Aruba ClearPass Policy Manager cves: cve-2021-4104: investigated: false @@ -47570,9 +47923,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-14T00:00:00' + last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE Universal Identity Repository (VIR) + product: Aruba ClearPass Policy Manager cves: cve-2021-4104: investigated: false @@ -47599,9 +47952,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-14T00:00:00' + last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE Universal SLA Manager (uSLAM) + product: Aruba Instant (IAP) cves: cve-2021-4104: investigated: false @@ -47628,9 +47981,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-14T00:00:00' + last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE Virtual Connect + product: Aruba Location Services cves: cve-2021-4104: investigated: false @@ -47659,7 +48012,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE Virtual Connect Enterprise Manager (VCEM) + product: Aruba NetEdit cves: cve-2021-4104: investigated: false @@ -47688,7 +48041,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE Virtual Provisioning Gateway (vPGW) + product: Aruba PVOS Switches cves: cve-2021-4104: investigated: false @@ -47715,9 +48068,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-14T00:00:00' + last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE Virtual Server Environment (VSE) + product: Aruba SDN VAN Controller cves: cve-2021-4104: investigated: false @@ -47746,7 +48099,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE Virtual Subscriber Data Management (vSDM) + product: Aruba User Experience Insight (UXI) cves: cve-2021-4104: investigated: false @@ -47773,9 +48126,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-14T00:00:00' + last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE WebRTC Gateway Controller (WGW) + product: Aruba VIA Client cves: cve-2021-4104: investigated: false @@ -47802,9 +48155,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-14T00:00:00' + last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE Wi-Fi Authentication Gateway (WauG) + product: ArubaOS SD-WAN Controllers and Gateways cves: cve-2021-4104: investigated: false @@ -47833,7 +48186,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Insight Cluster Management Utility (CMU) + product: ArubaOS Wi-Fi Controllers and Gateways cves: cve-2021-4104: investigated: false @@ -47862,7 +48215,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Integrated Lights-Out (iLO) Amplifier Pack + product: ArubaOS-CX switches cves: cve-2021-4104: investigated: false @@ -47891,7 +48244,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Integrated Lights-Out 4 (iLO 4) + product: ArubaOS-S switches cves: cve-2021-4104: investigated: false @@ -47899,11 +48252,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '4' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -47921,7 +48273,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Integrated Lights-Out 5 (iLO 5) + product: BladeSystem Onboard Administrator cves: cve-2021-4104: investigated: false @@ -47929,11 +48281,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '5' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -47951,7 +48302,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Integrity BL860c, BL870c, BL890c + product: Brocade 16Gb Fibre Channel SAN Switch for HPE Synergy cves: cve-2021-4104: investigated: false @@ -47980,7 +48331,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Integrity Rx2800/Rx2900 + product: Brocade 16Gb SAN Switch for HPE BladeSystem c-Class cves: cve-2021-4104: investigated: false @@ -48009,7 +48360,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Integrity Superdome 2 + product: Brocade 32Gb Fibre Channel SAN Switch for HPE Synergy cves: cve-2021-4104: investigated: false @@ -48038,7 +48389,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Integrity Superdome X + product: Brocade Network Advisor cves: cve-2021-4104: investigated: false @@ -48067,7 +48418,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Intelligent Provisioning + product: CloudAuth cves: cve-2021-4104: investigated: false @@ -48096,7 +48447,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: iSUT integrated smart update tool + product: CloudPhysics cves: cve-2021-4104: investigated: false @@ -48125,7 +48476,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Maven Artifacts (Atlas) + product: Compute Cloud Console cves: cve-2021-4104: investigated: false @@ -48154,7 +48505,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: MSA + product: Compute operations manager- FW UPDATE SERVICE cves: cve-2021-4104: investigated: false @@ -48183,7 +48534,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: NetEdit + product: COS (Cray Operating System) cves: cve-2021-4104: investigated: false @@ -48212,7 +48563,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Nimble Storage + product: Cray Systems Management (CSM) cves: cve-2021-4104: investigated: false @@ -48241,7 +48592,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: NS-T0634-OSM CONSOLE TOOLS + product: Custom SPP Portal [Link](https://spp.hpe.com/custom) cves: cve-2021-4104: investigated: false @@ -48270,7 +48621,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: NS-T0977-SCHEMA VALIDATOR + product: Data Services Cloud Console cves: cve-2021-4104: investigated: false @@ -48299,7 +48650,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: OfficeConnect + product: Harmony Data Platform cves: cve-2021-4104: investigated: false @@ -48328,7 +48679,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Primera Storage + product: HOP public services (grafana, vault, rancher, Jenkins) cves: cve-2021-4104: investigated: false @@ -48357,7 +48708,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: RepoServer part of OPA (on Premises aggregator) + product: HPE B-series SN2600B SAN Extension Switch cves: cve-2021-4104: investigated: false @@ -48386,7 +48737,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Resource Aggregator for Open Distributed Infrastructure Management + product: HPE B-series SN4000B SAN Extension Switch cves: cve-2021-4104: investigated: false @@ -48394,7 +48745,7 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -48415,7 +48766,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: RESTful Interface Tool (iLOREST) + product: HPE B-series SN6000B Fibre Channel Switch cves: cve-2021-4104: investigated: false @@ -48444,7 +48795,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: SAT (System Admin Toolkit) + product: HPE B-series SN6500B Fibre Channel Switch cves: cve-2021-4104: investigated: false @@ -48473,7 +48824,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Scripting Tools for Windows PowerShell (HPEiLOCmdlets) + product: HPE B-series SN6600B Fibre Channel Switch cves: cve-2021-4104: investigated: false @@ -48502,7 +48853,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: SGI MC990 X Server + product: HPE B-series SN6650B Fibre Channel Switch cves: cve-2021-4104: investigated: false @@ -48531,7 +48882,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: SGI UV 2000 Server + product: HPE B-series SN6700B Fibre Channel Switch cves: cve-2021-4104: investigated: false @@ -48560,7 +48911,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: SGI UV 300, 300H, 300RL, 30EX + product: HPE Customer Experience Assurance (CEA) cves: cve-2021-4104: investigated: false @@ -48587,9 +48938,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-12T00:00:00' + last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: SGI UV 3000 Server + product: HPE Hardware Support Manager plug-in for VMware vSphere Lifecycle Manager cves: cve-2021-4104: investigated: false @@ -48618,7 +48969,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: SN8700B 8-Slot Director Switch + product: HPE Home Location Register (HLR/I-HLR) cves: cve-2021-4104: investigated: false @@ -48645,9 +48996,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-12T00:00:00' + last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: StoreEasy + product: HPE Infosight for Servers cves: cve-2021-4104: investigated: false @@ -48676,7 +49027,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: StoreEver CVTL + product: HPE Integrated Home Subscriber Server (I-HSS) cves: cve-2021-4104: investigated: false @@ -48703,9 +49054,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-12T00:00:00' + last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: StoreEver LTO Tape Drives + product: HPE Intelligent Messaging (IM) cves: cve-2021-4104: investigated: false @@ -48732,9 +49083,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-12T00:00:00' + last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: StoreEver MSL Tape Libraries + product: HPE Intelligent Network Server (INS) cves: cve-2021-4104: investigated: false @@ -48761,9 +49112,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-12T00:00:00' + last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: StoreOnce + product: HPE Multimedia Services Environment (MSE) cves: cve-2021-4104: investigated: false @@ -48790,9 +49141,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-12T00:00:00' + last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: SUM (Smart Update Manager) + product: HPE OC Convergent Communications Platform (OCCP) cves: cve-2021-4104: investigated: false @@ -48819,9 +49170,125 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-12T00:00:00' + last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: Superdome Flex 280 + product: HPE OC Media Platform Media Resource Function (OCMP-MRF) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE OC Service Access Controller (OC SAC) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE OC Service Controller (OCSC) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE OC Universal Signaling Platform (OC-USP-M) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE OneView cves: cve-2021-4104: investigated: false @@ -48850,7 +49317,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Superdome Flex Server + product: HPE OneView for VMware vRealize Operations (vROps) cves: cve-2021-4104: investigated: false @@ -48879,7 +49346,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: UAN (User Access Node) + product: HPE OneView Global Dashboard cves: cve-2021-4104: investigated: false @@ -48907,8 +49374,8 @@ software: references: - '' last_updated: '2021-12-12T00:00:00' - - vendor: HPE/Micro Focus - product: Data Protector + - vendor: HPE + product: HPE Performance Cluster Manager (HPCM) cves: cve-2021-4104: investigated: false @@ -48916,10 +49383,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - '9.09' + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -48932,13 +49398,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://portal.microfocus.com/s/article/KM000003243 - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - - '[https://portal.microfocus.com/s/article/KM000003050](https://portal.microfocus.com/s/article/KM000003050)' - last_updated: '2021-12-17T00:00:00' - - vendor: Huawei - product: '' + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE Performance Manager (PM) cves: cve-2021-4104: investigated: false @@ -48961,13 +49427,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.huawei.com/en/psirt/security-notices/huawei-sn-20211210-01-log4j2-en - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Hubspot - product: '' + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE Position Determination Entity (PDE) cves: cve-2021-4104: investigated: false @@ -48990,13 +49456,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.hubspot.com/t5/APIs-Integrations/Log4J-day-zero-exploit-CVE-2021-44228/td-p/541949 - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: I-Net software - product: '' + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE Secure Identity Broker (SIB) cves: cve-2021-4104: investigated: false @@ -49019,13 +49485,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://faq.inetsoftware.de/t/statement-about-cve-2021-44228-log4j-vulnerability-concerning-i-net-software-products/269/3 - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: I2P - product: '' + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE Service Activator (SA) cves: cve-2021-4104: investigated: false @@ -49048,13 +49514,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://geti2p.net/en/blog/post/2021/12/11/i2p-unaffected-cve-2021-44228 - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: IBA-AG - product: '' + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE Service Governance Framework (SGF) cves: cve-2021-4104: investigated: false @@ -49077,13 +49543,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.iba-ag.com/en/security - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Ibexa - product: '' + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE Service Orchestration Manager (SOM) cves: cve-2021-4104: investigated: false @@ -49106,13 +49572,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://developers.ibexa.co/security-advisories/cve-2021-44228-log4j-vulnerability - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: IBM - product: Analytics Engine + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE Service Provisioner (SP) cves: cve-2021-4104: investigated: false @@ -49135,13 +49601,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: App Configuration + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE Short Message Point-to-Point Gateway (SMPP) cves: cve-2021-4104: investigated: false @@ -49164,13 +49630,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: App Connect + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE Slingshot cves: cve-2021-4104: investigated: false @@ -49193,13 +49659,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: App ID + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: HPE Smart Interaction Server (SIS) cves: cve-2021-4104: investigated: false @@ -49222,13 +49688,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Application Gateway + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE SN3000B Fibre Channel Switch cves: cve-2021-4104: investigated: false @@ -49251,13 +49717,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Aspera + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: HPE SN8000B 4-Slot SAN Director Switch cves: cve-2021-4104: investigated: false @@ -49280,13 +49746,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Aspera Endpoint + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: HPE SN8000B 8-Slot SAN Backbone Director Switch cves: cve-2021-4104: investigated: false @@ -49309,13 +49775,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Aspera Enterprise + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: HPE SN8600B 4-Slot SAN Director Switch cves: cve-2021-4104: investigated: false @@ -49338,13 +49804,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Aspera fasp.io + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: HPE SN8600B 8-Slot SAN Director Switch cves: cve-2021-4104: investigated: false @@ -49367,13 +49833,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Bare Metal Servers + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: HPE SN8700B 4-Slot Director Switch cves: cve-2021-4104: investigated: false @@ -49396,72 +49862,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' - references: - - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: BigFix Compliance - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: [] - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: IBM - product: BigFix Inventory - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: - - VM Manager Tool & SAP Tool - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: [] - notes: To verify if your instance is affected, go to the lib subdirectory of the - tool (BESClient/LMT/SAPTOOL and BESClient/LMT/VMMAN) and check what version - of log4j is included. Version is included in the name of the library. + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: IBM - product: Block Storage + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: HPE SN8700B 8-Slot Director Switch cves: cve-2021-4104: investigated: false @@ -49484,13 +49891,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Block Storage for VPC + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: HPE Subscriber, Network, and Application Policy (SNAP) cves: cve-2021-4104: investigated: false @@ -49513,13 +49920,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Block Storage Snapshots for VPC + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE Subscription Manager (SM) cves: cve-2021-4104: investigated: false @@ -49542,13 +49949,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Case Manager + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE Synergy Image Streamer cves: cve-2021-4104: investigated: false @@ -49571,13 +49978,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Certificate Manager + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: HPE Systems Insight Manager (SIM) cves: cve-2021-4104: investigated: false @@ -49600,13 +50007,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Client VPN for VPC + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: HPE Telecom Application Server (TAS) cves: cve-2021-4104: investigated: false @@ -49629,13 +50036,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Cloud Activity Tracker + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE Unified Correlation and Automation (UCA) cves: cve-2021-4104: investigated: false @@ -49658,13 +50065,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Cloud Backup + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE Unified Mediation Bus (UMB) cves: cve-2021-4104: investigated: false @@ -49687,13 +50094,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Cloud Monitoring + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE Unified OSS Console (UOC) cves: cve-2021-4104: investigated: false @@ -49716,13 +50123,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Cloud Object Storage + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE Unified Topology Manager (UTM) cves: cve-2021-4104: investigated: false @@ -49745,13 +50152,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Cloud Object Storage + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE Universal Identity Repository (VIR) cves: cve-2021-4104: investigated: false @@ -49774,13 +50181,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Cloudant + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE Universal SLA Manager (uSLAM) cves: cve-2021-4104: investigated: false @@ -49803,13 +50210,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Code Engine + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE Virtual Connect cves: cve-2021-4104: investigated: false @@ -49832,72 +50239,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' - references: - - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Cognos Command Center - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' - references: - - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Cognos Controller - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: - - 10.4.2 - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.ibm.com/support/pages/node/6526468> - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Cognos Integration Server + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: HPE Virtual Connect Enterprise Manager (VCEM) cves: cve-2021-4104: investigated: false @@ -49920,13 +50268,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Compose Enterprise + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: HPE Virtual Provisioning Gateway (vPGW) cves: cve-2021-4104: investigated: false @@ -49949,13 +50297,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Compose for Elasticsearch + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE Virtual Server Environment (VSE) cves: cve-2021-4104: investigated: false @@ -49978,13 +50326,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Compose for etcd + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: HPE Virtual Subscriber Data Management (vSDM) cves: cve-2021-4104: investigated: false @@ -50007,13 +50355,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Compose for MongoDB + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE WebRTC Gateway Controller (WGW) cves: cve-2021-4104: investigated: false @@ -50036,13 +50384,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Compose for MySQL + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE Wi-Fi Authentication Gateway (WauG) cves: cve-2021-4104: investigated: false @@ -50065,13 +50413,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Compose for PostgreSQL + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Insight Cluster Management Utility (CMU) cves: cve-2021-4104: investigated: false @@ -50094,13 +50442,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Compose for RabbitMQ + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Integrated Lights-Out (iLO) Amplifier Pack cves: cve-2021-4104: investigated: false @@ -50123,13 +50471,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Compose for Redis + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Integrated Lights-Out 4 (iLO 4) cves: cve-2021-4104: investigated: false @@ -50137,10 +50485,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '4' cve-2021-45046: investigated: false affected_versions: [] @@ -50152,13 +50501,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Compose for RethinkDB + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Integrated Lights-Out 5 (iLO 5) cves: cve-2021-4104: investigated: false @@ -50166,10 +50515,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '5' cve-2021-45046: investigated: false affected_versions: [] @@ -50181,13 +50531,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Compose for ScyllaDB + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Integrity BL860c, BL870c, BL890c cves: cve-2021-4104: investigated: false @@ -50210,13 +50560,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Container Registry + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Integrity Rx2800/Rx2900 cves: cve-2021-4104: investigated: false @@ -50239,13 +50589,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Container Security Services + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Integrity Superdome 2 cves: cve-2021-4104: investigated: false @@ -50268,13 +50618,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Content Delivery Network + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Integrity Superdome X cves: cve-2021-4104: investigated: false @@ -50297,13 +50647,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Continuous Delivery + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Intelligent Provisioning cves: cve-2021-4104: investigated: false @@ -50326,13 +50676,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Copy Services Manager + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: iSUT integrated smart update tool cves: cve-2021-4104: investigated: false @@ -50355,13 +50705,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Databases for DataStax + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Maven Artifacts (Atlas) cves: cve-2021-4104: investigated: false @@ -50384,13 +50734,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Databases for EDB + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: MSA cves: cve-2021-4104: investigated: false @@ -50413,13 +50763,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Databases for Elasticsearch + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: NetEdit cves: cve-2021-4104: investigated: false @@ -50442,13 +50792,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Databases for etcd + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Nimble Storage cves: cve-2021-4104: investigated: false @@ -50471,13 +50821,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Databases for MongoDB + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: NS-T0634-OSM CONSOLE TOOLS cves: cve-2021-4104: investigated: false @@ -50500,13 +50850,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Databases for PostgreSQL + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: NS-T0977-SCHEMA VALIDATOR cves: cve-2021-4104: investigated: false @@ -50529,13 +50879,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Databases for Redis + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: OfficeConnect cves: cve-2021-4104: investigated: false @@ -50558,13 +50908,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Datapower Gateway + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Primera Storage cves: cve-2021-4104: investigated: false @@ -50587,13 +50937,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Dedicated Host for VPC + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: RepoServer part of OPA (on Premises aggregator) cves: cve-2021-4104: investigated: false @@ -50616,13 +50966,42 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Direct Link Connect + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Resource Aggregator for Open Distributed Infrastructure Management + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: RESTful Interface Tool (iLOREST) cves: cve-2021-4104: investigated: false @@ -50645,13 +51024,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Direct Link Connect on Classic + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: SAT (System Admin Toolkit) cves: cve-2021-4104: investigated: false @@ -50674,13 +51053,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Direct Link Dedicated (2.0) + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Scripting Tools for Windows PowerShell (HPEiLOCmdlets) cves: cve-2021-4104: investigated: false @@ -50703,13 +51082,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Direct Link Dedicated Hosting on Classic + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: SGI MC990 X Server cves: cve-2021-4104: investigated: false @@ -50732,13 +51111,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Direct Link Dedicated on Classic + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: SGI UV 2000 Server cves: cve-2021-4104: investigated: false @@ -50761,13 +51140,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Direct Link Exchange on Classic + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: SGI UV 300, 300H, 300RL, 30EX cves: cve-2021-4104: investigated: false @@ -50790,13 +51169,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: DNS Services + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: SGI UV 3000 Server cves: cve-2021-4104: investigated: false @@ -50819,13 +51198,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Emptoris Contract Management + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: SN8700B 8-Slot Director Switch cves: cve-2021-4104: investigated: false @@ -50848,13 +51227,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Emptoris Program Management + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: StoreEasy cves: cve-2021-4104: investigated: false @@ -50877,13 +51256,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Emptoris Sourcing + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: StoreEver CVTL cves: cve-2021-4104: investigated: false @@ -50906,13 +51285,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Emptoris Spend Analysis + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: StoreEver LTO Tape Drives cves: cve-2021-4104: investigated: false @@ -50935,13 +51314,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Emptoris Supplier Lifecycle Management + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: StoreEver MSL Tape Libraries cves: cve-2021-4104: investigated: false @@ -50964,13 +51343,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Enterprise Tape Controller Model C07 (3592) (ETC) + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: StoreOnce cves: cve-2021-4104: investigated: false @@ -50993,13 +51372,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Event Notifications + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: SUM (Smart Update Manager) cves: cve-2021-4104: investigated: false @@ -51022,13 +51401,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Event Streams + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Superdome Flex 280 cves: cve-2021-4104: investigated: false @@ -51051,13 +51430,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: File Storage + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Superdome Flex Server cves: cve-2021-4104: investigated: false @@ -51080,13 +51459,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Flash System 900 (& 840) + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: UAN (User Access Node) cves: cve-2021-4104: investigated: false @@ -51109,13 +51488,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Flow Logs for VPC + last_updated: '2021-12-12T00:00:00' + - vendor: HPE/Micro Focus + product: Data Protector cves: cve-2021-4104: investigated: false @@ -51123,9 +51502,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '9.09' unaffected_versions: [] cve-2021-45046: investigated: false @@ -51138,13 +51518,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://portal.microfocus.com/s/article/KM000003243 notes: '' references: - - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Functions + - '[https://portal.microfocus.com/s/article/KM000003050](https://portal.microfocus.com/s/article/KM000003050)' + last_updated: '2021-12-17T00:00:00' + - vendor: Huawei + product: '' cves: cve-2021-4104: investigated: false @@ -51167,13 +51547,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://www.huawei.com/en/psirt/security-notices/huawei-sn-20211210-01-log4j2-en notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: GSKit + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Hubspot + product: '' cves: cve-2021-4104: investigated: false @@ -51196,13 +51576,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://community.hubspot.com/t5/APIs-Integrations/Log4J-day-zero-exploit-CVE-2021-44228/td-p/541949 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Guardium S-TAP for Data Sets on z/OS + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: I-Net software + product: '' cves: cve-2021-4104: investigated: false @@ -51225,13 +51605,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://faq.inetsoftware.de/t/statement-about-cve-2021-44228-log4j-vulnerability-concerning-i-net-software-products/269/3 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Guardium S-TAP for DB2 on z/OS + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: I2P + product: '' cves: cve-2021-4104: investigated: false @@ -51254,13 +51634,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://geti2p.net/en/blog/post/2021/12/11/i2p-unaffected-cve-2021-44228 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Guardium S-TAP for IMS on z/OS + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: IBA-AG + product: '' cves: cve-2021-4104: investigated: false @@ -51283,13 +51663,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://www.iba-ag.com/en/security notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Hyper Protect Crypto Services + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Ibexa + product: '' cves: cve-2021-4104: investigated: false @@ -51312,13 +51692,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://developers.ibexa.co/security-advisories/cve-2021-44228-log4j-vulnerability notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: IBM - product: Hyper Protect DBaaS for MongoDB + product: Analytics Engine cves: cve-2021-4104: investigated: false @@ -51347,7 +51727,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Hyper Protect DBaaS for PostgreSQL + product: App Configuration cves: cve-2021-4104: investigated: false @@ -51376,7 +51756,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Hyper Protect Virtual Server + product: App Connect cves: cve-2021-4104: investigated: false @@ -51405,7 +51785,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: i2 Analyst’s Notebook + product: App ID cves: cve-2021-4104: investigated: false @@ -51434,7 +51814,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: i2 Base + product: Application Gateway cves: cve-2021-4104: investigated: false @@ -51463,7 +51843,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: IBM Application Runtime Expert for i + product: Aspera cves: cve-2021-4104: investigated: false @@ -51492,7 +51872,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: IBM Backup, Recovery and Media Services for i + product: Aspera Endpoint cves: cve-2021-4104: investigated: false @@ -51521,7 +51901,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: IBM Db2 Mirror for i + product: Aspera Enterprise cves: cve-2021-4104: investigated: false @@ -51550,7 +51930,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: IBM HTTP Server + product: Aspera fasp.io cves: cve-2021-4104: investigated: false @@ -51579,7 +51959,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: IBM i Access Family + product: Bare Metal Servers cves: cve-2021-4104: investigated: false @@ -51608,7 +51988,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: IBM i Portfolio of products under the Group SWMA + product: BigFix Compliance cves: cve-2021-4104: investigated: false @@ -51630,14 +52010,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + vendor_links: [] notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: IBM - product: IBM PowerHA System Mirror for i + product: BigFix Inventory cves: cve-2021-4104: investigated: false @@ -51645,8 +52024,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - VM Manager Tool & SAP Tool fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -51659,14 +52039,15 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + vendor_links: [] + notes: To verify if your instance is affected, go to the lib subdirectory of the + tool (BESClient/LMT/SAPTOOL and BESClient/LMT/VMMAN) and check what version + of log4j is included. Version is included in the name of the library. references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: IBM - product: IBM Sterling Connect:Direct Browser User Interface + product: Block Storage cves: cve-2021-4104: investigated: false @@ -51695,7 +52076,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: IBM Sterling Connect:Direct File Agent + product: Block Storage for VPC cves: cve-2021-4104: investigated: false @@ -51703,9 +52084,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - See Vendor Links + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -51719,15 +52099,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/security-bulletin-apache-log4j-vulnerability-affects-ibm-sterling-connectdirect-for-unix-cve-2021-44228/ + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - - '[https://www.ibm.com/support/pages/node/6526688](https://www.ibm.com/support/pages/node/6526688), - [https://www.ibm.com/support/pages/node/6528324](https://www.ibm.com/support/pages/node/6528324), - [https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/](https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/)' - last_updated: '2021-12-20T00:00:00' + - '' + last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: IBM Sterling Connect:Direct for HP NonStop + product: Block Storage Snapshots for VPC cves: cve-2021-4104: investigated: false @@ -51756,7 +52134,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: IBM Sterling Connect:Direct for i5/OS + product: Case Manager cves: cve-2021-4104: investigated: false @@ -51785,7 +52163,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: IBM Sterling Connect:Direct for OpenVMS + product: Certificate Manager cves: cve-2021-4104: investigated: false @@ -51814,7 +52192,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: IBM Sterling Connect:Express for Microsoft Windows + product: Client VPN for VPC cves: cve-2021-4104: investigated: false @@ -51843,7 +52221,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: IBM Sterling Connect:Express for UNIX + product: Cloud Activity Tracker cves: cve-2021-4104: investigated: false @@ -51872,7 +52250,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: IBM Sterling Connect:Express for z/OS + product: Cloud Backup cves: cve-2021-4104: investigated: false @@ -51901,7 +52279,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Instana Agent + product: Cloud Monitoring cves: cve-2021-4104: investigated: false @@ -51909,9 +52287,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Timestamp lower than 12-11-2021 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -51925,13 +52302,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://status.instana.io/incidents/4zgcd2gzf4jw + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' + last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Internet Services + product: Cloud Object Storage cves: cve-2021-4104: investigated: false @@ -51960,7 +52337,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Key Lifecycle Manager for z/OS + product: Cloud Object Storage cves: cve-2021-4104: investigated: false @@ -51989,7 +52366,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Key Protect + product: Cloudant cves: cve-2021-4104: investigated: false @@ -52018,7 +52395,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Knowledge Studio + product: Code Engine cves: cve-2021-4104: investigated: false @@ -52047,7 +52424,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Kubernetes Service + product: Cognos Command Center cves: cve-2021-4104: investigated: false @@ -52076,7 +52453,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Load Balancer for VPC + product: Cognos Controller cves: cve-2021-4104: investigated: false @@ -52084,8 +52461,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 10.4.2 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -52099,13 +52477,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://www.ibm.com/support/pages/node/6526468> notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Log Analysis + product: Cognos Integration Server cves: cve-2021-4104: investigated: false @@ -52134,7 +52512,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Managed VMware Service + product: Compose Enterprise cves: cve-2021-4104: investigated: false @@ -52163,7 +52541,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Management Extender for VMware vCenter + product: Compose for Elasticsearch cves: cve-2021-4104: investigated: false @@ -52185,13 +52563,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' + last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Mass Data Migration + product: Compose for etcd cves: cve-2021-4104: investigated: false @@ -52220,7 +52599,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Maximo EAM SaaS + product: Compose for MongoDB cves: cve-2021-4104: investigated: false @@ -52249,7 +52628,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Message Hub + product: Compose for MySQL cves: cve-2021-4104: investigated: false @@ -52278,7 +52657,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: MQ Appliance + product: Compose for PostgreSQL cves: cve-2021-4104: investigated: false @@ -52307,7 +52686,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: MQ on IBM Cloud + product: Compose for RabbitMQ cves: cve-2021-4104: investigated: false @@ -52336,7 +52715,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Natural Language Understanding + product: Compose for Redis cves: cve-2021-4104: investigated: false @@ -52365,7 +52744,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: OmniFind Text Search Server for DB2 for i + product: Compose for RethinkDB cves: cve-2021-4104: investigated: false @@ -52394,7 +52773,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: OPENBMC + product: Compose for ScyllaDB cves: cve-2021-4104: investigated: false @@ -52423,7 +52802,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Planning Analytics Workspace + product: Container Registry cves: cve-2021-4104: investigated: false @@ -52431,9 +52810,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - '>2.0.57' + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -52447,13 +52825,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/support/pages/node/6525700 + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Power HMC + product: Container Security Services cves: cve-2021-4104: investigated: false @@ -52461,9 +52839,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - V9.2.950.0 & V10.1.1010.0 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -52477,13 +52854,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/support/pages/node/6526172?myns=pwrsmc&mynp=OCSGGSNP&mync=E&cm_sp=pwrsmc-_-OCSGGSNP-_-E + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: PowerSC + product: Content Delivery Network cves: cve-2021-4104: investigated: false @@ -52512,7 +52889,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: PowerVM Hypervisor + product: Continuous Delivery cves: cve-2021-4104: investigated: false @@ -52541,7 +52918,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: PowerVM VIOS + product: Copy Services Manager cves: cve-2021-4104: investigated: false @@ -52570,7 +52947,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: QRadar Advisor + product: Databases for DataStax cves: cve-2021-4104: investigated: false @@ -52599,7 +52976,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Qradar Network Threat Analytics + product: Databases for EDB cves: cve-2021-4104: investigated: false @@ -52628,7 +53005,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: QRadar SIEM + product: Databases for Elasticsearch cves: cve-2021-4104: investigated: false @@ -52657,7 +53034,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Quantum Services + product: Databases for etcd cves: cve-2021-4104: investigated: false @@ -52686,7 +53063,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Rational Developer for AIX and Linux + product: Databases for MongoDB cves: cve-2021-4104: investigated: false @@ -52715,7 +53092,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Rational Developer for i + product: Databases for PostgreSQL cves: cve-2021-4104: investigated: false @@ -52744,7 +53121,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Red Hat OpenShift on IBM Cloud + product: Databases for Redis cves: cve-2021-4104: investigated: false @@ -52773,7 +53150,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Resilient + product: Datapower Gateway cves: cve-2021-4104: investigated: false @@ -52795,13 +53172,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' + last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Robotic Process Automation + product: Dedicated Host for VPC cves: cve-2021-4104: investigated: false @@ -52830,7 +53208,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: SAN Volume Controller and Storwize Family + product: Direct Link Connect cves: cve-2021-4104: investigated: false @@ -52859,7 +53237,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Satellite Infrastructure Service + product: Direct Link Connect on Classic cves: cve-2021-4104: investigated: false @@ -52888,7 +53266,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Schematics + product: Direct Link Dedicated (2.0) cves: cve-2021-4104: investigated: false @@ -52917,7 +53295,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Secrets Manager + product: Direct Link Dedicated Hosting on Classic cves: cve-2021-4104: investigated: false @@ -52946,7 +53324,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Secure Gateway + product: Direct Link Dedicated on Classic cves: cve-2021-4104: investigated: false @@ -52975,7 +53353,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Server Automation + product: Direct Link Exchange on Classic cves: cve-2021-4104: investigated: false @@ -52997,13 +53375,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' + last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Spectrum Archive Library Edition + product: DNS Services cves: cve-2021-4104: investigated: false @@ -53032,7 +53411,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Spectrum Discover + product: Emptoris Contract Management cves: cve-2021-4104: investigated: false @@ -53061,7 +53440,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Spectrum Protect Client Management Service + product: Emptoris Program Management cves: cve-2021-4104: investigated: false @@ -53090,7 +53469,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: 'Spectrum Protect for Databases: Data Protection for Oracle' + product: Emptoris Sourcing cves: cve-2021-4104: investigated: false @@ -53119,7 +53498,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: 'Spectrum Protect for Databases: Data Protection for SQL' + product: Emptoris Spend Analysis cves: cve-2021-4104: investigated: false @@ -53148,7 +53527,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Spectrum Protect for Enterprise Resource Planning + product: Emptoris Supplier Lifecycle Management cves: cve-2021-4104: investigated: false @@ -53177,7 +53556,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: 'Spectrum Protect for Mail: Data Protection for Domino' + product: Enterprise Tape Controller Model C07 (3592) (ETC) cves: cve-2021-4104: investigated: false @@ -53206,7 +53585,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: 'Spectrum Protect for Mail: Data Protection for Exchange' + product: Event Notifications cves: cve-2021-4104: investigated: false @@ -53235,7 +53614,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Spectrum Protect for Workstations + product: Event Streams cves: cve-2021-4104: investigated: false @@ -53264,7 +53643,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Spectrum Protect for z/OS USS Client and API + product: File Storage cves: cve-2021-4104: investigated: false @@ -53293,7 +53672,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Spectrum Protect Plus Db2 Agent + product: Flash System 900 (& 840) cves: cve-2021-4104: investigated: false @@ -53322,7 +53701,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Spectrum Protect Plus Exchange Agent + product: Flow Logs for VPC cves: cve-2021-4104: investigated: false @@ -53351,7 +53730,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Spectrum Protect Plus File Systems Agent + product: Functions cves: cve-2021-4104: investigated: false @@ -53380,7 +53759,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Spectrum Protect Plus MongoDB Agent + product: GSKit cves: cve-2021-4104: investigated: false @@ -53409,7 +53788,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Spectrum Protect Plus O365 Agent + product: Guardium S-TAP for Data Sets on z/OS cves: cve-2021-4104: investigated: false @@ -53438,7 +53817,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Spectrum Protect Server + product: Guardium S-TAP for DB2 on z/OS cves: cve-2021-4104: investigated: false @@ -53467,7 +53846,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Spectrum Protect Snapshot for UNIX + product: Guardium S-TAP for IMS on z/OS cves: cve-2021-4104: investigated: false @@ -53496,7 +53875,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Spectrum Protect Snapshot for UNIX + product: Hyper Protect Crypto Services cves: cve-2021-4104: investigated: false @@ -53525,7 +53904,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: SQL Query + product: Hyper Protect DBaaS for MongoDB cves: cve-2021-4104: investigated: false @@ -53554,7 +53933,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Sterling Gentran + product: Hyper Protect DBaaS for PostgreSQL cves: cve-2021-4104: investigated: false @@ -53583,7 +53962,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Sterling Order Management + product: Hyper Protect Virtual Server cves: cve-2021-4104: investigated: false @@ -53612,7 +53991,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Sterling Transformation Extender Pack for ACORD + product: i2 Analyst’s Notebook cves: cve-2021-4104: investigated: false @@ -53641,7 +54020,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Sterling Transformation Extender Pack for Financial Services + product: i2 Base cves: cve-2021-4104: investigated: false @@ -53670,7 +54049,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Sterling Transformation Extender Pack for FIX + product: IBM Application Runtime Expert for i cves: cve-2021-4104: investigated: false @@ -53699,7 +54078,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Sterling Transformation Extender Pack for NACHA + product: IBM Backup, Recovery and Media Services for i cves: cve-2021-4104: investigated: false @@ -53728,7 +54107,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Sterling Transformation Extender Pack for PeopleSoft + product: IBM Db2 Mirror for i cves: cve-2021-4104: investigated: false @@ -53757,7 +54136,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Sterling Transformation Extender Pack for SAP R/3 + product: IBM HTTP Server cves: cve-2021-4104: investigated: false @@ -53786,7 +54165,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Sterling Transformation Extender Pack for SEPA + product: IBM i Access Family cves: cve-2021-4104: investigated: false @@ -53815,7 +54194,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Sterling Transformation Extender Pack for Siebel + product: IBM i Portfolio of products under the Group SWMA cves: cve-2021-4104: investigated: false @@ -53844,7 +54223,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Sterling Transformation Extender Pack for SWIFT + product: IBM PowerHA System Mirror for i cves: cve-2021-4104: investigated: false @@ -53873,7 +54252,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Sterling Transformation Extender Packs for EDI + product: IBM Sterling Connect:Direct Browser User Interface cves: cve-2021-4104: investigated: false @@ -53902,7 +54281,39 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Sterling Transformation Extender Packs for Healthcare + product: IBM Sterling Connect:Direct File Agent + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - See Vendor Links + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ibm.com/blogs/psirt/security-bulletin-apache-log4j-vulnerability-affects-ibm-sterling-connectdirect-for-unix-cve-2021-44228/ + notes: '' + references: + - '[https://www.ibm.com/support/pages/node/6526688](https://www.ibm.com/support/pages/node/6526688), + [https://www.ibm.com/support/pages/node/6528324](https://www.ibm.com/support/pages/node/6528324), + [https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/](https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/)' + last_updated: '2021-12-20T00:00:00' + - vendor: IBM + product: IBM Sterling Connect:Direct for HP NonStop cves: cve-2021-4104: investigated: false @@ -53931,7 +54342,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Sterling Transformation Extender Trading Manager + product: IBM Sterling Connect:Direct for i5/OS cves: cve-2021-4104: investigated: false @@ -53960,7 +54371,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Storage TS1160 + product: IBM Sterling Connect:Direct for OpenVMS cves: cve-2021-4104: investigated: false @@ -53989,7 +54400,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Storage TS2280 + product: IBM Sterling Connect:Express for Microsoft Windows cves: cve-2021-4104: investigated: false @@ -54018,7 +54429,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Storage TS2900 Library + product: IBM Sterling Connect:Express for UNIX cves: cve-2021-4104: investigated: false @@ -54047,7 +54458,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Storage TS3100-TS3200 Library + product: IBM Sterling Connect:Express for z/OS cves: cve-2021-4104: investigated: false @@ -54076,7 +54487,37 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Storage TS4500 Library + product: Instana Agent + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - Timestamp lower than 12-11-2021 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://status.instana.io/incidents/4zgcd2gzf4jw + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: IBM + product: Internet Services cves: cve-2021-4104: investigated: false @@ -54105,7 +54546,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Storage Virtualization Engine TS7700 + product: Key Lifecycle Manager for z/OS cves: cve-2021-4104: investigated: false @@ -54134,7 +54575,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Tape System Library Manager + product: Key Protect cves: cve-2021-4104: investigated: false @@ -54163,7 +54604,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: TDMF for zOS + product: Knowledge Studio cves: cve-2021-4104: investigated: false @@ -54192,7 +54633,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Total Storage Service Console (TSSC) / TS4500 IMC + product: Kubernetes Service cves: cve-2021-4104: investigated: false @@ -54221,7 +54662,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Transit Gateway + product: Load Balancer for VPC cves: cve-2021-4104: investigated: false @@ -54250,7 +54691,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Tririga Anywhere + product: Log Analysis cves: cve-2021-4104: investigated: false @@ -54279,7 +54720,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: TS4300 + product: Managed VMware Service cves: cve-2021-4104: investigated: false @@ -54308,7 +54749,35 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Urbancode Deploy + product: Management Extender for VMware vCenter + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: [] + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: IBM + product: Mass Data Migration cves: cve-2021-4104: investigated: false @@ -54337,7 +54806,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Virtual Private Cloud + product: Maximo EAM SaaS cves: cve-2021-4104: investigated: false @@ -54366,7 +54835,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Virtual Server for Classic + product: Message Hub cves: cve-2021-4104: investigated: false @@ -54395,7 +54864,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Virtualization Management Interface + product: MQ Appliance cves: cve-2021-4104: investigated: false @@ -54424,7 +54893,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: VMware Solutions + product: MQ on IBM Cloud cves: cve-2021-4104: investigated: false @@ -54453,7 +54922,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: VMware vCenter Server + product: Natural Language Understanding cves: cve-2021-4104: investigated: false @@ -54482,7 +54951,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: VMware vSphere + product: OmniFind Text Search Server for DB2 for i cves: cve-2021-4104: investigated: false @@ -54511,7 +54980,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: VPN for VPC + product: OPENBMC cves: cve-2021-4104: investigated: false @@ -54540,7 +55009,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: vRealize Operations and Log Insight + product: Planning Analytics Workspace cves: cve-2021-4104: investigated: false @@ -54548,10 +55017,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: + - '>2.0.57' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ibm.com/support/pages/node/6525700 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Power HMC + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - V9.2.950.0 & V10.1.1010.0 + fixed_versions: [] + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -54563,13 +55063,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://www.ibm.com/support/pages/node/6526172?myns=pwrsmc&mynp=OCSGGSNP&mync=E&cm_sp=pwrsmc-_-OCSGGSNP-_-E notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Workload Automation + product: PowerSC cves: cve-2021-4104: investigated: false @@ -54597,8 +55097,8 @@ software: references: - '' last_updated: '2021-12-15T00:00:00' - - vendor: ICONICS - product: All + - vendor: IBM + product: PowerVM Hypervisor cves: cve-2021-4104: investigated: false @@ -54621,13 +55121,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://iconics.com/News/Press-Releases/2021/ICONICS-Not-Subject-to-Apache-Log4j-Vulnerability + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: IFS - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: PowerVM VIOS cves: cve-2021-4104: investigated: false @@ -54650,13 +55150,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.ifs.com/announcements-278/urgent-bulletin-ifs-advisory-ifs-products-services-and-log4j-cve-2021-44228-16436 + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: IGEL - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: QRadar Advisor cves: cve-2021-4104: investigated: false @@ -54679,13 +55179,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.igel.com/securitysafety/en/isn-2021-11-ums-log4j-vulnerability-54086712.html + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Ignite Realtime - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Qradar Network Threat Analytics cves: cve-2021-4104: investigated: false @@ -54708,13 +55208,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discourse.igniterealtime.org/t/openfire-4-6-5-released/91108 + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: iGrafx - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: QRadar SIEM cves: cve-2021-4104: investigated: false @@ -54737,13 +55237,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.igrafx.com/igrafx-thwarts-log4j-vulnerability/ + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Illuminated Cloud - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Quantum Services cves: cve-2021-4104: investigated: false @@ -54766,13 +55266,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://illuminatedcloud.blogspot.com/2021/12/illuminated-cloud-2-and-log4j-security.html + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Illumio - product: C-VEN + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Rational Developer for AIX and Linux cves: cve-2021-4104: investigated: false @@ -54795,13 +55295,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.illumio.com/knowledge-base/articles/Customer-Security-Advisory-on-log4j-RCE-CVE-2021-44228.html + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Illumio - product: CLI + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Rational Developer for i cves: cve-2021-4104: investigated: false @@ -54824,13 +55324,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.illumio.com/knowledge-base/articles/Customer-Security-Advisory-on-log4j-RCE-CVE-2021-44228.html + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Illumio - product: CloudSecure + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Red Hat OpenShift on IBM Cloud cves: cve-2021-4104: investigated: false @@ -54853,13 +55353,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.illumio.com/knowledge-base/articles/Customer-Security-Advisory-on-log4j-RCE-CVE-2021-44228.html + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Illumio - product: Core on-premise PCE + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Resilient cves: cve-2021-4104: investigated: false @@ -54881,14 +55381,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://support.illumio.com/knowledge-base/articles/Customer-Security-Advisory-on-log4j-RCE-CVE-2021-44228.html + vendor_links: [] notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Illumio - product: Core SaaS PCE + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: IBM + product: Robotic Process Automation cves: cve-2021-4104: investigated: false @@ -54911,13 +55410,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.illumio.com/knowledge-base/articles/Customer-Security-Advisory-on-log4j-RCE-CVE-2021-44228.html + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Illumio - product: Edge SaaS PCE + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: SAN Volume Controller and Storwize Family cves: cve-2021-4104: investigated: false @@ -54940,13 +55439,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.illumio.com/knowledge-base/articles/Customer-Security-Advisory-on-log4j-RCE-CVE-2021-44228.html + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Illumio - product: Edge-CrowdStrike + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Satellite Infrastructure Service cves: cve-2021-4104: investigated: false @@ -54969,13 +55468,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.illumio.com/knowledge-base/articles/Customer-Security-Advisory-on-log4j-RCE-CVE-2021-44228.html + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Illumio - product: Flowlink + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Schematics cves: cve-2021-4104: investigated: false @@ -54998,13 +55497,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.illumio.com/knowledge-base/articles/Customer-Security-Advisory-on-log4j-RCE-CVE-2021-44228.html + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Illumio - product: Kubelink + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Secrets Manager cves: cve-2021-4104: investigated: false @@ -55027,13 +55526,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.illumio.com/knowledge-base/articles/Customer-Security-Advisory-on-log4j-RCE-CVE-2021-44228.html + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Illumio - product: NEN + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Secure Gateway cves: cve-2021-4104: investigated: false @@ -55056,13 +55555,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.illumio.com/knowledge-base/articles/Customer-Security-Advisory-on-log4j-RCE-CVE-2021-44228.html + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Illumio - product: QRadar App + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Server Automation cves: cve-2021-4104: investigated: false @@ -55084,14 +55583,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://support.illumio.com/knowledge-base/articles/Customer-Security-Advisory-on-log4j-RCE-CVE-2021-44228.html + vendor_links: [] notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Illumio - product: Splunk App + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: IBM + product: Spectrum Archive Library Edition cves: cve-2021-4104: investigated: false @@ -55114,13 +55612,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.illumio.com/knowledge-base/articles/Customer-Security-Advisory-on-log4j-RCE-CVE-2021-44228.html + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Illumio - product: VEN + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Spectrum Discover cves: cve-2021-4104: investigated: false @@ -55143,13 +55641,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.illumio.com/knowledge-base/articles/Customer-Security-Advisory-on-log4j-RCE-CVE-2021-44228.html + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: IManage - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Spectrum Protect Client Management Service cves: cve-2021-4104: investigated: false @@ -55172,13 +55670,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.imanage.com/hc/en-us/articles/4412696236699-ADVISORY-Security-vulnerability-CVE-2021-44228-in-third-party-component-Apache-Log4j2#h_3164fa6c-4717-4aa1-b2dc-d14d4112595e + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Imperva - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: 'Spectrum Protect for Databases: Data Protection for Oracle' cves: cve-2021-4104: investigated: false @@ -55201,44 +55699,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.imperva.com/blog/how-were-protecting-customers-staying-ahead-of-cve-2021-44228/ + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Inductive Automation - product: Ignition - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://support.inductiveautomation.com/hc/en-us/articles/4416204541709-Regarding-CVE-2021-44228-Log4j-RCE-0-day - notes: Older versions of Ignition (7.8 and older) did use the Log4j library, but - they used an older version (1.2) that was not affected by this vulnerability. - references: - - '' - last_updated: '2022-01-19T00:00:00' - - vendor: IndustrialDefender - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: 'Spectrum Protect for Databases: Data Protection for SQL' cves: cve-2021-4104: investigated: false @@ -55261,13 +55728,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.industrialdefender.com/cve-2021-44228-log4j/ + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: infinidat - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Spectrum Protect for Enterprise Resource Planning cves: cve-2021-4104: investigated: false @@ -55290,13 +55757,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.infinidat.com/hc/en-us/articles/4413483145489-INFINIDAT-Support-Announcement-2021-010-Log4Shell-CVE-2021-44228 + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: InfluxData - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: 'Spectrum Protect for Mail: Data Protection for Domino' cves: cve-2021-4104: investigated: false @@ -55319,13 +55786,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.influxdata.com/blog/apache-log4j-vulnerability-cve-2021-44228/ + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Infoblox - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: 'Spectrum Protect for Mail: Data Protection for Exchange' cves: cve-2021-4104: investigated: false @@ -55348,13 +55815,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.infoblox.com/articles/Knowledge/Infoblox-NIOS-and-BloxOne-products-not-vulnerable-to-CVE-2021-44228 + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Informatica - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Spectrum Protect for Workstations cves: cve-2021-4104: investigated: false @@ -55377,13 +55844,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://network.informatica.com/community/informatica-network/blog/2021/12/10/log4j-vulnerability-update + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Instana - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Spectrum Protect for z/OS USS Client and API cves: cve-2021-4104: investigated: false @@ -55406,13 +55873,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://status.instana.io/incidents/4zgcd2gzf4jw + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Instructure - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Spectrum Protect Plus Db2 Agent cves: cve-2021-4104: investigated: false @@ -55435,13 +55902,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.canvaslms.com/t5/Community-Users/Instructure-amp-the-Apache-Log4j2-Vulnerability/ba-p/501907 + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Intel - product: Audio Development Kit + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Spectrum Protect Plus Exchange Agent cves: cve-2021-4104: investigated: false @@ -55464,13 +55931,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Intel - product: Computer Vision Annotation Tool maintained by Intel + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Spectrum Protect Plus File Systems Agent cves: cve-2021-4104: investigated: false @@ -55493,13 +55960,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Intel - product: Datacenter Manager + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Spectrum Protect Plus MongoDB Agent cves: cve-2021-4104: investigated: false @@ -55522,13 +55989,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Intel - product: Genomics Kernel Library + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Spectrum Protect Plus O365 Agent cves: cve-2021-4104: investigated: false @@ -55551,13 +56018,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Intel - product: oneAPI sample browser plugin for Eclipse + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Spectrum Protect Server cves: cve-2021-4104: investigated: false @@ -55580,13 +56047,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Intel - product: Secure Device Onboard + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Spectrum Protect Snapshot for UNIX cves: cve-2021-4104: investigated: false @@ -55609,13 +56076,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Intel - product: Sensor Solution Firmware Development Kit + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Spectrum Protect Snapshot for UNIX cves: cve-2021-4104: investigated: false @@ -55638,13 +56105,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Intel - product: System Debugger + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: SQL Query cves: cve-2021-4104: investigated: false @@ -55667,13 +56134,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Intel - product: System Studio + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Sterling Gentran cves: cve-2021-4104: investigated: false @@ -55696,13 +56163,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Internet Systems Consortium(ISC) - product: BIND 9 + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Sterling Order Management cves: cve-2021-4104: investigated: false @@ -55710,11 +56177,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -55726,13 +56192,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.isc.org/blogs/2021-log4j/ - notes: no JAVA Code + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Internet Systems Consortium(ISC) - product: ISC DHCP, aka dhcpd + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Sterling Transformation Extender Pack for ACORD cves: cve-2021-4104: investigated: false @@ -55740,11 +56206,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -55756,13 +56221,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.isc.org/blogs/2021-log4j/ - notes: no JAVA Code + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Internet Systems Consortium(ISC) - product: Kea DHCP + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Sterling Transformation Extender Pack for Financial Services cves: cve-2021-4104: investigated: false @@ -55770,11 +56235,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -55786,13 +56250,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.isc.org/blogs/2021-log4j/ - notes: no JAVA Code + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: InterSystems - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Sterling Transformation Extender Pack for FIX cves: cve-2021-4104: investigated: false @@ -55815,13 +56279,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.intersystems.com/gt/apache-log4j2/ + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Intland - product: codebeamer + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Sterling Transformation Extender Pack for NACHA cves: cve-2021-4104: investigated: false @@ -55829,10 +56293,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - <= 20.11-SP11 - - <= 21.09-SP3 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -55846,14 +56308,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://codebeamer.com/cb/wiki/19872365 - notes: A fix has been released for [20.11](https://codebeamer.com/cb/wiki/13134438) - and [21.09](https://codebeamer.com/cb/wiki/19418497), but not yet for [21.04](https://codebeamer.com/cb/wiki/16937839) + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: IPRO - product: Netgovern + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Sterling Transformation Extender Pack for PeopleSoft cves: cve-2021-4104: investigated: false @@ -55875,13 +56336,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: iRedMail - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Sterling Transformation Extender Pack for SAP R/3 cves: cve-2021-4104: investigated: false @@ -55904,13 +56366,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forum.iredmail.org/topic18605-log4j-cve202144228.html + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Ironnet - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Sterling Transformation Extender Pack for SEPA cves: cve-2021-4104: investigated: false @@ -55933,13 +56395,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ironnet.com/blog/ironnet-security-notifications-related-to-log4j-vulnerability + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: ISLONLINE - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Sterling Transformation Extender Pack for Siebel cves: cve-2021-4104: investigated: false @@ -55962,587 +56424,5840 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.islonline.com/2021/12/13/isl-online-is-not-affected-by-log4shell-vulnerability/ + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Ivanti - product: Application Control for Linux + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Sterling Transformation Extender Pack for SWIFT cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Application Control for Windows + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Sterling Transformation Extender Packs for EDI cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Automation + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Sterling Transformation Extender Packs for Healthcare cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Avalanche + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Sterling Transformation Extender Trading Manager cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 6.2.2 - - 6.3.0 to 6.3.3 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Avalanche Remote Control + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Storage TS1160 cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: CETerm (Naurtech) + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Storage TS2280 cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Cherwell Asset Management (CAM) + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Storage TS2900 Library cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Cherwell Service Management (CSM) + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Storage TS3100-TS3200 Library cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Connect Pro + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Storage TS4500 Library cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: ConnectPro (Termproxy) + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Storage Virtualization Engine TS7700 cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Credential mgr (PivD Manager) + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Tape System Library Manager cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Discovery Classic + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: TDMF for zOS cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: DSM + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Total Storage Service Console (TSSC) / TS4500 IMC cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Environment Manager + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Transit Gateway cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: GoldMine + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Tririga Anywhere cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: HEAT Classic + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: TS4300 cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: IIRIS (Neurons for IIOT) + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Urbancode Deploy cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Incapptic Connect + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Virtual Private Cloud cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Insight + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Virtual Server for Classic cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Virtualization Management Interface + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: VMware Solutions + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: VMware vCenter Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: VMware vSphere + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: VPN for VPC + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: vRealize Operations and Log Insight + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Workload Automation + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: ICONICS + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://iconics.com/News/Press-Releases/2021/ICONICS-Not-Subject-to-Apache-Log4j-Vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: IFS + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.ifs.com/announcements-278/urgent-bulletin-ifs-advisory-ifs-products-services-and-log4j-cve-2021-44228-16436 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: IGEL + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.igel.com/securitysafety/en/isn-2021-11-ums-log4j-vulnerability-54086712.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Ignite Realtime + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://discourse.igniterealtime.org/t/openfire-4-6-5-released/91108 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: iGrafx + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.igrafx.com/igrafx-thwarts-log4j-vulnerability/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Illuminated Cloud + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://illuminatedcloud.blogspot.com/2021/12/illuminated-cloud-2-and-log4j-security.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Illumio + product: C-VEN + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.illumio.com/knowledge-base/articles/Customer-Security-Advisory-on-log4j-RCE-CVE-2021-44228.html + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Illumio + product: CLI + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.illumio.com/knowledge-base/articles/Customer-Security-Advisory-on-log4j-RCE-CVE-2021-44228.html + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Illumio + product: CloudSecure + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.illumio.com/knowledge-base/articles/Customer-Security-Advisory-on-log4j-RCE-CVE-2021-44228.html + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Illumio + product: Core on-premise PCE + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.illumio.com/knowledge-base/articles/Customer-Security-Advisory-on-log4j-RCE-CVE-2021-44228.html + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Illumio + product: Core SaaS PCE + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.illumio.com/knowledge-base/articles/Customer-Security-Advisory-on-log4j-RCE-CVE-2021-44228.html + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Illumio + product: Edge SaaS PCE + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.illumio.com/knowledge-base/articles/Customer-Security-Advisory-on-log4j-RCE-CVE-2021-44228.html + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Illumio + product: Edge-CrowdStrike + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.illumio.com/knowledge-base/articles/Customer-Security-Advisory-on-log4j-RCE-CVE-2021-44228.html + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Illumio + product: Flowlink + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.illumio.com/knowledge-base/articles/Customer-Security-Advisory-on-log4j-RCE-CVE-2021-44228.html + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Illumio + product: Kubelink + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.illumio.com/knowledge-base/articles/Customer-Security-Advisory-on-log4j-RCE-CVE-2021-44228.html + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Illumio + product: NEN + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.illumio.com/knowledge-base/articles/Customer-Security-Advisory-on-log4j-RCE-CVE-2021-44228.html + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Illumio + product: QRadar App + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.illumio.com/knowledge-base/articles/Customer-Security-Advisory-on-log4j-RCE-CVE-2021-44228.html + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Illumio + product: Splunk App + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.illumio.com/knowledge-base/articles/Customer-Security-Advisory-on-log4j-RCE-CVE-2021-44228.html + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Illumio + product: VEN + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.illumio.com/knowledge-base/articles/Customer-Security-Advisory-on-log4j-RCE-CVE-2021-44228.html + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: IManage + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://help.imanage.com/hc/en-us/articles/4412696236699-ADVISORY-Security-vulnerability-CVE-2021-44228-in-third-party-component-Apache-Log4j2#h_3164fa6c-4717-4aa1-b2dc-d14d4112595e + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Imperva + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.imperva.com/blog/how-were-protecting-customers-staying-ahead-of-cve-2021-44228/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Inductive Automation + product: Ignition + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.inductiveautomation.com/hc/en-us/articles/4416204541709-Regarding-CVE-2021-44228-Log4j-RCE-0-day + notes: Older versions of Ignition (7.8 and older) did use the Log4j library, but + they used an older version (1.2) that was not affected by this vulnerability. + references: + - '' + last_updated: '2022-01-19T00:00:00' + - vendor: IndustrialDefender + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.industrialdefender.com/cve-2021-44228-log4j/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: infinidat + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.infinidat.com/hc/en-us/articles/4413483145489-INFINIDAT-Support-Announcement-2021-010-Log4Shell-CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: InfluxData + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.influxdata.com/blog/apache-log4j-vulnerability-cve-2021-44228/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Infoblox + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.infoblox.com/articles/Knowledge/Infoblox-NIOS-and-BloxOne-products-not-vulnerable-to-CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Informatica + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://network.informatica.com/community/informatica-network/blog/2021/12/10/log4j-vulnerability-update + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Instana + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://status.instana.io/incidents/4zgcd2gzf4jw + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Instructure + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.canvaslms.com/t5/Community-Users/Instructure-amp-the-Apache-Log4j2-Vulnerability/ba-p/501907 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Intel + product: Audio Development Kit + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Intel + product: Computer Vision Annotation Tool maintained by Intel + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Intel + product: Datacenter Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Intel + product: Genomics Kernel Library + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Intel + product: oneAPI sample browser plugin for Eclipse + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Intel + product: Secure Device Onboard + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Intel + product: Sensor Solution Firmware Development Kit + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Intel + product: System Debugger + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Intel + product: System Studio + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Internet Systems Consortium(ISC) + product: BIND 9 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.isc.org/blogs/2021-log4j/ + notes: no JAVA Code + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Internet Systems Consortium(ISC) + product: ISC DHCP, aka dhcpd + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.isc.org/blogs/2021-log4j/ + notes: no JAVA Code + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Internet Systems Consortium(ISC) + product: Kea DHCP + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.isc.org/blogs/2021-log4j/ + notes: no JAVA Code + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: InterSystems + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.intersystems.com/gt/apache-log4j2/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Intland + product: codebeamer + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - <= 20.11-SP11 + - <= 21.09-SP3 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://codebeamer.com/cb/wiki/19872365 + notes: A fix has been released for [20.11](https://codebeamer.com/cb/wiki/13134438) + and [21.09](https://codebeamer.com/cb/wiki/19418497), but not yet for [21.04](https://codebeamer.com/cb/wiki/16937839) + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: IPRO + product: Netgovern + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: [] + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: iRedMail + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forum.iredmail.org/topic18605-log4j-cve202144228.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Ironnet + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ironnet.com/blog/ironnet-security-notifications-related-to-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: ISLONLINE + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blog.islonline.com/2021/12/13/isl-online-is-not-affected-by-log4shell-vulnerability/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Ivanti + product: Application Control for Linux + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Application Control for Windows + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Automation + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Avalanche + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 6.2.2 + - 6.3.0 to 6.3.3 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Avalanche Remote Control + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: CETerm (Naurtech) + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Cherwell Asset Management (CAM) + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Cherwell Service Management (CSM) + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Connect Pro + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: ConnectPro (Termproxy) + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Credential mgr (PivD Manager) + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Discovery Classic + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: DSM + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Environment Manager + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: GoldMine + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: HEAT Classic + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: IIRIS (Neurons for IIOT) + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Incapptic Connect + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Insight + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: ITSM 6/7 + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti Asset Lifecycle Management + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti Device Application Control + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti Endpoint Manager + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti Endpoint Security + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti Environment Manager + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti EPM - Cloud Service Appliance + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti File Director + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 2019.1.* + - 2020.1.* + - 2020.3.* + - 2021.1.* + - 4.4.* + fixed_versions: + - 2021.3 HF2 + - 2021.1 HF1 + - 2020.3 HF2 + unaffected_versions: [] + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti Identity Director + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti License Optimizer (ILO) + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti Management Center + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti Neurons Platform + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti Performance Manager + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti Security Controls (Patch ISec) + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: See More INFO for Ivanti Security Controls (Patch ISec) in the Advisory + Page + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti Service Desk + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: Not Affected. Java is no longer required since version 2018.3U3 Customers + on older versions can uninstall JRE on their ISD Servers for mitigation. This + will disable indexing of Attachments and Documents for full-text search. + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti Service Manager + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti Service Manager for Neurons (Cloud) + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti Voice + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti Workspace Control + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: MI Appconnect + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: MI Email+ + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: MI Go Client + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: MI MobileAtWork + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: MI Security Productivity Apps + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Mi Tunnel App + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: MobileIron Access ZSO + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - All + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: Mitigated. No Impact + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: MobileIron BYOD Portal + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: MobileIron Cloud + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: MobileIron Cloud Connector + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: MobileIron Core + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - All + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: See Advisory details for mitigation instructions for MobileIron Core. + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: MobileIron Core Connector + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - All + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: See Advisory details for mitigation instructions for MobileIron Core Connector. + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: MobileIron Sentry (Core/Cloud) + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '9.13' + - '9.14' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: See Advisory details for mitigation instructions for MobileIron Sentry. + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Patch MEM (Microsoft Endpoint Manager) + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Patch OEM APIs + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Performance Manager + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Pulse Connect Secure + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Pulse Desktop Client + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Pulse Mobile Client + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Pulse One + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Pulse Policy Secure + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Pulse Services Director + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Pulse Virtual Traffic Manager + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Pulse Web Application Firewall + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Pulse ZTA + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Risksense Threat and Vulnerability Management + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: SpeakEasy (add-on to Velocity) + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: SpeakEasy (WinCE) + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Terminal Emulation and Industrial Browser + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Velocity + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: VelocityCE + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Virtual Desktop Extender + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Wavelink License Server + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Xtraction + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Jamasoftware + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.jamasoftware.com/communities/community-home/digestviewer/viewthread?MessageKey=06d26f9c-2abe-4c10-93d4-c0f6c8a01b22&CommunityKey=c9d20d4c-5bb6-4f19-92eb-e7cee0942d51&tab=digestviewer#bm06d26f9c-2abe-4c10-93d4-c0f6c8a01b22 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Jamf + product: Jamf Cloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Jamf + product: Jamf Connect + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Jamf + product: Jamf Data Policy + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Jamf + product: Jamf Health Care Listener + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Jamf + product: Jamf Infrastructure Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Jamf + product: Jamf Now + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Jamf + product: Jamf Private Access + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Jamf + product: Jamf Pro (On-Prem) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 10.34.1 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Jamf + product: Jamf Protect + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Jamf + product: Jamf School + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Jamf + product: Jamf Threat Defense + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Janitza + product: GridVis + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 8.0.82 + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.janitza.com/us/gridvis-download.html + notes: '' + references: + - '' + last_updated: '2022-01-05T00:00:00' + - vendor: Jaspersoft + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.jaspersoft.com/wiki/apache-log4j-vulnerability-update-jaspersoft-products + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Java Melody + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 1.90.0 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://github.com/javamelody/javamelody/wiki/ReleaseNotes + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Jedox + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.jedox.com/en/trust/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Jenkins + product: CI + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.jenkins.io/blog/2021/12/10/log4j2-rce-CVE-2021-44228/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Jenkins + product: CI/CD Core + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.jenkins.io/blog/2021/12/10/log4j2-rce-CVE-2021-44228/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Jenkins + product: Plugins + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.jenkins.io/blog/2021/12/10/log4j2-rce-CVE-2021-44228/ + notes: '' + references: + - '[Instructions to test your installations in announcement](https://www.jenkins.io/blog/2021/12/10/log4j2-rce-CVE-2021-44228/)' + last_updated: '2021-12-16T00:00:00' + - vendor: JetBrains + product: All .NET tools (ReSharper, Rider, ReSharper C++, dotTrace, dotMemory, + dotCover, dotPeek) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Jetbrains + product: Code With Me + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: JetBrains + product: Datalore + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: JetBrains + product: Floating License Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '30241' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: JetBrains + product: Gateway + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: JetBrains + product: Hub + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 2021.1.14080 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blog.jetbrains.com/hub/2021/12/14/hub-update-regarding-log4j2-vulnerability/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: JetBrains + product: IntelliJ platform based IDEs (AppCode, CLion, DataGrip, DataSpell, GoLand, + IntelliJ IDEA Ultimate/Community/Edu, PhpStorm, PyCharm Professional/Community/Edu, + Rider, RubyMine, WebStorm) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: JetBrains + product: Kotlin + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: JetBrains + product: Ktor + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: JetBrains + product: MPS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: JetBrains + product: Space + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: JetBrains + product: TeamCity + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://youtrack.jetbrains.com/issue/TW-74298 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: JetBrains + product: ToolBox + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: JetBrains + product: UpSource + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 2020.1.1952 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: JetBrains + product: YouTrack InCloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: JetBrains + product: YouTrack Standalone + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 2021.4.35970 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blog.jetbrains.com/youtrack/2021/12/youtrack-update-regarding-log4j2-vulnerability/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: JFrog + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://jfrog.com/knowledge-base/general-jfrog-services-are-not-affected-by-vulnerability-cve-2021-44228/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: JGraph + product: DrawIO + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://github.com/jgraph/drawio/issues/2490 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Jitsi + product: jitsi-videobridge + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - v2.1-595-g3637fda42 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://github.com/jitsi/security-advisories/blob/4e1ab58585a8a0593efccce77d5d0e22c5338605/advisories/JSA-2021-0004.md + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Jitterbit + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://success.jitterbit.com/display/DOC/Mitigating+the+Apache+Log4j2+JNDI+Vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Johnson Controls + product: Athena + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: BCPro + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: CEM AC2000 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: CEM Hardware Products + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: CK721-A (P2000) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: CloudVue Gateway + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: CloudVue Web + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: Connect24 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: Connected Equipment Gateway (CEG) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: C•CURE Client + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: C•CURE Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: C•CURE Web + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: ITSM 6/7 + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: C•CURE-9000 cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -56551,28 +62266,31 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - 2.90.x + - 2.80.x + - 2.70.x + - 2.60.x cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Ivanti Asset Lifecycle Management + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: DataSource cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -56583,26 +62301,26 @@ software: unaffected_versions: - All cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Ivanti Device Application Control + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: DLS cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -56611,28 +62329,28 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - All versions cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Ivanti Endpoint Manager + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: Entrapass cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -56643,26 +62361,26 @@ software: unaffected_versions: - All cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Ivanti Endpoint Security + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: exacqVision Client cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -56673,26 +62391,26 @@ software: unaffected_versions: - All cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Ivanti Environment Manager + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: exacqVision Server cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -56703,26 +62421,26 @@ software: unaffected_versions: - All cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Ivanti EPM - Cloud Service Appliance + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: exacqVision WebService cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -56733,63 +62451,86 @@ software: unaffected_versions: - All cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Ivanti File Director + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: Facility Explorer cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 2019.1.* - - 2020.1.* - - 2020.3.* - - 2021.1.* - - 4.4.* - fixed_versions: - - 2021.3 HF2 - - 2021.1 HF1 - - 2020.3 HF2 + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 14.x + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: Illustra Cameras + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Ivanti Identity Director + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: Illustra Insight cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -56800,26 +62541,26 @@ software: unaffected_versions: - All cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Ivanti License Optimizer (ILO) + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: iSTAR cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -56830,26 +62571,26 @@ software: unaffected_versions: - All cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Ivanti Management Center + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: Kantech Entrapass cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -56860,26 +62601,56 @@ software: unaffected_versions: - All cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Ivanti Neurons Platform + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: Metasys Products and Tools cves: cve-2021-4104: - investigated: '' + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All versions + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: OpenBlue Active Responder + cves: + cve-2021-4104: + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -56890,26 +62661,26 @@ software: unaffected_versions: - All cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Ivanti Performance Manager + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: OpenBlue Bridge cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -56920,26 +62691,26 @@ software: unaffected_versions: - All cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Ivanti Security Controls (Patch ISec) + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: OpenBlue Chiller Utility Plant Optimizer cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -56950,27 +62721,26 @@ software: unaffected_versions: - All cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US - notes: See More INFO for Ivanti Security Controls (Patch ISec) in the Advisory - Page + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Ivanti Service Desk + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: OpenBlue Cloud cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -56981,28 +62751,26 @@ software: unaffected_versions: - All cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US - notes: Not Affected. Java is no longer required since version 2018.3U3 Customers - on older versions can uninstall JRE on their ISD Servers for mitigation. This - will disable indexing of Attachments and Documents for full-text search. + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Ivanti Service Manager + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: OpenBlue Connected Chiller cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -57013,26 +62781,26 @@ software: unaffected_versions: - All cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Ivanti Service Manager for Neurons (Cloud) + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: OpenBlue Enterprise Manager cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -57043,26 +62811,26 @@ software: unaffected_versions: - All cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Ivanti Voice + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: OpenBlue Location Manager cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -57073,26 +62841,26 @@ software: unaffected_versions: - All cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Ivanti Workspace Control + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: OpenBlue Risk Insight cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -57103,26 +62871,26 @@ software: unaffected_versions: - All cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: MI Appconnect + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: OpenBlue Twin cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -57133,26 +62901,26 @@ software: unaffected_versions: - All cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: MI Email+ + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: OpenBlue Workplace cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -57163,26 +62931,26 @@ software: unaffected_versions: - All cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: MI Go Client + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: P2000 cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -57193,26 +62961,26 @@ software: unaffected_versions: - All cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: MI MobileAtWork + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: PowerSeries NEO cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -57223,26 +62991,26 @@ software: unaffected_versions: - All cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: MI Security Productivity Apps + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: PowerSeries Pro cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -57253,26 +63021,26 @@ software: unaffected_versions: - All cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Mi Tunnel App + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: Qolsys IQ Panels cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -57283,56 +63051,86 @@ software: unaffected_versions: - All cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: MobileIron Access ZSO + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: RFID Overhead360 Backend cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: + affected_versions: [] + fixed_versions: - All + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: S321-IP (P2000) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US - notes: Mitigated. No Impact + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: MobileIron BYOD Portal + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: Shoppertrak Analytics (STaN) - Traffic cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -57343,26 +63141,26 @@ software: unaffected_versions: - All cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: MobileIron Cloud + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: Shoppertrak Market Intelligence cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -57373,26 +63171,26 @@ software: unaffected_versions: - All cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: MobileIron Cloud Connector + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: Shoppertrak Perimeter Apps cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -57403,117 +63201,116 @@ software: unaffected_versions: - All cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: MobileIron Core + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: Shoppertrak Shopper Journey cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - All + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US - notes: See Advisory details for mitigation instructions for MobileIron Core. + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: MobileIron Core Connector + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: Shoppertrak Video Analytics cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - All + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US - notes: See Advisory details for mitigation instructions for MobileIron Core Connector. + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: MobileIron Sentry (Core/Cloud) + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: Sur‐Gard Receivers cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '9.13' - - '9.14' + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US - notes: See Advisory details for mitigation instructions for MobileIron Sentry. + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Patch MEM (Microsoft Endpoint Manager) + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: TrueVue Cloud cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -57524,26 +63321,26 @@ software: unaffected_versions: - All cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Patch OEM APIs + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: Tyco AI cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -57552,28 +63349,28 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - All versions cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Performance Manager + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: victor cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -57582,28 +63379,28 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - 5.x cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Pulse Connect Secure + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: victor/ C•CURE‐9000 Unified cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -57612,28 +63409,29 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - 3.81.x / victor 5.4.1 / C•CURE‐9000 2.80 and 3.91.x / victor 5.6.1 / C•CURE‐9000 + 2.90 cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Pulse Desktop Client + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: VideoEdge cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -57642,28 +63440,28 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - 5.x cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Pulse Mobile Client + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: Xaap cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -57674,56 +63472,55 @@ software: unaffected_versions: - All cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Pulse One + last_updated: '2021-12-21T00:00:00' + - vendor: Journyx + product: All cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://community.journyx.com/support/solutions/articles/9000209044-apache-log4j-2-vulnerability-cve-2021-44228- notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Pulse Policy Secure + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: jPOS + product: (ISO-8583) bridge cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -57732,58 +63529,57 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://github.com/jpos/jPOS/commit/d615199a1bdd35c35d63c07c10fd0bdbbc96f625 notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Pulse Services Director + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Jump Desktop + product: All cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://support.jumpdesktop.com/hc/en-us/articles/4416720395021-Log4j-CVE-2021-44228-CVE-2021-45046-Statement notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Pulse Virtual Traffic Manager + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Advanced Threat Prevention (JATP) cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -57792,28 +63588,28 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Pulse Web Application Firewall + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: AppFormix cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -57822,28 +63618,28 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Pulse ZTA + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Apstra System cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -57852,28 +63648,28 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Risksense Threat and Vulnerability Management + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Apstra System cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -57882,28 +63678,28 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: SpeakEasy (add-on to Velocity) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Connectivity Services Director cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -57912,28 +63708,28 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: SpeakEasy (WinCE) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Contrail Analytics cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -57942,28 +63738,28 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Terminal Emulation and Industrial Browser + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Contrail Cloud cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -57972,28 +63768,28 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Velocity + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Contrail Networking cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -58002,28 +63798,28 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: VelocityCE + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Contrail Service Orchestration cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -58032,28 +63828,28 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Virtual Desktop Extender + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Cross Provisioning Platform cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -58061,29 +63857,28 @@ software: investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Wavelink License Server + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: CTPOS and CTPView cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -58092,28 +63887,28 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Xtraction + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: ICEAAA Manager cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -58122,25 +63917,25 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Jamasoftware - product: All + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: JATP Cloud cves: cve-2021-4104: investigated: false @@ -58148,10 +63943,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -58163,13 +63959,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.jamasoftware.com/communities/community-home/digestviewer/viewthread?MessageKey=06d26f9c-2abe-4c10-93d4-c0f6c8a01b22&CommunityKey=c9d20d4c-5bb6-4f19-92eb-e7cee0942d51&tab=digestviewer#bm06d26f9c-2abe-4c10-93d4-c0f6c8a01b22 + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Jamf - product: Jamf Cloud + - vendor: Juniper Networks + product: Juniper Identity Management Services (JIMS) cves: cve-2021-4104: investigated: false @@ -58179,8 +63975,7 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - '' + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -58193,13 +63988,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Jamf - product: Jamf Connect + - vendor: Juniper Networks + product: Juniper Mist Edge cves: cve-2021-4104: investigated: false @@ -58223,13 +64018,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Jamf - product: Jamf Data Policy + - vendor: Juniper Networks + product: Juniper Sky Enterprise cves: cve-2021-4104: investigated: false @@ -58253,13 +64048,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Jamf - product: Jamf Health Care Listener + - vendor: Juniper Networks + product: Junos OS cves: cve-2021-4104: investigated: false @@ -58283,13 +64078,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Jamf - product: Jamf Infrastructure Manager + - vendor: Juniper Networks + product: Junos OS Evolved cves: cve-2021-4104: investigated: false @@ -58313,13 +64108,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Jamf - product: Jamf Now + - vendor: Juniper Networks + product: Junos Space Network Management Platform cves: cve-2021-4104: investigated: false @@ -58328,10 +64123,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: + affected_versions: - '' + fixed_versions: [] + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -58343,13 +64138,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Jamf - product: Jamf Private Access + - vendor: Juniper Networks + product: MIST - Juniper Networks Marvis Virtual Network Assistant (VNA) cves: cve-2021-4104: investigated: false @@ -58373,13 +64168,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Jamf - product: Jamf Pro (On-Prem) + - vendor: Juniper Networks + product: MIST - Juniper Networks Mist AI cves: cve-2021-4104: investigated: false @@ -58389,9 +64184,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - 10.34.1 - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -58403,13 +64198,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Jamf - product: Jamf Protect + - vendor: Juniper Networks + product: MIST - Juniper Networks Wi-Fi Assurance cves: cve-2021-4104: investigated: false @@ -58433,13 +64228,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Jamf - product: Jamf School + - vendor: Juniper Networks + product: MIST - Juniper Networks Wired Assurance cves: cve-2021-4104: investigated: false @@ -58463,13 +64258,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Jamf - product: Jamf Threat Defense + - vendor: Juniper Networks + product: Mist Access Points cves: cve-2021-4104: investigated: false @@ -58481,7 +64276,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - Any version on AP12, AP21, AP32, AP33, AP34, AP41, AP43, AP45, AP61, AP63 cve-2021-45046: investigated: false affected_versions: [] @@ -58493,13 +64288,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Janitza - product: GridVis + - vendor: Juniper Networks + product: Network Director cves: cve-2021-4104: investigated: false @@ -58511,7 +64306,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 8.0.82 + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -58523,13 +64318,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.janitza.com/us/gridvis-download.html + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Jaspersoft - product: All + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Northstar Controller cves: cve-2021-4104: investigated: false @@ -58537,8 +64332,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -58552,13 +64348,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.jaspersoft.com/wiki/apache-log4j-vulnerability-update-jaspersoft-products + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Java Melody - product: All + - vendor: Juniper Networks + product: Northstar Planner cves: cve-2021-4104: investigated: false @@ -58568,8 +64364,7 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - 1.90.0 + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -58582,13 +64377,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://github.com/javamelody/javamelody/wiki/ReleaseNotes + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Jedox - product: All + - vendor: Juniper Networks + product: Paragon Insights cves: cve-2021-4104: investigated: false @@ -58596,8 +64391,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '>= 21 version 21.1 ; >= 22 version 22.2' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -58611,13 +64407,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.jedox.com/en/trust/ + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Jenkins - product: CI + - vendor: Juniper Networks + product: Paragon Pathfinder cves: cve-2021-4104: investigated: false @@ -58626,10 +64422,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - '>= 21 version 21.1 ; >= 22 version 22.2' fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -58641,13 +64437,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.jenkins.io/blog/2021/12/10/log4j2-rce-CVE-2021-44228/ + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Jenkins - product: CI/CD Core + - vendor: Juniper Networks + product: Paragon Planner cves: cve-2021-4104: investigated: false @@ -58656,10 +64452,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - '>= 21 version 21.1 ; >= 22 version 22.2' fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -58671,13 +64467,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.jenkins.io/blog/2021/12/10/log4j2-rce-CVE-2021-44228/ + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Jenkins - product: Plugins + - vendor: Juniper Networks + product: Policy Enforcer cves: cve-2021-4104: investigated: false @@ -58685,10 +64481,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -58700,14 +64497,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.jenkins.io/blog/2021/12/10/log4j2-rce-CVE-2021-44228/ + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 notes: '' references: - - '[Instructions to test your installations in announcement](https://www.jenkins.io/blog/2021/12/10/log4j2-rce-CVE-2021-44228/)' - last_updated: '2021-12-16T00:00:00' - - vendor: JetBrains - product: All .NET tools (ReSharper, Rider, ReSharper C++, dotTrace, dotMemory, - dotCover, dotPeek) + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Products using Wind River Linux in Junos OS and Junos OS Evolved cves: cve-2021-4104: investigated: false @@ -58731,13 +64527,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Jetbrains - product: Code With Me + - vendor: Juniper Networks + product: ScreenOS cves: cve-2021-4104: investigated: false @@ -58747,9 +64543,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: + fixed_versions: [] + unaffected_versions: - '' - unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -58761,13 +64557,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: JetBrains - product: Datalore + - vendor: Juniper Networks + product: SecIntel cves: cve-2021-4104: investigated: false @@ -58791,13 +64587,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: JetBrains - product: Floating License Server + - vendor: Juniper Networks + product: Secure Analytics cves: cve-2021-4104: investigated: false @@ -58807,8 +64603,7 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - '30241' + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -58821,13 +64616,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: JetBrains - product: Gateway + - vendor: Juniper Networks + product: Security Director cves: cve-2021-4104: investigated: false @@ -58851,13 +64646,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: JetBrains - product: Hub + - vendor: Juniper Networks + product: Security Director Insights cves: cve-2021-4104: investigated: false @@ -58867,9 +64662,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - 2021.1.14080 - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -58881,15 +64676,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.jetbrains.com/hub/2021/12/14/hub-update-regarding-log4j2-vulnerability/ + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: JetBrains - product: IntelliJ platform based IDEs (AppCode, CLion, DataGrip, DataSpell, GoLand, - IntelliJ IDEA Ultimate/Community/Edu, PhpStorm, PyCharm Professional/Community/Edu, - Rider, RubyMine, WebStorm) + - vendor: Juniper Networks + product: Session Smart Router (Formerly 128T) cves: cve-2021-4104: investigated: false @@ -58913,13 +64706,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: JetBrains - product: Kotlin + - vendor: Juniper Networks + product: Space SDK cves: cve-2021-4104: investigated: false @@ -58943,13 +64736,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: JetBrains - product: Ktor + - vendor: Juniper Networks + product: Standalone Log Collector 20.1 (as also used by Space Security Director) cves: cve-2021-4104: investigated: false @@ -58973,13 +64766,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: JetBrains - product: MPS + - vendor: Juniper Networks + product: User Engagement Virtual BLE cves: cve-2021-4104: investigated: false @@ -59003,13 +64796,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: JetBrains - product: Space + - vendor: Justice Systems + product: All cves: cve-2021-4104: investigated: false @@ -59017,11 +64810,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -59033,13 +64825,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + - https://www.justicesystems.com/services/support/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: JetBrains - product: TeamCity + - vendor: K15t + product: All cves: cve-2021-4104: investigated: false @@ -59047,11 +64839,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -59063,13 +64854,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://youtrack.jetbrains.com/issue/TW-74298 + - https://help.k15t.com/k15t-apps-and-log4shell-193401141.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: JetBrains - product: ToolBox + - vendor: K6 + product: All cves: cve-2021-4104: investigated: false @@ -59077,11 +64868,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -59093,13 +64883,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + - https://k6.io/blog/k6-products-not-impacted-by-cve-2021-44228/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: JetBrains - product: UpSource + - vendor: Kaltura + product: Blackboard Learn SaaS in the classic Learn experience cves: cve-2021-4104: investigated: false @@ -59110,7 +64900,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - 2020.1.1952 + - v3900.28.x unaffected_versions: [] cve-2021-45046: investigated: false @@ -59123,13 +64913,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + - https://knowledge.kaltura.com/help/blackboard-learn-release-notes#blackboard-learn-december-2021-release-notes-v5412 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: JetBrains - product: YouTrack InCloud + last_updated: '2021-12-23T07:18:50+00:00' + - vendor: Kaltura + product: Blackboard Learn Self- and Managed-Hosting cves: cve-2021-4104: investigated: false @@ -59140,7 +64930,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '' + - v3900.26.x unaffected_versions: [] cve-2021-45046: investigated: false @@ -59153,13 +64943,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + - https://knowledge.kaltura.com/help/blackboard-learn-release-notes#blackboard-learn-december-2021-release-notes-v5412 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: JetBrains - product: YouTrack Standalone + last_updated: '2021-12-23T07:18:50+00:00' + - vendor: Karakun + product: All cves: cve-2021-4104: investigated: false @@ -59167,10 +64957,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - 2021.4.35970 + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -59183,13 +64972,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.jetbrains.com/youtrack/2021/12/youtrack-update-regarding-log4j2-vulnerability/ + - https://board.karakun.com/viewtopic.php?f=21&t=8351 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: JFrog - product: All + - vendor: Kaseya + product: AuthAnvil cves: cve-2021-4104: investigated: false @@ -59213,13 +65002,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://jfrog.com/knowledge-base/general-jfrog-services-are-not-affected-by-vulnerability-cve-2021-44228/ + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: JGraph - product: DrawIO + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: BMS cves: cve-2021-4104: investigated: false @@ -59231,7 +65020,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -59243,13 +65032,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://github.com/jgraph/drawio/issues/2490 + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Jitsi - product: jitsi-videobridge + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: ID Agent DarkWeb ID and BullPhish ID cves: cve-2021-4104: investigated: false @@ -59259,38 +65048,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - v2.1-595-g3637fda42 - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://github.com/jitsi/security-advisories/blob/4e1ab58585a8a0593efccce77d5d0e22c5338605/advisories/JSA-2021-0004.md - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Jitterbit - product: All - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -59302,13 +65062,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://success.jitterbit.com/display/DOC/Mitigating+the+Apache+Log4j2+JNDI+Vulnerability + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Johnson Controls - product: Athena + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: IT Glue cves: cve-2021-4104: investigated: false @@ -59320,7 +65080,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -59332,13 +65092,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: BCPro + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: MyGlue cves: cve-2021-4104: investigated: false @@ -59350,7 +65110,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -59362,13 +65122,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: CEM AC2000 + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: Network Glue cves: cve-2021-4104: investigated: false @@ -59380,7 +65140,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -59392,13 +65152,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: CEM Hardware Products + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: Passly cves: cve-2021-4104: investigated: false @@ -59410,7 +65170,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -59422,13 +65182,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: CK721-A (P2000) + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: RocketCyber cves: cve-2021-4104: investigated: false @@ -59440,7 +65200,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -59452,13 +65212,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: CloudVue Gateway + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: Spannign Salesforce Backup cves: cve-2021-4104: investigated: false @@ -59470,7 +65230,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -59482,13 +65242,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: CloudVue Web + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: Spanning O365 Backup cves: cve-2021-4104: investigated: false @@ -59500,7 +65260,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -59512,13 +65272,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: Connect24 + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: Unitrends cves: cve-2021-4104: investigated: false @@ -59530,7 +65290,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -59542,13 +65302,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: Connected Equipment Gateway (CEG) + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: Vorex cves: cve-2021-4104: investigated: false @@ -59560,7 +65320,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -59572,13 +65332,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: C•CURE Client + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: VSA SaaS and VSA On-Premises cves: cve-2021-4104: investigated: false @@ -59590,7 +65350,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -59602,13 +65362,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: C•CURE Server + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: KeePass + product: All cves: cve-2021-4104: investigated: false @@ -59632,13 +65392,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://sourceforge.net/p/keepass/discussion/329220/thread/4643c5ec4f/?limit=250 notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: C•CURE Web + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Keeper + product: All cves: cve-2021-4104: investigated: false @@ -59648,9 +65408,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -59662,13 +65422,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://www.keepersecurity.com/blog/2021/12/15/public-notice-regarding-the-apache-foundation-log4j-vulnerability/ notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: C•CURE-9000 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Kemp + product: All cves: cve-2021-4104: investigated: false @@ -59676,14 +65436,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - 2.90.x - - 2.80.x - - 2.70.x - - 2.60.x + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -59695,13 +65451,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://support.kemptechnologies.com/hc/en-us/articles/4416430695437-CVE-2021-44228-Log4j2-Exploit notes: '' references: - - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: DataSource + - '[Additional Link](https://support.kemptechnologies.com/hc/en-us/articles/4416473820045-Progress-Kemp-LoadMaster-protects-from-security-vulnerability-Apache-Log4j-2-CVE-2021-44228-)' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Keycloak + product: All cves: cve-2021-4104: investigated: false @@ -59725,13 +65481,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://github.com/keycloak/keycloak/discussions/9078 notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: DLS + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Kofax + product: Capture cves: cve-2021-4104: investigated: false @@ -59743,7 +65499,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - All cve-2021-45046: investigated: false affected_versions: [] @@ -59755,13 +65511,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://knowledge.kofax.com/Capture/Kofax_Capture/Reference/Log4J_Vulnerability_CVE-2021-44228_Does_Not_Affect_Kofax_Capture notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: Entrapass + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Kofax + product: Communication Manager cves: cve-2021-4104: investigated: false @@ -59771,9 +65527,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All + fixed_versions: + - 5.3 - 5.5 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -59785,13 +65541,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://knowledge.kofax.com/Communications_Manager/Troubleshooting/log4j_vulnerability_in_Kofax_Communications_Manager notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: exacqVision Client + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Kofax + product: Robot File System (RFS) cves: cve-2021-4104: investigated: false @@ -59801,9 +65557,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All + fixed_versions: + - '>=10.7' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -59815,13 +65571,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://knowledge.kofax.com/Robotic_Process_Automation/Troubleshooting notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: exacqVision Server + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Kofax + product: Robotic Process Automation (RPA) cves: cve-2021-4104: investigated: false @@ -59831,9 +65587,10 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All + fixed_versions: + - '11.1' + - '11.2' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -59845,13 +65602,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://knowledge.kofax.com/Robotic_Process_Automation/Troubleshooting notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: exacqVision WebService + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Konica Minolta + product: All cves: cve-2021-4104: investigated: false @@ -59859,11 +65616,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -59875,13 +65631,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://www.konicaminolta.de/de-de/support/log4j notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: Facility Explorer + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Kronos UKG + product: All cves: cve-2021-4104: investigated: false @@ -59889,11 +65645,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - 14.x + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -59905,13 +65660,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://community.kronos.com/s/feed/0D54M00004wJKHiSAO?language=en_US notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: Illustra Cameras + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Kyberna + product: All cves: cve-2021-4104: investigated: false @@ -59919,11 +65674,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -59935,13 +65689,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://www.kyberna.com/detail/log4j-sicherheitsluecke notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: Illustra Insight + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: L-Soft + product: '' cves: cve-2021-4104: investigated: false @@ -59949,11 +65703,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -59965,13 +65718,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - http://www.lsoft.com/news/log4jinfo.asp notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: iSTAR + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: L3Harris Geospatial + product: '' cves: cve-2021-4104: investigated: false @@ -59979,11 +65732,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -59995,13 +65747,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://www.l3harrisgeospatial.com/Support/Self-Help-Tools/Help-Articles/Help-Articles-Detail/ArtMID/10220/ArticleID/24141/Impact-of-Log4j-Java-Security-Vulnerability-CVE-2021-44228-on-L3Harris-Geospatial-software notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: Kantech Entrapass + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Lancom Systems + product: '' cves: cve-2021-4104: investigated: false @@ -60009,11 +65761,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -60025,13 +65776,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://www.lancom-systems.com/service-support/instant-help/general-security-information/ notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: Metasys Products and Tools + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Lansweeper + product: '' cves: cve-2021-4104: investigated: false @@ -60039,11 +65790,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All versions + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -60055,13 +65805,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://www.lansweeper.com/vulnerability/critical-log4j-vulnerability-affects-millions-of-applications/ notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: OpenBlue Active Responder + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Laserfiche + product: '' cves: cve-2021-4104: investigated: false @@ -60069,11 +65819,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -60085,13 +65834,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://answers.laserfiche.com/questions/194037/Do-any-Laserfiche-products-use-the-Apache-log4j-library#194038 notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: OpenBlue Bridge + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: LastPass + product: '' cves: cve-2021-4104: investigated: false @@ -60099,11 +65848,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -60115,13 +65863,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://support.logmeininc.com/lastpass/help/log4j-vulnerability-faq-for-lastpass-universal-proxy notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: OpenBlue Chiller Utility Plant Optimizer + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: LaunchDarkly + product: '' cves: cve-2021-4104: investigated: false @@ -60129,11 +65877,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -60145,13 +65892,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://launchdarkly.com/blog/audit-shows-systems-unaffected-by-log4j/ notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: OpenBlue Cloud + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Leanix + product: '' cves: cve-2021-4104: investigated: false @@ -60159,11 +65906,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -60175,13 +65921,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://www.leanix.net/en/blog/log4j-vulnerability-log4shell notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: OpenBlue Connected Chiller + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Leica BIOSYSTEMS + product: Aperio AT2 cves: cve-2021-4104: investigated: false @@ -60189,11 +65935,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -60205,13 +65950,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://www.leicabiosystems.com/about/product-security/ notes: '' references: - '' last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: OpenBlue Enterprise Manager + - vendor: Leica BIOSYSTEMS + product: Aperio AT2 DX cves: cve-2021-4104: investigated: false @@ -60219,11 +65964,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -60235,13 +65979,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://www.leicabiosystems.com/about/product-security/ notes: '' references: - '' last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: OpenBlue Location Manager + - vendor: Leica BIOSYSTEMS + product: Aperio CS2 cves: cve-2021-4104: investigated: false @@ -60249,11 +65993,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -60265,13 +66008,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://www.leicabiosystems.com/about/product-security/ notes: '' references: - '' last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: OpenBlue Risk Insight + - vendor: Leica BIOSYSTEMS + product: Aperio eSlide Manager cves: cve-2021-4104: investigated: false @@ -60279,11 +66022,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -60295,13 +66037,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://www.leicabiosystems.com/about/product-security/ notes: '' references: - '' last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: OpenBlue Twin + - vendor: Leica BIOSYSTEMS + product: Aperio GT 450 cves: cve-2021-4104: investigated: false @@ -60309,11 +66051,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -60325,13 +66066,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://www.leicabiosystems.com/about/product-security/ notes: '' references: - '' last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: OpenBlue Workplace + - vendor: Leica BIOSYSTEMS + product: Aperio GT 450 DX cves: cve-2021-4104: investigated: false @@ -60339,11 +66080,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -60355,13 +66095,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://www.leicabiosystems.com/about/product-security/ notes: '' references: - '' last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: P2000 + - vendor: Leica BIOSYSTEMS + product: Aperio ImageScope cves: cve-2021-4104: investigated: false @@ -60369,11 +66109,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -60385,13 +66124,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://www.leicabiosystems.com/about/product-security/ notes: '' references: - '' last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: PowerSeries NEO + - vendor: Leica BIOSYSTEMS + product: Aperio ImageScope DX cves: cve-2021-4104: investigated: false @@ -60399,11 +66138,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -60415,13 +66153,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://www.leicabiosystems.com/about/product-security/ notes: '' references: - '' last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: PowerSeries Pro + - vendor: Leica BIOSYSTEMS + product: Aperio LV1 cves: cve-2021-4104: investigated: false @@ -60429,11 +66167,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -60445,13 +66182,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://www.leicabiosystems.com/about/product-security/ notes: '' references: - '' last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: Qolsys IQ Panels + - vendor: Leica BIOSYSTEMS + product: Aperio SAM DX Server For GT 450 DX cves: cve-2021-4104: investigated: false @@ -60459,11 +66196,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -60475,13 +66211,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://www.leicabiosystems.com/about/product-security/ notes: '' references: - '' last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: RFID Overhead360 Backend + - vendor: Leica BIOSYSTEMS + product: Aperio Scanner Administration Manager (SAM) Server for GT 450 cves: cve-2021-4104: investigated: false @@ -60489,10 +66225,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - All + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -60505,13 +66240,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://www.leicabiosystems.com/about/product-security/ notes: '' references: - '' last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: S321-IP (P2000) + - vendor: Leica BIOSYSTEMS + product: Aperio VERSA cves: cve-2021-4104: investigated: false @@ -60519,11 +66254,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -60535,13 +66269,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://www.leicabiosystems.com/about/product-security/ notes: '' references: - '' last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: Shoppertrak Analytics (STaN) - Traffic + - vendor: Leica BIOSYSTEMS + product: Aperio WebViewer DX cves: cve-2021-4104: investigated: false @@ -60549,11 +66283,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -60565,13 +66298,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://www.leicabiosystems.com/about/product-security/ notes: '' references: - '' last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: Shoppertrak Market Intelligence + - vendor: Leica BIOSYSTEMS + product: BOND Controller cves: cve-2021-4104: investigated: false @@ -60579,11 +66312,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -60595,13 +66327,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://www.leicabiosystems.com/about/product-security/ notes: '' references: - '' last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: Shoppertrak Perimeter Apps + - vendor: Leica BIOSYSTEMS + product: BOND RX cves: cve-2021-4104: investigated: false @@ -60609,11 +66341,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -60625,13 +66356,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://www.leicabiosystems.com/about/product-security/ notes: '' references: - '' last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: Shoppertrak Shopper Journey + - vendor: Leica BIOSYSTEMS + product: BOND RXm cves: cve-2021-4104: investigated: false @@ -60639,11 +66370,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -60655,13 +66385,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://www.leicabiosystems.com/about/product-security/ notes: '' references: - '' last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: Shoppertrak Video Analytics + - vendor: Leica BIOSYSTEMS + product: BOND-ADVANCE cves: cve-2021-4104: investigated: false @@ -60669,11 +66399,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -60685,13 +66414,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://www.leicabiosystems.com/about/product-security/ notes: '' references: - '' last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: Sur‐Gard Receivers + - vendor: Leica BIOSYSTEMS + product: BOND-III cves: cve-2021-4104: investigated: false @@ -60699,11 +66428,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -60715,13 +66443,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://www.leicabiosystems.com/about/product-security/ notes: '' references: - '' last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: TrueVue Cloud + - vendor: Leica BIOSYSTEMS + product: BOND-MAX cves: cve-2021-4104: investigated: false @@ -60729,11 +66457,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -60745,13 +66472,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://www.leicabiosystems.com/about/product-security/ notes: '' references: - '' last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: Tyco AI + - vendor: Leica BIOSYSTEMS + product: CEREBRO cves: cve-2021-4104: investigated: false @@ -60759,11 +66486,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All versions + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -60775,13 +66501,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://www.leicabiosystems.com/about/product-security/ notes: '' references: - '' last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: victor + - vendor: Leica BIOSYSTEMS + product: CytoVision cves: cve-2021-4104: investigated: false @@ -60789,11 +66515,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - 5.x + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -60805,13 +66530,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://www.leicabiosystems.com/about/product-security/ notes: '' references: - '' last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: victor/ C•CURE‐9000 Unified + - vendor: Leica BIOSYSTEMS + product: HistoCore PEARL cves: cve-2021-4104: investigated: false @@ -60819,12 +66544,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - 3.81.x / victor 5.4.1 / C•CURE‐9000 2.80 and 3.91.x / victor 5.6.1 / C•CURE‐9000 - 2.90 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -60836,13 +66559,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://www.leicabiosystems.com/about/product-security/ notes: '' references: - '' last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: VideoEdge + - vendor: Leica BIOSYSTEMS + product: HistoCore PEGASUS cves: cve-2021-4104: investigated: false @@ -60850,11 +66573,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - 5.x + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -60866,13 +66588,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://www.leicabiosystems.com/about/product-security/ notes: '' references: - '' last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: Xaap + - vendor: Leica BIOSYSTEMS + product: HistoCore SPECTRA CV cves: cve-2021-4104: investigated: false @@ -60880,11 +66602,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -60896,13 +66617,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://www.leicabiosystems.com/about/product-security/ notes: '' references: - '' last_updated: '2021-12-21T00:00:00' - - vendor: Journyx - product: All + - vendor: Leica BIOSYSTEMS + product: HistoCore SPECTRA ST cves: cve-2021-4104: investigated: false @@ -60925,13 +66646,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.journyx.com/support/solutions/articles/9000209044-apache-log4j-2-vulnerability-cve-2021-44228- + - https://www.leicabiosystems.com/about/product-security/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: jPOS - product: (ISO-8583) bridge + last_updated: '2021-12-21T00:00:00' + - vendor: Leica BIOSYSTEMS + product: HistoCore SPIRIT ST cves: cve-2021-4104: investigated: false @@ -60939,11 +66660,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -60955,13 +66675,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://github.com/jpos/jPOS/commit/d615199a1bdd35c35d63c07c10fd0bdbbc96f625 + - https://www.leicabiosystems.com/about/product-security/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Jump Desktop - product: All + last_updated: '2021-12-21T00:00:00' + - vendor: Leica BIOSYSTEMS + product: HistoCore SPRING ST cves: cve-2021-4104: investigated: false @@ -60984,13 +66704,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.jumpdesktop.com/hc/en-us/articles/4416720395021-Log4j-CVE-2021-44228-CVE-2021-45046-Statement + - https://www.leicabiosystems.com/about/product-security/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Juniper Networks - product: Advanced Threat Prevention (JATP) + last_updated: '2021-12-21T00:00:00' + - vendor: Leica BIOSYSTEMS + product: Leica ASP300S cves: cve-2021-4104: investigated: false @@ -60998,11 +66718,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -61014,13 +66733,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + - https://www.leicabiosystems.com/about/product-security/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Juniper Networks - product: AppFormix + last_updated: '2021-12-21T00:00:00' + - vendor: Leica BIOSYSTEMS + product: Leica CV5030 cves: cve-2021-4104: investigated: false @@ -61028,11 +66747,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -61044,13 +66762,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + - https://www.leicabiosystems.com/about/product-security/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Juniper Networks - product: Apstra System + last_updated: '2021-12-21T00:00:00' + - vendor: Leica BIOSYSTEMS + product: Leica ST4020 cves: cve-2021-4104: investigated: false @@ -61058,11 +66776,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -61074,13 +66791,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + - https://www.leicabiosystems.com/about/product-security/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Juniper Networks - product: Apstra System + last_updated: '2021-12-21T00:00:00' + - vendor: Leica BIOSYSTEMS + product: Leica ST5010 cves: cve-2021-4104: investigated: false @@ -61088,11 +66805,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -61104,13 +66820,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + - https://www.leicabiosystems.com/about/product-security/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Juniper Networks - product: Connectivity Services Director + last_updated: '2021-12-21T00:00:00' + - vendor: Leica BIOSYSTEMS + product: Leica ST5020 cves: cve-2021-4104: investigated: false @@ -61118,11 +66834,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -61134,13 +66849,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + - https://www.leicabiosystems.com/about/product-security/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Juniper Networks - product: Contrail Analytics + last_updated: '2021-12-21T00:00:00' + - vendor: Leica BIOSYSTEMS + product: Leica TP1020 cves: cve-2021-4104: investigated: false @@ -61148,11 +66863,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -61164,13 +66878,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + - https://www.leicabiosystems.com/about/product-security/ notes: '' references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Juniper Networks - product: Contrail Cloud + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Leica BIOSYSTEMS + product: LIS Connect cves: cve-2021-4104: investigated: false @@ -61178,11 +66892,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -61194,13 +66907,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + - https://www.leicabiosystems.com/about/product-security/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Juniper Networks - product: Contrail Networking + last_updated: '2021-12-21T00:00:00' + - vendor: Leica BIOSYSTEMS + product: PathDX cves: cve-2021-4104: investigated: false @@ -61208,11 +66921,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -61224,13 +66936,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + - https://www.leicabiosystems.com/about/product-security/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Juniper Networks - product: Contrail Service Orchestration + last_updated: '2021-12-21T00:00:00' + - vendor: Leica BIOSYSTEMS + product: ThermoBrite Elite cves: cve-2021-4104: investigated: false @@ -61238,11 +66950,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -61254,13 +66965,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + - https://www.leicabiosystems.com/about/product-security/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Juniper Networks - product: Cross Provisioning Platform + last_updated: '2021-12-21T00:00:00' + - vendor: Lenovo + product: BIOS/UEFI cves: cve-2021-4104: investigated: false @@ -61268,7 +66979,7 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -61283,13 +66994,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + - https://support.lenovo.com/ca/en/product_security/len-76573 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Juniper Networks - product: CTPOS and CTPView + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: Chassis Management Module 2 (CMM) cves: cve-2021-4104: investigated: false @@ -61297,11 +67008,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -61313,13 +67023,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + - https://support.lenovo.com/ca/en/product_security/len-76573 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Juniper Networks - product: ICEAAA Manager + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: Commercial Vantage cves: cve-2021-4104: investigated: false @@ -61327,11 +67037,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -61343,13 +67052,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + - https://support.lenovo.com/ca/en/product_security/len-76573 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Juniper Networks - product: JATP Cloud + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: Confluent cves: cve-2021-4104: investigated: false @@ -61357,11 +67066,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -61373,13 +67081,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + - https://support.lenovo.com/ca/en/product_security/len-76573 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Juniper Networks - product: Juniper Identity Management Services (JIMS) + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: DSS-G cves: cve-2021-4104: investigated: false @@ -61387,7 +67095,7 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -61402,13 +67110,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + - https://support.lenovo.com/ca/en/product_security/len-76573 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Juniper Networks - product: Juniper Mist Edge + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: Embedded System Management Java-based KVM clients cves: cve-2021-4104: investigated: false @@ -61416,11 +67124,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -61432,13 +67139,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + - https://support.lenovo.com/ca/en/product_security/len-76573 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Juniper Networks - product: Juniper Sky Enterprise + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: Fan Power Controller (FPC) cves: cve-2021-4104: investigated: false @@ -61446,11 +67153,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -61462,13 +67168,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + - https://support.lenovo.com/ca/en/product_security/len-76573 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Juniper Networks - product: Junos OS + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: Fan Power Controller2 (FPC2) cves: cve-2021-4104: investigated: false @@ -61476,11 +67182,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -61492,13 +67197,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + - https://support.lenovo.com/ca/en/product_security/len-76573 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Juniper Networks - product: Junos OS Evolved + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: Integrated Management Module II (IMM2) cves: cve-2021-4104: investigated: false @@ -61506,11 +67211,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -61522,13 +67226,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + - https://support.lenovo.com/ca/en/product_security/len-76573 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Juniper Networks - product: Junos Space Network Management Platform + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: NetApp ONTAP Tools for VMware vSphere cves: cve-2021-4104: investigated: false @@ -61536,9 +67240,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - '' + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -61552,13 +67255,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 - notes: '' + - https://support.lenovo.com/ca/en/product_security/len-76573 + notes: See [NetApp](https://security.netapp.com/advisory/ntap-20211210-0007/) + advisory. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Juniper Networks - product: MIST - Juniper Networks Marvis Virtual Network Assistant (VNA) + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: 'Network Switches running: Lenovo CNOS, Lenovo ENOS, IBM ENOS, or Brocade + FOS' cves: cve-2021-4104: investigated: false @@ -61566,11 +67271,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -61582,13 +67286,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + - https://support.lenovo.com/ca/en/product_security/len-76573 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Juniper Networks - product: MIST - Juniper Networks Mist AI + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: Storage Management utilities cves: cve-2021-4104: investigated: false @@ -61596,11 +67300,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -61612,13 +67315,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + - https://support.lenovo.com/ca/en/product_security/len-76573 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Juniper Networks - product: MIST - Juniper Networks Wi-Fi Assurance + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: System Management Module (SMM) cves: cve-2021-4104: investigated: false @@ -61626,11 +67329,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -61642,13 +67344,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + - https://support.lenovo.com/ca/en/product_security/len-76573 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Juniper Networks - product: MIST - Juniper Networks Wired Assurance + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: System Management Module 2 (SMM2) cves: cve-2021-4104: investigated: false @@ -61656,11 +67358,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -61672,13 +67373,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + - https://support.lenovo.com/ca/en/product_security/len-76573 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Juniper Networks - product: Mist Access Points + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: System Update cves: cve-2021-4104: investigated: false @@ -61686,11 +67387,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - Any version on AP12, AP21, AP32, AP33, AP34, AP41, AP43, AP45, AP61, AP63 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -61702,13 +67402,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + - https://support.lenovo.com/ca/en/product_security/len-76573 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Juniper Networks - product: Network Director + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: Thin Installer cves: cve-2021-4104: investigated: false @@ -61716,11 +67416,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -61732,13 +67431,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + - https://support.lenovo.com/ca/en/product_security/len-76573 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Juniper Networks - product: Northstar Controller + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: ThinkAgile HX cves: cve-2021-4104: investigated: false @@ -61746,9 +67445,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - '' + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -61762,13 +67460,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 - notes: '' + - https://support.lenovo.com/ca/en/product_security/len-76573 + notes: Nutanix and VMware components only; hardware not affected. See [Nutanix](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) + and [VMWare](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) + advisories. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Juniper Networks - product: Northstar Planner + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: ThinkAgile VX cves: cve-2021-4104: investigated: false @@ -61776,7 +67476,7 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -61791,13 +67491,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 - notes: '' + - https://support.lenovo.com/ca/en/product_security/len-76573 + notes: VMware components only; hardware not affected. See [VMWare](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) + advisory. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Juniper Networks - product: Paragon Insights + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: ThinkSystem 2x1x16 Digital KVM Switch - Type 1754D1T cves: cve-2021-4104: investigated: false @@ -61805,9 +67506,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - '>= 21 version 21.1 ; >= 22 version 22.2' + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -61821,13 +67521,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + - https://support.lenovo.com/ca/en/product_security/len-76573 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Juniper Networks - product: Paragon Pathfinder + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: ThinkSystem DE Series Storage cves: cve-2021-4104: investigated: false @@ -61835,9 +67535,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - '>= 21 version 21.1 ; >= 22 version 22.2' + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -61851,13 +67550,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 - notes: '' + - https://support.lenovo.com/ca/en/product_security/len-76573 + notes: See also NetApp advisory. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Juniper Networks - product: Paragon Planner + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: ThinkSystem DM Series Storage cves: cve-2021-4104: investigated: false @@ -61865,9 +67564,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - '>= 21 version 21.1 ; >= 22 version 22.2' + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -61881,13 +67579,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 - notes: '' + - https://support.lenovo.com/ca/en/product_security/len-76573 + notes: See also NetApp advisory. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Juniper Networks - product: Policy Enforcer + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: ThinkSystem DS Series Storage cves: cve-2021-4104: investigated: false @@ -61895,11 +67593,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -61911,13 +67608,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + - https://support.lenovo.com/ca/en/product_security/len-76573 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Juniper Networks - product: Products using Wind River Linux in Junos OS and Junos OS Evolved + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: ThinkSystem Manager (TSM) cves: cve-2021-4104: investigated: false @@ -61925,11 +67622,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -61941,13 +67637,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + - https://support.lenovo.com/ca/en/product_security/len-76573 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Juniper Networks - product: ScreenOS + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: Update Retriever cves: cve-2021-4104: investigated: false @@ -61955,11 +67651,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -61971,13 +67666,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + - https://support.lenovo.com/ca/en/product_security/len-76573 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Juniper Networks - product: SecIntel + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: Vantage cves: cve-2021-4104: investigated: false @@ -61985,11 +67680,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -62001,13 +67695,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + - https://support.lenovo.com/ca/en/product_security/len-76573 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Juniper Networks - product: Secure Analytics + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: XClarity Administrator (LXCA) cves: cve-2021-4104: investigated: false @@ -62015,7 +67709,7 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -62030,13 +67724,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + - https://support.lenovo.com/ca/en/product_security/len-76573 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Juniper Networks - product: Security Director + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: XClarity Controller (XCC) cves: cve-2021-4104: investigated: false @@ -62044,11 +67738,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -62060,13 +67753,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + - https://support.lenovo.com/ca/en/product_security/len-76573 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Juniper Networks - product: Security Director Insights + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: XClarity Energy Manager (LXEM) cves: cve-2021-4104: investigated: false @@ -62074,11 +67767,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -62090,13 +67782,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + - https://support.lenovo.com/ca/en/product_security/len-76573 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Juniper Networks - product: Session Smart Router (Formerly 128T) + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: XClarity Essentials (LXCE) cves: cve-2021-4104: investigated: false @@ -62104,11 +67796,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -62120,13 +67811,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + - https://support.lenovo.com/ca/en/product_security/len-76573 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Juniper Networks - product: Space SDK + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: XClarity Integrator (LXCI) for Microsoft Azure Log Analytics cves: cve-2021-4104: investigated: false @@ -62134,11 +67825,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -62150,13 +67840,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + - https://support.lenovo.com/ca/en/product_security/len-76573 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Juniper Networks - product: Standalone Log Collector 20.1 (as also used by Space Security Director) + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: XClarity Integrator (LXCI) for Microsoft System Center cves: cve-2021-4104: investigated: false @@ -62164,11 +67854,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -62180,13 +67869,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + - https://support.lenovo.com/ca/en/product_security/len-76573 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Juniper Networks - product: User Engagement Virtual BLE + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: XClarity Integrator (LXCI) for Nagios cves: cve-2021-4104: investigated: false @@ -62194,11 +67883,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -62210,13 +67898,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + - https://support.lenovo.com/ca/en/product_security/len-76573 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Justice Systems - product: All + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: XClarity Integrator (LXCI) for ServiceNow cves: cve-2021-4104: investigated: false @@ -62239,13 +67927,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.justicesystems.com/services/support/ + - https://support.lenovo.com/ca/en/product_security/len-76573 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: K15t - product: All + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: XClarity Integrator (LXCI) for VMware vCenter cves: cve-2021-4104: investigated: false @@ -62268,13 +67956,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.k15t.com/k15t-apps-and-log4shell-193401141.html + - https://support.lenovo.com/ca/en/product_security/len-76573 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: K6 - product: All + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: XClarity Integrator (LXCI) for Windows Admin Center cves: cve-2021-4104: investigated: false @@ -62297,13 +67985,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://k6.io/blog/k6-products-not-impacted-by-cve-2021-44228/ + - https://support.lenovo.com/ca/en/product_security/len-76573 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Kaltura - product: Blackboard Learn SaaS in the classic Learn experience + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: XClarity Mobile (LXCM) cves: cve-2021-4104: investigated: false @@ -62311,10 +67999,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - v3900.28.x + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -62327,13 +68014,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://knowledge.kaltura.com/help/blackboard-learn-release-notes#blackboard-learn-december-2021-release-notes-v5412 + - https://support.lenovo.com/ca/en/product_security/len-76573 notes: '' references: - '' - last_updated: '2021-12-23T07:18:50+00:00' - - vendor: Kaltura - product: Blackboard Learn Self- and Managed-Hosting + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: XClarity Orchestrator (LXCO) cves: cve-2021-4104: investigated: false @@ -62341,10 +68028,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - v3900.26.x + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -62357,13 +68043,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://knowledge.kaltura.com/help/blackboard-learn-release-notes#blackboard-learn-december-2021-release-notes-v5412 + - https://support.lenovo.com/ca/en/product_security/len-76573 notes: '' references: - '' - last_updated: '2021-12-23T07:18:50+00:00' - - vendor: Karakun - product: All + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: XClarity Provisioning Manager (LXPM) cves: cve-2021-4104: investigated: false @@ -62386,13 +68072,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://board.karakun.com/viewtopic.php?f=21&t=8351 + - https://support.lenovo.com/ca/en/product_security/len-76573 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Kaseya - product: AuthAnvil + last_updated: '2021-12-14T00:00:00' + - vendor: LeoStream + product: '' cves: cve-2021-4104: investigated: false @@ -62400,11 +68086,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -62416,13 +68101,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + - https://support.leostream.com/support/discussions/topics/66000507567 notes: '' references: - '' - last_updated: '2021-12-15T07:18:50+00:00' - - vendor: Kaseya - product: BMS + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Let's Encrypt + product: '' cves: cve-2021-4104: investigated: false @@ -62430,11 +68115,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -62446,13 +68130,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + - https://community.letsencrypt.org/t/log4j-vulnerability-cve-2021-44228/167464 notes: '' references: - '' - last_updated: '2021-12-15T07:18:50+00:00' - - vendor: Kaseya - product: ID Agent DarkWeb ID and BullPhish ID + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: LibreNMS + product: '' cves: cve-2021-4104: investigated: false @@ -62460,11 +68144,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -62476,13 +68159,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + - https://community.librenms.org/t/is-librenms-affected-by-vulnerable-to-cve-2021-25218-cve-2021-44228/17675/6 notes: '' references: - '' - last_updated: '2021-12-15T07:18:50+00:00' - - vendor: Kaseya - product: IT Glue + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: LifeRay + product: '' cves: cve-2021-4104: investigated: false @@ -62490,11 +68173,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -62506,13 +68188,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + - https://liferay.dev/blogs/-/blogs/log4j2-zero-day-vulnerability notes: '' references: - '' - last_updated: '2021-12-15T07:18:50+00:00' - - vendor: Kaseya - product: MyGlue + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: LifeSize + product: '' cves: cve-2021-4104: investigated: false @@ -62520,11 +68202,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -62536,13 +68217,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + - https://community.lifesize.com/s/article/Apache-Log4j2-CVE-2021-44228 notes: '' references: - '' - last_updated: '2021-12-15T07:18:50+00:00' - - vendor: Kaseya - product: Network Glue + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Lightbend + product: '' cves: cve-2021-4104: investigated: false @@ -62550,11 +68231,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -62566,13 +68246,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + - https://discuss.lightbend.com/t/regarding-the-log4j2-vulnerability-cve-2021-44228/9275 notes: '' references: - '' - last_updated: '2021-12-15T07:18:50+00:00' - - vendor: Kaseya - product: Passly + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Lime CRM + product: '' cves: cve-2021-4104: investigated: false @@ -62580,11 +68260,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -62596,13 +68275,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + - https://docs.lime-crm.com/security/lcsec21-01 notes: '' references: - '' - last_updated: '2021-12-15T07:18:50+00:00' - - vendor: Kaseya - product: RocketCyber + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: LIONGARD + product: '' cves: cve-2021-4104: investigated: false @@ -62610,11 +68289,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -62626,13 +68304,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + - https://insights.liongard.com/faq-apache-log4j-vulnerability notes: '' references: - '' - last_updated: '2021-12-15T07:18:50+00:00' - - vendor: Kaseya - product: Spannign Salesforce Backup + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: LiquidFiles + product: '' cves: cve-2021-4104: investigated: false @@ -62640,11 +68318,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -62656,13 +68333,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + - https://mailchi.mp/liquidfiles/liquidfiles-log4j?e=%5BUNIQID%5D notes: '' references: - '' - last_updated: '2021-12-15T07:18:50+00:00' - - vendor: Kaseya - product: Spanning O365 Backup + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: LiveAction + product: '' cves: cve-2021-4104: investigated: false @@ -62670,11 +68347,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -62686,13 +68362,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + - https://documentation.liveaction.com/LiveNX/LiveNX%2021.5.1%20Release%20Notes/Release%20Notes%20LiveNX%2021.5.1.1.3 notes: '' references: - '' - last_updated: '2021-12-15T07:18:50+00:00' - - vendor: Kaseya - product: Unitrends + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Loftware + product: '' cves: cve-2021-4104: investigated: false @@ -62700,11 +68376,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -62716,13 +68391,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + - https://help.loftware.com/lps-kb/content/log4j%20cve-2021-44228.htm?Highlight=CVE-2021-44228 notes: '' references: - '' - last_updated: '2021-12-15T07:18:50+00:00' - - vendor: Kaseya - product: Vorex + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: LOGalyze + product: SIEM & log analyzer tool cves: cve-2021-4104: investigated: false @@ -62731,10 +68406,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - v4.x fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -62746,13 +68421,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment - notes: '' + - https://sourceforge.net/software/product/LOGalyze/ + notes: 'local-log4j-vuln-scanner result: indicator for vulnerable component found + in /logalyze/lib/log4j-1.2.17.jar (org/apache/log4j/net/SocketNode.class): log4j + 1.2.17' references: - - '' - last_updated: '2021-12-15T07:18:50+00:00' - - vendor: Kaseya - product: VSA SaaS and VSA On-Premises + - '[Forks (github.com)](https://github.com/search?q=logalyzer&s=updated&type=Repositories)' + last_updated: '2021-12-17T00:00:00' + - vendor: LogiAnalytics + product: '' cves: cve-2021-4104: investigated: false @@ -62760,11 +68437,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -62776,13 +68452,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + - https://devnet.logianalytics.com/hc/en-us/articles/4415781801751-Statement-on-Log4j-Vulnerability-CVE-2021-44228- notes: '' references: - '' - last_updated: '2021-12-15T07:18:50+00:00' - - vendor: KeePass - product: All + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: LogicMonitor + product: LogicMonitor Platform cves: cve-2021-4104: investigated: false @@ -62790,11 +68466,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -62806,43 +68481,43 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://sourceforge.net/p/keepass/discussion/329220/thread/4643c5ec4f/?limit=250 + - https://www.logicmonitor.com/support/log4shell-security-vulnerability-cve-2021-44228 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Keeper - product: All + - vendor: Logit.io + product: Logit.io Platform cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: + fixed_versions: [] + unaffected_versions: - '' - unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.keepersecurity.com/blog/2021/12/15/public-notice-regarding-the-apache-foundation-log4j-vulnerability/ + - https://logit.io/blog/post/logit-io-log4shell-security-update notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Kemp - product: All + last_updated: '2022-02-07T07:10:00+00:00' + - vendor: LogMeIn + product: '' cves: cve-2021-4104: investigated: false @@ -62865,13 +68540,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.kemptechnologies.com/hc/en-us/articles/4416430695437-CVE-2021-44228-Log4j2-Exploit + - https://community.logmein.com/t5/LogMeIn-Central-Discussions/LOG4J-Vulnerability/m-p/280317/highlight/true#M8327 notes: '' references: - - '[Additional Link](https://support.kemptechnologies.com/hc/en-us/articles/4416473820045-Progress-Kemp-LoadMaster-protects-from-security-vulnerability-Apache-Log4j-2-CVE-2021-44228-)' + - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Keycloak - product: All + - vendor: LogRhythm + product: '' cves: cve-2021-4104: investigated: false @@ -62879,11 +68554,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -62895,13 +68569,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://github.com/keycloak/keycloak/discussions/9078 + - https://community.logrhythm.com/t5/Product-Security/LogRhythm-Response-to-the-Apache-Log4J-Vulnerability-Log4Shell/td-p/494068 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Kofax - product: Capture + - vendor: Looker + product: Looker cves: cve-2021-4104: investigated: false @@ -62910,10 +68584,15 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - '21.0' + - '21.6' + - '21.12' + - '21.16' + - '21.18' + - '21.20' fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -62925,13 +68604,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://knowledge.kofax.com/Capture/Kofax_Capture/Reference/Log4J_Vulnerability_CVE-2021-44228_Does_Not_Affect_Kofax_Capture + - https://docs.google.com/document/d/e/2PACX-1vQGN1AYNMHxsRQ9AZNu1bKyTGRUSK_9xkQBge-nu4p8PYvBKIYHhc3914KTfVtDFIXtDhc3k6SZnR2M/pub notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Kofax - product: Communication Manager + - vendor: LucaNet + product: '' cves: cve-2021-4104: investigated: false @@ -62939,10 +68618,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - 5.3 - 5.5 + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -62955,13 +68633,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://knowledge.kofax.com/Communications_Manager/Troubleshooting/log4j_vulnerability_in_Kofax_Communications_Manager + - https://www.lucanet.com/en/blog/update-vulnerability-log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Kofax - product: Robot File System (RFS) + - vendor: Lucee + product: '' cves: cve-2021-4104: investigated: false @@ -62969,10 +68647,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - '>=10.7' + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -62985,13 +68662,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://knowledge.kofax.com/Robotic_Process_Automation/Troubleshooting + - https://dev.lucee.org/t/lucee-is-not-affected-by-the-log4j-jndi-exploit-cve-2021-44228/9331/4 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Kofax - product: Robotic Process Automation (RPA) + - vendor: Lyrasis + product: Fedora Repository cves: cve-2021-4104: investigated: false @@ -63001,10 +68678,12 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - '11.1' - - '11.2' - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - 3.x + - 4.x + - 5.x + - 6.x cve-2021-45046: investigated: false affected_versions: [] @@ -63016,13 +68695,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://knowledge.kofax.com/Robotic_Process_Automation/Troubleshooting - notes: '' + - https://groups.google.com/g/fedora-tech/c/dQMQ5jaX8Xo + notes: Fedora Repository is unaffiliated with Fedora Linux. Uses logback and + explicitly excludes log4j. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Konica Minolta - product: All + last_updated: '2021-12-14T00:00:00' + - vendor: MailStore + product: '' cves: cve-2021-4104: investigated: false @@ -63045,13 +68725,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.konicaminolta.de/de-de/support/log4j + - https://www.mailstore.com/en/blog/mailstore-affected-by-log4shell/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Kronos UKG - product: All + - vendor: Maltego + product: '' cves: cve-2021-4104: investigated: false @@ -63074,13 +68754,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.kronos.com/s/feed/0D54M00004wJKHiSAO?language=en_US + - https://www.maltego.com/blog/our-response-to-log4j-cve-2021-44228/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Kyberna - product: All + - vendor: ManageEngine + product: AD SelfService Plus cves: cve-2021-4104: investigated: false @@ -63088,10 +68768,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - Build 6.1 build 6114 cve-2021-45046: investigated: false affected_versions: [] @@ -63102,14 +68783,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.kyberna.com/detail/log4j-sicherheitsluecke + vendor_links: [] notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: L-Soft - product: '' + last_updated: '2021-12-27T00:00:00' + - vendor: ManageEngine + product: Servicedesk Plus cves: cve-2021-4104: investigated: false @@ -63117,8 +68797,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 11305 and below fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -63132,12 +68813,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - http://www.lsoft.com/news/log4jinfo.asp + - https://www.manageengine.com/products/service-desk/security-response-plan.html notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: L3Harris Geospatial + last_updated: '2021-12-15T00:00:00' + - vendor: ManageEngine Zoho product: '' cves: cve-2021-4104: @@ -63161,13 +68842,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.l3harrisgeospatial.com/Support/Self-Help-Tools/Help-Articles/Help-Articles-Detail/ArtMID/10220/ArticleID/24141/Impact-of-Log4j-Java-Security-Vulnerability-CVE-2021-44228-on-L3Harris-Geospatial-software + - https://pitstop.manageengine.com/portal/en/community/topic/log4j-ad-manager-plus notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Lancom Systems - product: '' + - vendor: ManageEngine Zoho + product: ADAudit Plus cves: cve-2021-4104: investigated: false @@ -63190,13 +68871,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.lancom-systems.com/service-support/instant-help/general-security-information/ + - https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Lansweeper - product: '' + last_updated: '2021-12-16T00:00:00' + - vendor: ManageEngine Zoho + product: ADManager Plus cves: cve-2021-4104: investigated: false @@ -63219,13 +68900,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.lansweeper.com/vulnerability/critical-log4j-vulnerability-affects-millions-of-applications/ + - https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Laserfiche - product: '' + last_updated: '2021-12-16T00:00:00' + - vendor: ManageEngine Zoho + product: Analytics Plus cves: cve-2021-4104: investigated: false @@ -63248,13 +68929,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://answers.laserfiche.com/questions/194037/Do-any-Laserfiche-products-use-the-Apache-log4j-library#194038 + - https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: LastPass - product: '' + last_updated: '2021-12-16T00:00:00' + - vendor: ManageEngine Zoho + product: Cloud Security Plus cves: cve-2021-4104: investigated: false @@ -63277,13 +68958,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.logmeininc.com/lastpass/help/log4j-vulnerability-faq-for-lastpass-universal-proxy + - https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: LaunchDarkly - product: '' + last_updated: '2021-12-16T00:00:00' + - vendor: ManageEngine Zoho + product: DataSecurity Plus cves: cve-2021-4104: investigated: false @@ -63306,13 +68987,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://launchdarkly.com/blog/audit-shows-systems-unaffected-by-log4j/ + - https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Leanix - product: '' + last_updated: '2021-12-16T00:00:00' + - vendor: ManageEngine Zoho + product: EventLog Analyzer cves: cve-2021-4104: investigated: false @@ -63335,13 +69016,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leanix.net/en/blog/log4j-vulnerability-log4shell + - https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Leica BIOSYSTEMS - product: Aperio AT2 + last_updated: '2021-12-16T00:00:00' + - vendor: ManageEngine Zoho + product: Exchange Reporter Plus cves: cve-2021-4104: investigated: false @@ -63364,13 +69045,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + - https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1 notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: Aperio AT2 DX + last_updated: '2021-12-16T00:00:00' + - vendor: ManageEngine Zoho + product: Log360 cves: cve-2021-4104: investigated: false @@ -63393,13 +69074,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + - https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1 notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: Aperio CS2 + last_updated: '2021-12-16T00:00:00' + - vendor: ManageEngine Zoho + product: Log360 UEBA cves: cve-2021-4104: investigated: false @@ -63422,13 +69103,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + - https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1 notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: Aperio eSlide Manager + last_updated: '2021-12-16T00:00:00' + - vendor: ManageEngine Zoho + product: M365 Manager Plus cves: cve-2021-4104: investigated: false @@ -63451,13 +69132,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + - https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1 notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: Aperio GT 450 + last_updated: '2021-12-16T00:00:00' + - vendor: ManageEngine Zoho + product: M365 Security Plus cves: cve-2021-4104: investigated: false @@ -63480,13 +69161,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + - https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1 notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: Aperio GT 450 DX + last_updated: '2021-12-16T00:00:00' + - vendor: ManageEngine Zoho + product: RecoveryManager Plus cves: cve-2021-4104: investigated: false @@ -63509,13 +69190,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + - https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1 notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: Aperio ImageScope + last_updated: '2021-12-16T00:00:00' + - vendor: MariaDB + product: '' cves: cve-2021-4104: investigated: false @@ -63538,13 +69219,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + - https://mariadb.com/resources/blog/log4shell-and-mariadb-cve-2021-44228/ notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: Aperio ImageScope DX + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: MathWorks + product: All MathWorks general release desktop or server products cves: cve-2021-4104: investigated: false @@ -63552,7 +69233,7 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -63567,13 +69248,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + - https://www.mathworks.com/matlabcentral/answers/1610640-apache-log4j-vulnerability-cve-2021-44228-how-does-it-affect-matlab-run-time notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: Aperio LV1 + last_updated: '2022-01-18T00:00:00' + - vendor: MathWorks + product: MATLAB cves: cve-2021-4104: investigated: false @@ -63581,10 +69262,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + vendor_links: + - https://www.mathworks.com/content/dam/mathworks/policies/mathworks-response-to-cve-2021-44228-log4j-vulnerability.pdf + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Matillion + product: Matillion ETL + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 1.59.10+ + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -63596,13 +69308,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + - https://documentation.matillion.com/docs/security-advisory-14th-december-2021 notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: Aperio SAM DX Server For GT 450 DX + last_updated: '2022-11-01T00:00:00' + - vendor: Matomo + product: '' cves: cve-2021-4104: investigated: false @@ -63625,13 +69337,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + - https://forum.matomo.org/t/matomo-is-not-concerned-by-the-log4j-security-breach-cve-2021-44228-discovered-on-december-2021-the-9th/44089 notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: Aperio Scanner Administration Manager (SAM) Server for GT 450 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Mattermost FocalBoard + product: '' cves: cve-2021-4104: investigated: false @@ -63654,13 +69366,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + - https://forum.mattermost.org/t/log4j-vulnerability-concern/12676 notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: Aperio VERSA + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: McAfee + product: Data Exchange Layer (DXL) Client cves: cve-2021-4104: investigated: false @@ -63682,14 +69394,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + vendor_links: [] notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: Aperio WebViewer DX + last_updated: '2021-12-20T00:00:00' + - vendor: McAfee + product: Data Loss Prevention (DLP) Discover cves: cve-2021-4104: investigated: false @@ -63711,14 +69422,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + vendor_links: [] notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: BOND Controller + last_updated: '2021-12-20T00:00:00' + - vendor: McAfee + product: Data Loss Prevention (DLP) Endpoint for Mac cves: cve-2021-4104: investigated: false @@ -63740,14 +69450,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + vendor_links: [] notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: BOND RX + last_updated: '2021-12-20T00:00:00' + - vendor: McAfee + product: Data Loss Prevention (DLP) Endpoint for Windows cves: cve-2021-4104: investigated: false @@ -63769,14 +69478,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + vendor_links: [] notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: BOND RXm + last_updated: '2021-12-20T00:00:00' + - vendor: McAfee + product: Data Loss Prevention (DLP) Monitor cves: cve-2021-4104: investigated: false @@ -63798,14 +69506,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + vendor_links: [] notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: BOND-ADVANCE + last_updated: '2021-12-20T00:00:00' + - vendor: McAfee + product: Data Loss Prevention (DLP) Prevent cves: cve-2021-4104: investigated: false @@ -63827,14 +69534,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + vendor_links: [] notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: BOND-III + last_updated: '2021-12-20T00:00:00' + - vendor: McAfee + product: Endpoint Security (ENS) for Linux cves: cve-2021-4104: investigated: false @@ -63856,14 +69562,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + vendor_links: [] notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: BOND-MAX + last_updated: '2021-12-20T00:00:00' + - vendor: McAfee + product: Endpoint Security (ENS) for Mac cves: cve-2021-4104: investigated: false @@ -63885,14 +69590,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + vendor_links: [] notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: CEREBRO + last_updated: '2021-12-20T00:00:00' + - vendor: McAfee + product: Endpoint Security (ENS) for Windows cves: cve-2021-4104: investigated: false @@ -63914,14 +69618,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + vendor_links: [] notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: CytoVision + last_updated: '2021-12-20T00:00:00' + - vendor: McAfee + product: Enterprise Security Manager (ESM) cves: cve-2021-4104: investigated: false @@ -63929,9 +69632,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 11.5.3 unaffected_versions: [] cve-2021-45046: investigated: false @@ -63944,13 +69648,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + - https://kc.mcafee.com/agent/index?page=content&id=SB10377 notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: HistoCore PEARL + last_updated: '2021-12-20T00:00:00' + - vendor: McAfee + product: ePolicy Orchestrator Agent Handlers (ePO-AH) cves: cve-2021-4104: investigated: false @@ -63972,14 +69676,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + vendor_links: [] notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: HistoCore PEGASUS + last_updated: '2021-12-20T00:00:00' + - vendor: McAfee + product: ePolicy Orchestrator Application Server (ePO) cves: cve-2021-4104: investigated: false @@ -63987,9 +69690,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 5.10 CU11 unaffected_versions: [] cve-2021-45046: investigated: false @@ -64002,13 +69706,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + - https://kc.mcafee.com/agent/index?page=content&id=SB10377 notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: HistoCore SPECTRA CV + last_updated: '2021-12-20T00:00:00' + - vendor: McAfee + product: Host Intrusion Prevention (Host IPS) cves: cve-2021-4104: investigated: false @@ -64030,14 +69734,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + vendor_links: [] notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: HistoCore SPECTRA ST + last_updated: '2021-12-20T00:00:00' + - vendor: McAfee + product: Management of Native Encryption (MNE) cves: cve-2021-4104: investigated: false @@ -64059,14 +69762,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + vendor_links: [] notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: HistoCore SPIRIT ST + last_updated: '2021-12-20T00:00:00' + - vendor: McAfee + product: McAfee Active Response (MAR) cves: cve-2021-4104: investigated: false @@ -64088,14 +69790,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + vendor_links: [] notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: HistoCore SPRING ST + last_updated: '2021-12-20T00:00:00' + - vendor: McAfee + product: McAfee Agent (MA) cves: cve-2021-4104: investigated: false @@ -64117,14 +69818,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + vendor_links: [] notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: Leica ASP300S + last_updated: '2021-12-20T00:00:00' + - vendor: McAfee + product: McAfee Application and Change Control (MACC) for Linux cves: cve-2021-4104: investigated: false @@ -64146,14 +69846,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + vendor_links: [] notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: Leica CV5030 + last_updated: '2021-12-20T00:00:00' + - vendor: McAfee + product: McAfee Application and Change Control (MACC) for Windows cves: cve-2021-4104: investigated: false @@ -64175,14 +69874,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + vendor_links: [] notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: Leica ST4020 + last_updated: '2021-12-20T00:00:00' + - vendor: McAfee + product: McAfee Client Proxy (MCP) for Mac cves: cve-2021-4104: investigated: false @@ -64204,14 +69902,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + vendor_links: [] notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: Leica ST5010 + last_updated: '2021-12-20T00:00:00' + - vendor: McAfee + product: McAfee Client Proxy (MCP) for Windows cves: cve-2021-4104: investigated: false @@ -64233,14 +69930,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + vendor_links: [] notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: Leica ST5020 + last_updated: '2021-12-20T00:00:00' + - vendor: McAfee + product: McAfee Drive Encryption (MDE) cves: cve-2021-4104: investigated: false @@ -64262,14 +69958,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + vendor_links: [] notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: Leica TP1020 + last_updated: '2021-12-20T00:00:00' + - vendor: McAfee + product: McAfee Security for Microsoft Exchange (MSME) cves: cve-2021-4104: investigated: false @@ -64291,14 +69986,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + vendor_links: [] notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: LIS Connect + last_updated: '2021-12-20T00:00:00' + - vendor: McAfee + product: McAfee Security for Microsoft Exchange (MSME) cves: cve-2021-4104: investigated: false @@ -64320,14 +70014,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + vendor_links: [] notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: PathDX + last_updated: '2021-12-20T00:00:00' + - vendor: McAfee + product: McAfee Security for Microsoft SharePoint (MSMS) cves: cve-2021-4104: investigated: false @@ -64349,14 +70042,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + vendor_links: [] notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: ThermoBrite Elite + last_updated: '2021-12-20T00:00:00' + - vendor: McAfee + product: Network Security Manager (NSM) cves: cve-2021-4104: investigated: false @@ -64378,14 +70070,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + vendor_links: [] notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Lenovo - product: BIOS/UEFI + last_updated: '2021-12-20T00:00:00' + - vendor: McAfee + product: Network Security Platform (NSP) cves: cve-2021-4104: investigated: false @@ -64407,14 +70098,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 + vendor_links: [] notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: Chassis Management Module 2 (CMM) + last_updated: '2021-12-20T00:00:00' + - vendor: McAfee + product: Policy Auditor cves: cve-2021-4104: investigated: false @@ -64436,14 +70126,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 + vendor_links: [] notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: Commercial Vantage + last_updated: '2021-12-20T00:00:00' + - vendor: McAfee + product: Threat Intelligence Exchange (TIE) cves: cve-2021-4104: investigated: false @@ -64466,13 +70155,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 - notes: '' + - https://kc.mcafee.com/agent/index?page=content&id=SB10377 + notes: Latest status in linked Security Bulletin references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: Confluent + last_updated: '2021-12-20T00:00:00' + - vendor: McAfee + product: Web Gateway (MWG) cves: cve-2021-4104: investigated: false @@ -64495,13 +70184,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 + - https://kc.mcafee.com/agent/index?page=content&id=SB10377 notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: DSS-G + last_updated: '2021-12-20T00:00:00' + - vendor: Medtronic + product: '' cves: cve-2021-4104: investigated: false @@ -64524,13 +70213,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 + - https://global.medtronic.com/xg-en/product-security/security-bulletins/log4j-vulnerabilities.html notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: Embedded System Management Java-based KVM clients + last_updated: '2021-12-21T00:00:00' + - vendor: MEINBERG + product: '' cves: cve-2021-4104: investigated: false @@ -64553,13 +70242,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 + - https://www.meinbergglobal.com/english/news/meinberg-lantime-and-microsync-systems-not-at-risk-from-log4j-security-exploit.htm notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: Fan Power Controller (FPC) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: MEINBERG + product: LANTIME and microSync cves: cve-2021-4104: investigated: false @@ -64582,13 +70271,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 + - https://www.meinbergglobal.com/english/news/meinberg-lantime-and-microsync-systems-not-at-risk-from-log4j-security-exploit.htm notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: Fan Power Controller2 (FPC2) + last_updated: '2022-01-05T00:00:00' + - vendor: Meltano + product: Meltano cves: cve-2021-4104: investigated: false @@ -64611,13 +70300,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 - notes: '' + - https://github.com/meltano/meltano + notes: Project is written in Python references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: Integrated Management Module II (IMM2) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Memurai + product: '' cves: cve-2021-4104: investigated: false @@ -64640,13 +70329,52 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 + - https://www.memurai.com/blog/apache-log4j2-cve-2021-44228 notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: NetApp ONTAP Tools for VMware vSphere + last_updated: '2022-01-12T07:18:54+00:00' + - vendor: Micro Focus + product: Data Protector + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '10.20' + - '10.30' + - '10.40' + - '10.50' + - '10.60' + - '10.70' + - '10.80' + - '10.90' + - '10.91' + - '11.00' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://portal.microfocus.com/s/article/KM000003052 + notes: '' + references: + - '[https://portal.microfocus.com/s/article/KM000003050](https://portal.microfocus.com/s/article/KM000003050)' + last_updated: '2021-12-13T00:00:00' + - vendor: Microsoft + product: Azure API Gateway cves: cve-2021-4104: investigated: false @@ -64669,15 +70397,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 - notes: See [NetApp](https://security.netapp.com/advisory/ntap-20211210-0007/) - advisory. + - https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/ + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: 'Network Switches running: Lenovo CNOS, Lenovo ENOS, IBM ENOS, or Brocade - FOS' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Microsoft + product: Azure Application Gateway cves: cve-2021-4104: investigated: false @@ -64700,13 +70426,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 + - https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/ notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: Storage Management utilities + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Microsoft + product: Azure Data lake store java cves: cve-2021-4104: investigated: false @@ -64714,10 +70440,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: + - < 2.3.10 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://github.com/Azure/azure-data-lake-store-java/blob/ed5d6304783286c3cfff0a1dee457a922e23ad48/CHANGES.md#version-2310 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Microsoft + product: Azure Data lake store java + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - < 2.3.10 + fixed_versions: [] + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -64729,13 +70486,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 + - https://github.com/Azure/azure-data-lake-store-java/blob/ed5d6304783286c3cfff0a1dee457a922e23ad48/CHANGES.md#version-2310 notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: System Management Module (SMM) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Microsoft + product: Azure DevOps cves: cve-2021-4104: investigated: false @@ -64758,13 +70515,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 + - https://devblogs.microsoft.com/devops/azure-devops-and-azure-devops-server-and-the-log4j-vulnerability/?WT.mc_id=DOP-MVP-5001511 notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: System Management Module 2 (SMM2) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Microsoft + product: Azure DevOps Server cves: cve-2021-4104: investigated: false @@ -64772,8 +70529,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 2019.0 - 2020.1 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -64787,13 +70545,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 + - https://devblogs.microsoft.com/devops/azure-devops-and-azure-devops-server-and-the-log4j-vulnerability/?WT.mc_id=DOP-MVP-5001511 notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: System Update + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Microsoft + product: Azure Traffic Manager cves: cve-2021-4104: investigated: false @@ -64816,13 +70574,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 + - https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/ notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: Thin Installer + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Microsoft + product: Team Foundation Server cves: cve-2021-4104: investigated: false @@ -64830,8 +70588,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 2018.2+ fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -64845,13 +70604,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 + - https://devblogs.microsoft.com/devops/azure-devops-and-azure-devops-server-and-the-log4j-vulnerability/?WT.mc_id=DOP-MVP-5001511 notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: ThinkAgile HX + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Microstrategy + product: '' cves: cve-2021-4104: investigated: false @@ -64874,15 +70633,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 - notes: Nutanix and VMware components only; hardware not affected. See [Nutanix](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) - and [VMWare](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) - advisories. + - https://community.microstrategy.com/s/article/MicroStrategy-s-response-to-CVE-2021-44228-The-Log4j-0-Day-Vulnerability?language=en_US + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: ThinkAgile VX + last_updated: '2022-01-12T07:18:54+00:00' + - vendor: Midori Global + product: '' cves: cve-2021-4104: investigated: false @@ -64905,14 +70662,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 - notes: VMware components only; hardware not affected. See [VMWare](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) - advisory. + - https://www.midori-global.com/blog/2021/12/15/cve-2021-44228-log4shell-midori-apps-are-not-affected + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: ThinkSystem 2x1x16 Digital KVM Switch - Type 1754D1T + last_updated: '2022-01-12T07:18:54+00:00' + - vendor: Mikrotik + product: '' cves: cve-2021-4104: investigated: false @@ -64935,13 +70691,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 + - https://forum.mikrotik.com/viewtopic.php?p=897938 notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: ThinkSystem DE Series Storage + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Milestone sys + product: '' cves: cve-2021-4104: investigated: false @@ -64964,13 +70720,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 - notes: See also NetApp advisory. + - https://supportcommunity.milestonesys.com/s/article/Log4J-vulnerability-faq?language=en_US + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: ThinkSystem DM Series Storage + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Mimecast + product: '' cves: cve-2021-4104: investigated: false @@ -64993,13 +70749,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 - notes: See also NetApp advisory. + - https://community.mimecast.com/s/article/Mimecast-Information-for-Customers-on-the-Log4Shell-Vulnerability + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: ThinkSystem DS Series Storage + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Minecraft + product: '' cves: cve-2021-4104: investigated: false @@ -65022,13 +70778,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 + - https://www.minecraft.net/en-us/article/important-message--security-vulnerability-java-edition notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: ThinkSystem Manager (TSM) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Mirantis + product: '' cves: cve-2021-4104: investigated: false @@ -65051,13 +70807,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 + - https://github.com/Mirantis/security/blob/main/news/cve-2021-44288.md notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: Update Retriever + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Miro + product: '' cves: cve-2021-4104: investigated: false @@ -65080,13 +70836,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 + - https://miro.com/trust/updates/log4j/ notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: Vantage + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Mitel + product: '' cves: cve-2021-4104: investigated: false @@ -65109,13 +70865,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 + - https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-21-0010 notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: XClarity Administrator (LXCA) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: MMM Group + product: Control software of all MMM series cves: cve-2021-4104: investigated: false @@ -65138,13 +70894,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 + - https://www.mmmgroup.com/en/news/cybersecurity-vulnerability-log4shell-java-library-log4j notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: XClarity Controller (XCC) + last_updated: '2022-01-05T00:00:00' + - vendor: MMM Group + product: RUMED360 Cycles, RUMED360 Cycles View, RUMED360 Sicon, RUMED360 ISA-Server cves: cve-2021-4104: investigated: false @@ -65167,13 +70923,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 + - https://www.mmmgroup.com/en/news/cybersecurity-vulnerability-log4shell-java-library-log4j notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: XClarity Energy Manager (LXEM) + last_updated: '2022-01-05T00:00:00' + - vendor: MongoDB + product: All other components of MongoDB Atlas (including Atlas Database, Data + Lake, Charts) cves: cve-2021-4104: investigated: false @@ -65196,13 +70953,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 + - https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: XClarity Essentials (LXCE) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: MongoDB + product: MongoDB Atlas Search cves: cve-2021-4104: investigated: false @@ -65225,13 +70982,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 + - https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: XClarity Integrator (LXCI) for Microsoft Azure Log Analytics + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: MongoDB + product: MongoDB Community Edition (including Community Server, Cloud Manager, + Community Kubernetes Operators) cves: cve-2021-4104: investigated: false @@ -65254,13 +71012,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 + - https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: XClarity Integrator (LXCI) for Microsoft System Center + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: MongoDB + product: MongoDB Drivers cves: cve-2021-4104: investigated: false @@ -65283,13 +71041,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 + - https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: XClarity Integrator (LXCI) for Nagios + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: MongoDB + product: MongoDB Enterprise Advanced (including Enterprise Server, Ops Manager, + Enterprise Kubernetes Operators) cves: cve-2021-4104: investigated: false @@ -65312,13 +71071,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 + - https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: XClarity Integrator (LXCI) for ServiceNow + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: MongoDB + product: MongoDB Realm (including Realm Database, Sync, Functions, APIs) cves: cve-2021-4104: investigated: false @@ -65341,13 +71100,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 + - https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: XClarity Integrator (LXCI) for VMware vCenter + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: MongoDB + product: MongoDB Tools (including Compass, Database Shell, VS Code Plugin, Atlas + CLI, Database Connectors) cves: cve-2021-4104: investigated: false @@ -65370,13 +71130,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 + - https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: XClarity Integrator (LXCI) for Windows Admin Center + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Moodle + product: '' cves: cve-2021-4104: investigated: false @@ -65399,13 +71159,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 + - https://moodle.org/mod/forum/discuss.php?d=429966 notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: XClarity Mobile (LXCM) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: MoogSoft + product: '' cves: cve-2021-4104: investigated: false @@ -65428,13 +71188,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 + - https://servicedesk.moogsoft.com/hc/en-us/articles/4412463233811?input_string=log4j+vulnerability+%7C%7C+cve-2021-44228 notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: XClarity Orchestrator (LXCO) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Motorola Avigilon + product: '' cves: cve-2021-4104: investigated: false @@ -65457,13 +71217,45 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 + - https://support.avigilon.com/s/article/Technical-Notification-Apache-Log4j2-vulnerability-impact-on-Avigilon-products-CVE-2021-44228?language=en_US notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: XClarity Provisioning Manager (LXPM) + last_updated: '2022-01-12T07:18:54+00:00' + - vendor: Moxa + product: '' + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.moxa.com/en/support/product-support/security-advisory/moxa-s-response-regarding-the-apache-log4j-vulnerability + notes: Moxa is investigating to determine if any of our products are affected + by this vulnerability. At the time of publication, none of Moxa's products are + affected. + references: + - '' + last_updated: '2022-01-19T00:00:00' + - vendor: Mulesoft + product: '' cves: cve-2021-4104: investigated: false @@ -65486,13 +71278,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 - notes: '' + - https://help.mulesoft.com/s/article/Apache-Log4j2-vulnerability-December-2021 + notes: This advisory is available to customers only and has not been reviewed + by CISA references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: LeoStream - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Mulesoft + product: Anypoint Studio cves: cve-2021-4104: investigated: false @@ -65500,8 +71293,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 7.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -65515,13 +71309,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.leostream.com/support/discussions/topics/66000507567 - notes: '' + - https://help.mulesoft.com/s/article/Apache-Log4j2-vulnerability-December-2021 + notes: This advisory is available to account holders only and has not been reviewed + by CISA. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Let's Encrypt - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: Mulesoft + product: Cloudhub cves: cve-2021-4104: investigated: false @@ -65544,13 +71339,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.letsencrypt.org/t/log4j-vulnerability-cve-2021-44228/167464 - notes: '' + - https://help.mulesoft.com/s/article/Apache-Log4j2-vulnerability-December-2021 + notes: This advisory is available to account holders only and has not been reviewed + by CISA. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: LibreNMS - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: Mulesoft + product: Mule Agent cves: cve-2021-4104: investigated: false @@ -65558,8 +71354,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 6.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -65573,13 +71370,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.librenms.org/t/is-librenms-affected-by-vulnerable-to-cve-2021-25218-cve-2021-44228/17675/6 - notes: '' + - https://help.mulesoft.com/s/article/Apache-Log4j2-vulnerability-December-2021 + notes: This advisory is available to account holders only and has not been reviewed + by CISA. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: LifeRay - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: Mulesoft + product: Mule Runtime cves: cve-2021-4104: investigated: false @@ -65587,8 +71385,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 3.x + - 4.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -65602,12 +71402,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://liferay.dev/blogs/-/blogs/log4j2-zero-day-vulnerability - notes: '' + - https://help.mulesoft.com/s/article/Apache-Log4j2-vulnerability-December-2021 + notes: This advisory is available to account holders only and has not been reviewed + by CISA. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: LifeSize + last_updated: '2021-12-15T00:00:00' + - vendor: N-able product: '' cves: cve-2021-4104: @@ -65631,12 +71432,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.lifesize.com/s/article/Apache-Log4j2-CVE-2021-44228 + - https://www.n-able.com/security-and-privacy/apache-log4j-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Lightbend + - vendor: Nagios product: '' cves: cve-2021-4104: @@ -65660,12 +71461,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.lightbend.com/t/regarding-the-log4j2-vulnerability-cve-2021-44228/9275 + - https://www.nagios.com/news/2021/12/update-on-apache-log4j-vulnerability/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Lime CRM + - vendor: NAKIVO product: '' cves: cve-2021-4104: @@ -65689,24 +71490,59 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.lime-crm.com/security/lcsec21-01 + - https://forum.nakivo.com/index.php?/topic/7574-log4j-cve-2021-44228/&do=findComment&comment=9145 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: LIONGARD - product: '' + - vendor: National Instruments + product: OptimalPlus cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: + - Vertica + - Cloudera + - Logstash + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ni.com/en-us/support/documentation/supplemental/21/ni-response-to-apache-log4j-vulnerability-.html + notes: (Limited to deployments running Vertica, Cloudera, or Logstash) Contact + Technical Support + references: + - '' + last_updated: '2022-01-05T00:00:00' + - vendor: Neo4j + product: Neo4j Graph Database + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '>4.2' + - <4..2.12 + fixed_versions: [] + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -65717,14 +71553,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://insights.liongard.com/faq-apache-log4j-vulnerability + vendor_links: [] notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: LiquidFiles - product: '' + last_updated: '2021-12-13T00:00:00' + - vendor: Netapp + product: Multiple NetApp products cves: cve-2021-4104: investigated: false @@ -65747,12 +71582,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://mailchi.mp/liquidfiles/liquidfiles-log4j?e=%5BUNIQID%5D + - https://security.netapp.com/advisory/ntap-20211210-0007/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: LiveAction + - vendor: Netcup product: '' cves: cve-2021-4104: @@ -65776,12 +71611,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://documentation.liveaction.com/LiveNX/LiveNX%2021.5.1%20Release%20Notes/Release%20Notes%20LiveNX%2021.5.1.1.3 + - https://www.netcup-news.de/2021/12/14/pruefung-log4j-sicherheitsluecken-abgeschlossen/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Loftware + - vendor: NetGate PFSense product: '' cves: cve-2021-4104: @@ -65805,13 +71640,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.loftware.com/lps-kb/content/log4j%20cve-2021-44228.htm?Highlight=CVE-2021-44228 + - https://forum.netgate.com/topic/168417/java-log4j-vulnerability-is-pfsense-affected/35 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: LOGalyze - product: SIEM & log analyzer tool + - vendor: Netwrix + product: '' cves: cve-2021-4104: investigated: false @@ -65819,9 +71654,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - v4.x + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -65835,15 +71669,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://sourceforge.net/software/product/LOGalyze/ - notes: 'local-log4j-vuln-scanner result: indicator for vulnerable component found - in /logalyze/lib/log4j-1.2.17.jar (org/apache/log4j/net/SocketNode.class): log4j - 1.2.17' + - https://www.netwrix.com/netwrix_statement_on_cve_2021_44228_the_apache_log4j_vulnerability.html + notes: '' references: - - '[Forks (github.com)](https://github.com/search?q=logalyzer&s=updated&type=Repositories)' - last_updated: '2021-12-17T00:00:00' - - vendor: LogiAnalytics - product: '' + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: New Relic + product: Containerized Private Minion (CPM) cves: cve-2021-4104: investigated: false @@ -65851,9 +71683,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 3.0.57 unaffected_versions: [] cve-2021-45046: investigated: false @@ -65866,13 +71699,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://devnet.logianalytics.com/hc/en-us/articles/4415781801751-Statement-on-Log4j-Vulnerability-CVE-2021-44228- - notes: '' + - https://docs.newrelic.com/docs/security/new-relic-security/security-bulletins/security-bulletin-nr21-04/ + notes: New Relic is in the process of revising guidance/documentation, however + the fix version remains sufficient. references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: LogicMonitor - product: LogicMonitor Platform + - '[Security Bulletin NR21-04](https://docs.newrelic.com/docs/security/new-relic-security/security-bulletins/security-bulletin-nr21-04/)' + last_updated: '2021-12-18T00:00:00' + - vendor: New Relic + product: New Relic Java Agent cves: cve-2021-4104: investigated: false @@ -65880,8 +71714,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - <7.4.3 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -65895,12 +71730,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.logicmonitor.com/support/log4shell-security-vulnerability-cve-2021-44228 - notes: '' + - https://docs.newrelic.com/docs/release-notes/agent-release-notes/java-release-notes/java-agent-743/ + notes: Initially fixed in 7.4.2, but additional vulnerability found references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: LogMeIn + - '[New Relic tracking](https://github.com/newrelic/newrelic-java-agent/issues/605), + covers CVE-2021-44228, CVE-2021-45046' + last_updated: '2021-12-20T00:00:00' + - vendor: NextCloud product: '' cves: cve-2021-4104: @@ -65924,13 +71760,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.logmein.com/t5/LogMeIn-Central-Discussions/LOG4J-Vulnerability/m-p/280317/highlight/true#M8327 + - https://help.nextcloud.com/t/apache-log4j-does-not-affect-nextcloud/129244 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: LogRhythm - product: '' + - vendor: Nextflow + product: Nextflow cves: cve-2021-4104: investigated: false @@ -65938,10 +71774,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 21.04.0.5552 cve-2021-45046: investigated: false affected_versions: [] @@ -65953,13 +71790,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.logrhythm.com/t5/Product-Security/LogRhythm-Response-to-the-Apache-Log4J-Vulnerability-Log4Shell/td-p/494068 + - https://www.nextflow.io/docs/latest/index.html notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Looker - product: Looker + last_updated: '2021-12-21T00:00:00' + - vendor: Nexus Group + product: '' cves: cve-2021-4104: investigated: false @@ -65967,14 +71804,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - '21.0' - - '21.6' - - '21.12' - - '21.16' - - '21.18' - - '21.20' + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -65988,12 +71819,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.google.com/document/d/e/2PACX-1vQGN1AYNMHxsRQ9AZNu1bKyTGRUSK_9xkQBge-nu4p8PYvBKIYHhc3914KTfVtDFIXtDhc3k6SZnR2M/pub + - https://doc.nexusgroup.com/pages/viewpage.action?pageId=83133294 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: LucaNet + last_updated: '2022-01-12T07:18:54+00:00' + - vendor: Nice Software (AWS) EnginFRAME product: '' cves: cve-2021-4104: @@ -66017,12 +71848,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.lucanet.com/en/blog/update-vulnerability-log4j + - https://download.enginframe.com/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Lucee + - vendor: NinjaRMM product: '' cves: cve-2021-4104: @@ -66046,13 +71877,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://dev.lucee.org/t/lucee-is-not-affected-by-the-log4j-jndi-exploit-cve-2021-44228/9331/4 - notes: '' + - https://ninjarmm.zendesk.com/hc/en-us/articles/4416226194189-12-10-21-Security-Declaration-NinjaOne-not-affected-by-CVE-2021-44228-log4j- + notes: This advisory is available to customers only and has not been reviewed + by CISA references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Lyrasis - product: Fedora Repository + - vendor: Nomachine + product: '' cves: cve-2021-4104: investigated: false @@ -66060,14 +71892,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - 3.x - - 4.x - - 5.x - - 6.x + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -66079,13 +71907,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://groups.google.com/g/fedora-tech/c/dQMQ5jaX8Xo - notes: Fedora Repository is unaffiliated with Fedora Linux. Uses logback and - explicitly excludes log4j. + - https://forums.nomachine.com/topic/apache-log4j-notification + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: MailStore + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: NoviFlow product: '' cves: cve-2021-4104: @@ -66109,13 +71936,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.mailstore.com/en/blog/mailstore-affected-by-log4shell/ + - https://noviflow.com/noviflow-products-and-the-log4shell-exploit-cve-2021-44228/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Maltego - product: '' + - vendor: Nulab + product: Backlog cves: cve-2021-4104: investigated: false @@ -66123,9 +71950,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - N/A (SaaS) unaffected_versions: [] cve-2021-45046: investigated: false @@ -66138,13 +71966,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.maltego.com/blog/our-response-to-log4j-cve-2021-44228/ + - https://nulab.com/blog/company-news/log4shell/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: ManageEngine - product: AD SelfService Plus + - vendor: Nulab + product: Backlog Enterprise (On-premises) cves: cve-2021-4104: investigated: false @@ -66154,9 +71982,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - Build 6.1 build 6114 + fixed_versions: + - < 1.11.7 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -66167,13 +71995,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://nulab.com/blog/company-news/log4shell/ notes: '' references: - '' - last_updated: '2021-12-27T00:00:00' - - vendor: ManageEngine - product: Servicedesk Plus + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Nulab + product: Cacoo cves: cve-2021-4104: investigated: false @@ -66182,9 +72011,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 11305 and below - fixed_versions: [] + affected_versions: [] + fixed_versions: + - N/A (SaaS) unaffected_versions: [] cve-2021-45046: investigated: false @@ -66197,13 +72026,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.manageengine.com/products/service-desk/security-response-plan.html + - https://nulab.com/blog/company-news/log4shell/ notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: ManageEngine Zoho - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Nulab + product: Cacoo Enterprise (On-premises) cves: cve-2021-4104: investigated: false @@ -66211,9 +72040,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - < 4.0.4 unaffected_versions: [] cve-2021-45046: investigated: false @@ -66226,13 +72056,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://pitstop.manageengine.com/portal/en/community/topic/log4j-ad-manager-plus + - https://nulab.com/blog/company-news/log4shell/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: ManageEngine Zoho - product: ADAudit Plus + - vendor: Nulab + product: Typetalk cves: cve-2021-4104: investigated: false @@ -66240,9 +72070,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - N/A (SaaS) unaffected_versions: [] cve-2021-45046: investigated: false @@ -66255,13 +72086,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1 + - https://nulab.com/blog/company-news/log4shell/ notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: ManageEngine Zoho - product: ADManager Plus + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Nutanix + product: AHV cves: cve-2021-4104: investigated: false @@ -66269,10 +72100,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -66284,13 +72116,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1 + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: ManageEngine Zoho - product: Analytics Plus + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: AOS cves: cve-2021-4104: investigated: false @@ -66298,10 +72130,12 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - LTS (including Prism Element) + - Community Edition cve-2021-45046: investigated: false affected_versions: [] @@ -66313,13 +72147,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1 + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: ManageEngine Zoho - product: Cloud Security Plus + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: AOS cves: cve-2021-4104: investigated: false @@ -66327,9 +72161,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - STS (including Prism Element) unaffected_versions: [] cve-2021-45046: investigated: false @@ -66342,13 +72177,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1 - notes: '' + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + notes: Patched in 6.0.2.4, available on the Portal for download. references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: ManageEngine Zoho - product: DataSecurity Plus + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: Beam cves: cve-2021-4104: investigated: false @@ -66371,13 +72206,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1 - notes: '' + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + notes: Saas-Based Procuct. See Advisory. references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: ManageEngine Zoho - product: EventLog Analyzer + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: BeamGov cves: cve-2021-4104: investigated: false @@ -66400,13 +72235,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1 - notes: '' + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + notes: Saas-Based Procuct. See Advisory. references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: ManageEngine Zoho - product: Exchange Reporter Plus + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: Calm cves: cve-2021-4104: investigated: false @@ -66414,10 +72249,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -66429,13 +72265,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1 + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: ManageEngine Zoho - product: Log360 + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: Calm Tunnel VM cves: cve-2021-4104: investigated: false @@ -66443,10 +72279,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -66458,13 +72295,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1 + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: ManageEngine Zoho - product: Log360 UEBA + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: Collector cves: cve-2021-4104: investigated: false @@ -66472,10 +72309,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -66487,13 +72325,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1 + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: ManageEngine Zoho - product: M365 Manager Plus + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: Collector Portal cves: cve-2021-4104: investigated: false @@ -66516,13 +72354,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1 - notes: '' + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + notes: Saas-Based Procuct. See Advisory. references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: ManageEngine Zoho - product: M365 Security Plus + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: Data Lens cves: cve-2021-4104: investigated: false @@ -66545,13 +72383,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1 - notes: '' + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + notes: Saas-Based Procuct. See Advisory. references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: ManageEngine Zoho - product: RecoveryManager Plus + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: Era cves: cve-2021-4104: investigated: false @@ -66559,10 +72397,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -66574,13 +72413,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1 + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: MariaDB - product: '' + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: File Analytics cves: cve-2021-4104: investigated: false @@ -66588,8 +72427,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 2.1.x + - 2.2.x + - 3.0+ fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -66603,13 +72445,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://mariadb.com/resources/blog/log4shell-and-mariadb-cve-2021-44228/ - notes: '' + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + notes: Mitigated in version 3.0.1 which is available on the Portal for download. + Mitigation is available [here](https://portal.nutanix.com/kb/12499) references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: MathWorks - product: All MathWorks general release desktop or server products + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: Files cves: cve-2021-4104: investigated: false @@ -66620,7 +72463,8 @@ software: investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -66632,13 +72476,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.mathworks.com/matlabcentral/answers/1610640-apache-log4j-vulnerability-cve-2021-44228-how-does-it-affect-matlab-run-time + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: MathWorks - product: MATLAB + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: Flow cves: cve-2021-4104: investigated: false @@ -66662,13 +72506,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.mathworks.com/content/dam/mathworks/policies/mathworks-response-to-cve-2021-44228-log4j-vulnerability.pdf + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Matillion - product: Matillion ETL + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: Flow Security Cental cves: cve-2021-4104: investigated: false @@ -66676,10 +72520,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - 1.59.10+ + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -66692,13 +72535,43 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://documentation.matillion.com/docs/security-advisory-14th-december-2021 + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + notes: Saas-Based Procuct. See Advisory. + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: Foundation + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf notes: '' references: - '' - last_updated: '2022-11-01T00:00:00' - - vendor: Matomo - product: '' + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: Frame cves: cve-2021-4104: investigated: false @@ -66721,13 +72594,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forum.matomo.org/t/matomo-is-not-concerned-by-the-log4j-security-breach-cve-2021-44228-discovered-on-december-2021-the-9th/44089 - notes: '' + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + notes: Saas-Based Procuct. See Advisory. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Mattermost FocalBoard - product: '' + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: FrameGov cves: cve-2021-4104: investigated: false @@ -66750,13 +72623,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forum.mattermost.org/t/log4j-vulnerability-concern/12676 - notes: '' + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + notes: Saas-Based Procuct. See Advisory. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: McAfee - product: Data Exchange Layer (DXL) Client + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: FSCVM cves: cve-2021-4104: investigated: false @@ -66764,10 +72637,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -66778,13 +72652,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf notes: '' references: - '' last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: Data Loss Prevention (DLP) Discover + - vendor: Nutanix + product: Insights cves: cve-2021-4104: investigated: false @@ -66806,13 +72681,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] - notes: '' + vendor_links: + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + notes: Saas-Based Procuct. See Advisory. references: - '' last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: Data Loss Prevention (DLP) Endpoint for Mac + - vendor: Nutanix + product: Karbon cves: cve-2021-4104: investigated: false @@ -66820,8 +72696,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -66834,13 +72711,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] - notes: '' + vendor_links: + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + notes: Mitigation is available [here](https://portal.nutanix.com/kb/12483) references: - '' last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: Data Loss Prevention (DLP) Endpoint for Windows + - vendor: Nutanix + product: Karbon Platform Service cves: cve-2021-4104: investigated: false @@ -66862,13 +72740,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] - notes: '' + vendor_links: + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + notes: Saas-Based Procuct. See Advisory. references: - '' last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: Data Loss Prevention (DLP) Monitor + - vendor: Nutanix + product: LCM cves: cve-2021-4104: investigated: false @@ -66876,10 +72755,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -66890,13 +72770,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf notes: '' references: - '' last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: Data Loss Prevention (DLP) Prevent + - vendor: Nutanix + product: Leap cves: cve-2021-4104: investigated: false @@ -66918,13 +72799,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] - notes: '' + vendor_links: + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + notes: Saas-Based Procuct. See Advisory. references: - '' last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: Endpoint Security (ENS) for Linux + - vendor: Nutanix + product: Mine cves: cve-2021-4104: investigated: false @@ -66932,8 +72814,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -66946,13 +72829,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] - notes: '' + vendor_links: + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + notes: Mitigation is available [here](https://portal.nutanix.com/kb/12484) references: - '' last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: Endpoint Security (ENS) for Mac + - vendor: Nutanix + product: Move cves: cve-2021-4104: investigated: false @@ -66960,10 +72844,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -66974,13 +72859,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf notes: '' references: - '' last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: Endpoint Security (ENS) for Windows + - vendor: Nutanix + product: MSP cves: cve-2021-4104: investigated: false @@ -66988,10 +72874,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: + - All + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + notes: Mitigation is available [here](https://portal.nutanix.com/kb/12482) + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: NCC + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -67002,13 +72919,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf notes: '' references: - '' last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: Enterprise Security Manager (ESM) + - vendor: Nutanix + product: NGT cves: cve-2021-4104: investigated: false @@ -67018,9 +72936,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - 11.5.3 - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -67032,13 +72950,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kc.mcafee.com/agent/index?page=content&id=SB10377 + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf notes: '' references: - '' last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: ePolicy Orchestrator Agent Handlers (ePO-AH) + - vendor: Nutanix + product: Objects cves: cve-2021-4104: investigated: false @@ -67046,8 +72964,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -67060,13 +72979,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] - notes: '' + vendor_links: + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + notes: Mitigation is available [here](https://portal.nutanix.com/kb/12482) references: - '' last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: ePolicy Orchestrator Application Server (ePO) + - vendor: Nutanix + product: Prism Central cves: cve-2021-4104: investigated: false @@ -67077,7 +72997,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - 5.10 CU11 + - All unaffected_versions: [] cve-2021-45046: investigated: false @@ -67090,13 +73010,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kc.mcafee.com/agent/index?page=content&id=SB10377 - notes: '' + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + notes: Patched in 2021-9.0.3, available on the Portal for download. references: - '' last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: Host Intrusion Prevention (Host IPS) + - vendor: Nutanix + product: Sizer cves: cve-2021-4104: investigated: false @@ -67118,13 +73038,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] - notes: '' + vendor_links: + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + notes: Saas-Based Procuct. See Advisory. references: - '' last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: Management of Native Encryption (MNE) + - vendor: Nutanix + product: Volumes cves: cve-2021-4104: investigated: false @@ -67132,10 +73053,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -67146,13 +73068,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf notes: '' references: - '' last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: McAfee Active Response (MAR) + - vendor: Nutanix + product: Witness VM cves: cve-2021-4104: investigated: false @@ -67160,10 +73083,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: + - All + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + notes: Mitigation is available [here](https://portal.nutanix.com/kb/12491) + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: X-Ray + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -67174,13 +73128,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf notes: '' references: - '' last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: McAfee Agent (MA) + - vendor: Nvidia + product: '' cves: cve-2021-4104: investigated: false @@ -67202,13 +73157,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://nvidia.custhelp.com/app/answers/detail/a_id/5294 notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: McAfee Application and Change Control (MACC) for Linux + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: NXLog + product: '' cves: cve-2021-4104: investigated: false @@ -67230,13 +73186,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://nxlog.co/news/apache-log4j-vulnerability-cve-2021-44228 notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: McAfee Application and Change Control (MACC) for Windows + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Objectif Lune + product: '' cves: cve-2021-4104: investigated: false @@ -67258,13 +73215,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://learn.objectiflune.com/blog/security/statement-on-log4j-vulnerability-cve-2021-4428/ notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: McAfee Client Proxy (MCP) for Mac + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: OCLC + product: '' cves: cve-2021-4104: investigated: false @@ -67286,13 +73244,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://oclc.service-now.com/status notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: McAfee Client Proxy (MCP) for Windows + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Octopus + product: '' cves: cve-2021-4104: investigated: false @@ -67314,13 +73273,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://advisories.octopus.com/adv/December.2306508680.html notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: McAfee Drive Encryption (MDE) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Okta + product: Advanced Server Access cves: cve-2021-4104: investigated: false @@ -67342,13 +73302,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://sec.okta.com/articles/2021/12/log4shell notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: McAfee Security for Microsoft Exchange (MSME) + last_updated: '2021-12-12T00:00:00' + - vendor: Okta + product: Okta Access Gateway cves: cve-2021-4104: investigated: false @@ -67370,13 +73331,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://sec.okta.com/articles/2021/12/log4shell notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: McAfee Security for Microsoft Exchange (MSME) + last_updated: '2021-12-12T00:00:00' + - vendor: Okta + product: Okta AD Agent cves: cve-2021-4104: investigated: false @@ -67398,13 +73360,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://sec.okta.com/articles/2021/12/log4shell notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: McAfee Security for Microsoft SharePoint (MSMS) + last_updated: '2021-12-12T00:00:00' + - vendor: Okta + product: Okta Browser Plugin cves: cve-2021-4104: investigated: false @@ -67426,13 +73389,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://sec.okta.com/articles/2021/12/log4shell notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: Network Security Manager (NSM) + last_updated: '2021-12-12T00:00:00' + - vendor: Okta + product: Okta IWA Web Agent cves: cve-2021-4104: investigated: false @@ -67454,13 +73418,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://sec.okta.com/articles/2021/12/log4shell notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: Network Security Platform (NSP) + last_updated: '2021-12-12T00:00:00' + - vendor: Okta + product: Okta LDAP Agent cves: cve-2021-4104: investigated: false @@ -67482,13 +73447,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://sec.okta.com/articles/2021/12/log4shell notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: Policy Auditor + last_updated: '2021-12-12T00:00:00' + - vendor: Okta + product: Okta Mobile cves: cve-2021-4104: investigated: false @@ -67510,13 +73476,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://sec.okta.com/articles/2021/12/log4shell notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: Threat Intelligence Exchange (TIE) + last_updated: '2021-12-12T00:00:00' + - vendor: Okta + product: Okta On-Prem MFA Agent cves: cve-2021-4104: investigated: false @@ -67524,8 +73491,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - < 1.4.6 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -67539,13 +73507,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kc.mcafee.com/agent/index?page=content&id=SB10377 - notes: Latest status in linked Security Bulletin + - https://trust.okta.com/security-advisories/okta-on-prem-mfa-agent-cve-2021-44228 + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: Web Gateway (MWG) + last_updated: '2021-12-12T00:00:00' + - vendor: Okta + product: Okta RADIUS Server Agent cves: cve-2021-4104: investigated: false @@ -67553,8 +73521,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - < 2.17.0 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -67568,13 +73537,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kc.mcafee.com/agent/index?page=content&id=SB10377 + - https://trust.okta.com/security-advisories/okta-radius-server-agent-cve-2021-44228 notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Medtronic - product: '' + last_updated: '2021-12-12T00:00:00' + - vendor: Okta + product: Okta Verify cves: cve-2021-4104: investigated: false @@ -67597,13 +73566,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://global.medtronic.com/xg-en/product-security/security-bulletins/log4j-vulnerabilities.html + - https://sec.okta.com/articles/2021/12/log4shell notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: MEINBERG - product: '' + last_updated: '2021-12-12T00:00:00' + - vendor: Okta + product: Okta Workflows cves: cve-2021-4104: investigated: false @@ -67626,13 +73595,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.meinbergglobal.com/english/news/meinberg-lantime-and-microsync-systems-not-at-risk-from-log4j-security-exploit.htm + - https://sec.okta.com/articles/2021/12/log4shell notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: MEINBERG - product: LANTIME and microSync + last_updated: '2021-12-12T00:00:00' + - vendor: Onespan + product: '' cves: cve-2021-4104: investigated: false @@ -67655,13 +73624,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.meinbergglobal.com/english/news/meinberg-lantime-and-microsync-systems-not-at-risk-from-log4j-security-exploit.htm + - https://www.onespan.com/remote-code-execution-vulnerability-in-log4j2-cve-2018-11776 notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Meltano - product: Meltano + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Opengear + product: '' cves: cve-2021-4104: investigated: false @@ -67684,12 +73653,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://github.com/meltano/meltano - notes: Project is written in Python + - https://opengear.zendesk.com/hc/en-us/articles/4412713339419-CVE-2021-44228-aka-Log4Shell-Opengear-products-are-not-affected + notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Memurai + - vendor: OpenMRS TALK product: '' cves: cve-2021-4104: @@ -67713,13 +73682,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.memurai.com/blog/apache-log4j2-cve-2021-44228 + - https://talk.openmrs.org/t/urgent-security-advisory-2021-12-11-re-apache-log4j-2/35341 notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Micro Focus - product: Data Protector + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: OpenNMS + product: '' cves: cve-2021-4104: investigated: false @@ -67727,19 +73696,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - '10.20' - - '10.30' - - '10.40' - - '10.50' - - '10.60' - - '10.70' - - '10.80' - - '10.90' - - '10.91' - - '11.00' + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -67752,13 +73711,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://portal.microfocus.com/s/article/KM000003052 + - https://www.opennms.com/en/blog/2021-12-10-opennms-products-affected-by-apache-log4j-vulnerability-cve-2021-44228/ notes: '' references: - - '[https://portal.microfocus.com/s/article/KM000003050](https://portal.microfocus.com/s/article/KM000003050)' - last_updated: '2021-12-13T00:00:00' - - vendor: Microsoft - product: Azure API Gateway + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: OpenSearch + product: '' cves: cve-2021-4104: investigated: false @@ -67781,13 +73740,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/ + - https://discuss.opendistrocommunity.dev/t/log4j-patch-for-cve-2021-44228/7950 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Microsoft - product: Azure Application Gateway + - vendor: OpenText + product: '' cves: cve-2021-4104: investigated: false @@ -67810,13 +73769,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/ + - https://www.opentext.com/support/log4j-remote-code-execution-advisory notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Microsoft - product: Azure Data lake store java + last_updated: '2021-12-23T00:00:00' + - vendor: Opto 22 + product: GROOV-AR1, GROOV-AR1-BASE, GROOV-AR1-SNAP cves: cve-2021-4104: investigated: false @@ -67826,8 +73785,9 @@ software: cve-2021-44228: investigated: true affected_versions: - - < 2.3.10 - fixed_versions: [] + - < 4.3g + fixed_versions: + - 4.3g unaffected_versions: [] cve-2021-45046: investigated: false @@ -67840,13 +73800,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://github.com/Azure/azure-data-lake-store-java/blob/ed5d6304783286c3cfff0a1dee457a922e23ad48/CHANGES.md#version-2310 - notes: '' + - https://blog.opto22.com/optoblog/new-update-to-address-log4shell/log4j-exploit + notes: The Log4j vulnerability affects all products running groov View software references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Microsoft - product: Azure Data lake store java + last_updated: '2022-01-13T00:00:00' + - vendor: Opto 22 + product: GROOV-AT1, GROOV-AT1-SNAP cves: cve-2021-4104: investigated: false @@ -67856,8 +73816,9 @@ software: cve-2021-44228: investigated: true affected_versions: - - < 2.3.10 - fixed_versions: [] + - < 4.3g + fixed_versions: + - 4.3g unaffected_versions: [] cve-2021-45046: investigated: false @@ -67870,13 +73831,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://github.com/Azure/azure-data-lake-store-java/blob/ed5d6304783286c3cfff0a1dee457a922e23ad48/CHANGES.md#version-2310 - notes: '' + - https://blog.opto22.com/optoblog/new-update-to-address-log4shell/log4j-exploit + notes: The Log4j vulnerability affects all products running groov View software references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Microsoft - product: Azure DevOps + last_updated: '2022-01-13T00:00:00' + - vendor: Opto 22 + product: GROOV-SVR-WIN, GROOV-SVR-WIN-BASE, GROOV-SVR-WIN-SNAP cves: cve-2021-4104: investigated: false @@ -67884,9 +73845,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] + investigated: true + affected_versions: + - < 4.3g + fixed_versions: + - 4.3g unaffected_versions: [] cve-2021-45046: investigated: false @@ -67899,13 +73862,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://devblogs.microsoft.com/devops/azure-devops-and-azure-devops-server-and-the-log4j-vulnerability/?WT.mc_id=DOP-MVP-5001511 - notes: '' + - https://blog.opto22.com/optoblog/new-update-to-address-log4shell/log4j-exploit + notes: The Log4j vulnerability affects all products running groov View software references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Microsoft - product: Azure DevOps Server + last_updated: '2022-01-13T00:00:00' + - vendor: Opto 22 + product: GRV-EPIC-PR1, GRV-EPIC-PR2 cves: cve-2021-4104: investigated: false @@ -67915,8 +73878,9 @@ software: cve-2021-44228: investigated: true affected_versions: - - 2019.0 - 2020.1 - fixed_versions: [] + - < 3.3.2 + fixed_versions: + - 3.3.2 unaffected_versions: [] cve-2021-45046: investigated: false @@ -67929,13 +73893,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://devblogs.microsoft.com/devops/azure-devops-and-azure-devops-server-and-the-log4j-vulnerability/?WT.mc_id=DOP-MVP-5001511 - notes: '' + - https://blog.opto22.com/optoblog/new-update-to-address-log4shell/log4j-exploit + notes: The Log4j vulnerability affects all products running groov View software references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Microsoft - product: Azure Traffic Manager + last_updated: '2022-01-13T00:00:00' + - vendor: Oracle + product: '' cves: cve-2021-4104: investigated: false @@ -67958,13 +73922,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/ - notes: '' + - https://www.oracle.com/security-alerts/alert-cve-2021-44228.html + notes: The support document is available to customers only and has not been reviewed + by CISA references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Microsoft - product: Team Foundation Server + last_updated: '2021-12-17T00:00:00' + - vendor: Oracle + product: Enterprise Manager cves: cve-2021-4104: investigated: false @@ -67974,7 +73939,8 @@ software: cve-2021-44228: investigated: true affected_versions: - - 2018.2+ + - '13.5' + - 13.4 & 13.3.2 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -67988,13 +73954,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://devblogs.microsoft.com/devops/azure-devops-and-azure-devops-server-and-the-log4j-vulnerability/?WT.mc_id=DOP-MVP-5001511 - notes: '' + - https://www.oracle.com/security-alerts/alert-cve-2021-44228.html + notes: Patch status and other security guidance is restricted to Oracle account/support + members. The support document is available to customers only and has not been + reviewed by CISA. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Microstrategy - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: Oracle + product: Exadata cves: cve-2021-4104: investigated: false @@ -68002,8 +73970,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - <21.3.4 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -68017,12 +73986,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.microstrategy.com/s/article/MicroStrategy-s-response-to-CVE-2021-44228-The-Log4j-0-Day-Vulnerability?language=en_US - notes: '' + - https://www.oracle.com/security-alerts/alert-cve-2021-44228.html + notes: Patch status and other security guidance is restricted to Oracle account/support + members. The support document is available to customers only and has not been + reviewed by CISA. references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Midori Global + last_updated: '2021-12-17T00:00:00' + - vendor: Orgavision product: '' cves: cve-2021-4104: @@ -68046,13 +74017,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.midori-global.com/blog/2021/12/15/cve-2021-44228-log4shell-midori-apps-are-not-affected + - https://www.orgavision.com/neuigkeiten/sicherheitsluecke-java-library-log4j notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Mikrotik - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Osirium + product: PAM cves: cve-2021-4104: investigated: false @@ -68075,13 +74046,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forum.mikrotik.com/viewtopic.php?p=897938 + - https://www.osirium.com/blog/apache-log4j-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Milestone sys - product: '' + - vendor: Osirium + product: PEM cves: cve-2021-4104: investigated: false @@ -68104,13 +74075,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportcommunity.milestonesys.com/s/article/Log4J-vulnerability-faq?language=en_US + - https://www.osirium.com/blog/apache-log4j-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Mimecast - product: '' + - vendor: Osirium + product: PPA cves: cve-2021-4104: investigated: false @@ -68133,12 +74104,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.mimecast.com/s/article/Mimecast-Information-for-Customers-on-the-Log4Shell-Vulnerability + - https://www.osirium.com/blog/apache-log4j-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Minecraft + - vendor: OTRS product: '' cves: cve-2021-4104: @@ -68162,12 +74133,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.minecraft.net/en-us/article/important-message--security-vulnerability-java-edition + - https://portal.otrs.com/external notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Mirantis + - vendor: OVHCloud product: '' cves: cve-2021-4104: @@ -68191,12 +74162,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://github.com/Mirantis/security/blob/main/news/cve-2021-44288.md + - https://blog.ovhcloud.com/log4shell-how-to-protect-my-cloud-workloads/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Miro + - vendor: OwnCloud product: '' cves: cve-2021-4104: @@ -68220,13 +74191,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://miro.com/trust/updates/log4j/ + - https://central.owncloud.org/t/owncloud-not-directly-affected-by-log4j-vulnerability/35493 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Mitel - product: '' + - vendor: OxygenXML + product: Author cves: cve-2021-4104: investigated: false @@ -68248,14 +74219,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-21-0010 - notes: '' + vendor_links: [] + notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: MMM Group - product: Control software of all MMM series + last_updated: '2021-12-17T00:00:00' + - vendor: OxygenXML + product: Developer cves: cve-2021-4104: investigated: false @@ -68277,14 +74247,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.mmmgroup.com/en/news/cybersecurity-vulnerability-log4shell-java-library-log4j - notes: '' + vendor_links: [] + notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: MMM Group - product: RUMED360 Cycles, RUMED360 Cycles View, RUMED360 Sicon, RUMED360 ISA-Server + last_updated: '2021-12-17T00:00:00' + - vendor: OxygenXML + product: Editor cves: cve-2021-4104: investigated: false @@ -68306,15 +74275,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.mmmgroup.com/en/news/cybersecurity-vulnerability-log4shell-java-library-log4j - notes: '' + vendor_links: [] + notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: MongoDB - product: All other components of MongoDB Atlas (including Atlas Database, Data - Lake, Charts) + last_updated: '2021-12-17T00:00:00' + - vendor: OxygenXML + product: Oxygen Content Fusion cves: cve-2021-4104: investigated: false @@ -68322,10 +74289,42 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: + - '2.0' + - '3.0' + - '4.1' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: [] + notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: OxygenXML + product: Oxygen Feedback Enterprise + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 1.4.4 & older + fixed_versions: [] + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -68336,14 +74335,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb - notes: '' + vendor_links: [] + notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: MongoDB - product: MongoDB Atlas Search + last_updated: '2021-12-17T00:00:00' + - vendor: OxygenXML + product: Oxygen License Server cves: cve-2021-4104: investigated: false @@ -68351,10 +74349,43 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: + - v22.1 to v24.0 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: [] + notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: OxygenXML + product: Oxygen PDF Chemistry + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - v22.1 + - '23.0' + - '23.1' + - '24.0' + fixed_versions: [] + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -68365,15 +74396,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb - notes: '' + vendor_links: [] + notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: MongoDB - product: MongoDB Community Edition (including Community Server, Cloud Manager, - Community Kubernetes Operators) + last_updated: '2021-12-17T00:00:00' + - vendor: OxygenXML + product: Oxygen SDK cves: cve-2021-4104: investigated: false @@ -68395,14 +74424,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb - notes: '' + vendor_links: [] + notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: MongoDB - product: MongoDB Drivers + last_updated: '2021-12-17T00:00:00' + - vendor: OxygenXML + product: Plugins (see advisory link) cves: cve-2021-4104: investigated: false @@ -68424,15 +74452,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb - notes: '' + vendor_links: [] + notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: MongoDB - product: MongoDB Enterprise Advanced (including Enterprise Server, Ops Manager, - Enterprise Kubernetes Operators) + last_updated: '2021-12-17T00:00:00' + - vendor: OxygenXML + product: Publishing Engine cves: cve-2021-4104: investigated: false @@ -68454,14 +74480,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb - notes: '' + vendor_links: [] + notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: MongoDB - product: MongoDB Realm (including Realm Database, Sync, Functions, APIs) + last_updated: '2021-12-17T00:00:00' + - vendor: OxygenXML + product: Web Author cves: cve-2021-4104: investigated: false @@ -68483,15 +74508,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb - notes: '' + vendor_links: [] + notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: MongoDB - product: MongoDB Tools (including Compass, Database Shell, VS Code Plugin, Atlas - CLI, Database Connectors) + last_updated: '2021-12-17T00:00:00' + - vendor: OxygenXML + product: WebHelp cves: cve-2021-4104: investigated: false @@ -68513,14 +74536,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb - notes: '' + vendor_links: [] + notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Moodle - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: PagerDuty + product: PagerDuty SaaS cves: cve-2021-4104: investigated: false @@ -68543,13 +74565,16 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://moodle.org/mod/forum/discuss.php?d=429966 - notes: '' + - https://support.pagerduty.com/docs/pagerduty-log4j-zero-day-vulnerability + notes: We currently see no evidence of compromises on our platform. Our teams + continue to monitor for new developments and for impacts on sub-processors and + dependent systems. PagerDuty SaaS customers do not need to take any additional + action for their PagerDuty SaaS environment references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: MoogSoft - product: '' + last_updated: '2021-12-21T00:00:00' + - vendor: Palantir + product: Palantir AI Inference Platform (AIP) cves: cve-2021-4104: investigated: false @@ -68557,9 +74582,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: investigated: false @@ -68572,13 +74598,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://servicedesk.moogsoft.com/hc/en-us/articles/4412463233811?input_string=log4j+vulnerability+%7C%7C+cve-2021-44228 - notes: '' + - https://www.palantir.com/security-advisories/log4j-vulnerability/ + notes: Fully remediated as of 1.97.0. Disconnected customer instances may require + manual updates. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Motorola Avigilon - product: '' + last_updated: '2021-12-19T00:00:00' + - vendor: Palantir + product: Palantir Apollo cves: cve-2021-4104: investigated: false @@ -68586,10 +74613,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -68601,45 +74629,45 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.avigilon.com/s/article/Technical-Notification-Apache-Log4j2-vulnerability-impact-on-Avigilon-products-CVE-2021-44228?language=en_US - notes: '' + - https://www.palantir.com/security-advisories/log4j-vulnerability/ + notes: No impact, and updates have been deployed for full remediation. references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Moxa - product: '' + last_updated: '2021-12-19T00:00:00' + - vendor: Palantir + product: Palantir Foundry cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: + fixed_versions: - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.moxa.com/en/support/product-support/security-advisory/moxa-s-response-regarding-the-apache-log4j-vulnerability - notes: Moxa is investigating to determine if any of our products are affected - by this vulnerability. At the time of publication, none of Moxa's products are - affected. + - https://www.palantir.com/security-advisories/log4j-vulnerability/ + notes: No impact to Palantir-hosted or Apollo-connected instances, and updates + have been deployed for full remediation. Disconnected customer instances may + require manual updates. references: - '' - last_updated: '2022-01-19T00:00:00' - - vendor: Mulesoft - product: '' + last_updated: '2021-12-19T00:00:00' + - vendor: Palantir + product: Palantir Gotham cves: cve-2021-4104: investigated: false @@ -68647,9 +74675,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: investigated: false @@ -68662,14 +74691,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.mulesoft.com/s/article/Apache-Log4j2-vulnerability-December-2021 - notes: This advisory is available to customers only and has not been reviewed - by CISA + - https://www.palantir.com/security-advisories/log4j-vulnerability/ + notes: No impact to Palantir-hosted or Apollo-connected instances, and updates + have been deployed for full remediation. Disconnected customer instances may + require manual updates. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Mulesoft - product: Anypoint Studio + last_updated: '2021-12-19T00:00:00' + - vendor: Palo-Alto Networks + product: Bridgecrew cves: cve-2021-4104: investigated: false @@ -68677,9 +74707,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 7.x + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -68693,14 +74722,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.mulesoft.com/s/article/Apache-Log4j2-vulnerability-December-2021 - notes: This advisory is available to account holders only and has not been reviewed - by CISA. + - https://security.paloaltonetworks.com/CVE-2021-44228 + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Mulesoft - product: Cloudhub + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: CloudGenix cves: cve-2021-4104: investigated: false @@ -68723,14 +74751,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.mulesoft.com/s/article/Apache-Log4j2-vulnerability-December-2021 - notes: This advisory is available to account holders only and has not been reviewed - by CISA. + - https://security.paloaltonetworks.com/CVE-2021-44228 + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Mulesoft - product: Mule Agent + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: Cortex Data Lake cves: cve-2021-4104: investigated: false @@ -68738,9 +74765,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 6.x + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -68754,14 +74780,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.mulesoft.com/s/article/Apache-Log4j2-vulnerability-December-2021 - notes: This advisory is available to account holders only and has not been reviewed - by CISA. + - https://security.paloaltonetworks.com/CVE-2021-44228 + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Mulesoft - product: Mule Runtime + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: Cortex XDR Agent cves: cve-2021-4104: investigated: false @@ -68769,10 +74794,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 3.x - - 4.x + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -68786,14 +74809,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.mulesoft.com/s/article/Apache-Log4j2-vulnerability-December-2021 - notes: This advisory is available to account holders only and has not been reviewed - by CISA. + - https://security.paloaltonetworks.com/CVE-2021-44228 + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: N-able - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: Cortex Xpanse cves: cve-2021-4104: investigated: false @@ -68816,13 +74838,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.n-able.com/security-and-privacy/apache-log4j-vulnerability + - https://security.paloaltonetworks.com/CVE-2021-44228 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Nagios - product: '' + - vendor: Palo-Alto Networks + product: Cortex XSOAR cves: cve-2021-4104: investigated: false @@ -68845,13 +74867,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.nagios.com/news/2021/12/update-on-apache-log4j-vulnerability/ + - https://security.paloaltonetworks.com/CVE-2021-44228 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: NAKIVO - product: '' + - vendor: Palo-Alto Networks + product: Expedition cves: cve-2021-4104: investigated: false @@ -68874,46 +74896,42 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forum.nakivo.com/index.php?/topic/7574-log4j-cve-2021-44228/&do=findComment&comment=9145 + - https://security.paloaltonetworks.com/CVE-2021-44228 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: National Instruments - product: OptimalPlus + - vendor: Palo-Alto Networks + product: GlobalProtect App cves: cve-2021-4104: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Vertica - - Cloudera - - Logstash + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ni.com/en-us/support/documentation/supplemental/21/ni-response-to-apache-log4j-vulnerability-.html - notes: (Limited to deployments running Vertica, Cloudera, or Logstash) Contact - Technical Support + - https://security.paloaltonetworks.com/CVE-2021-44228 + notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Neo4j - product: Neo4j Graph Database + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: IoT Security cves: cve-2021-4104: investigated: false @@ -68921,10 +74939,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - '>4.2' - - <4..2.12 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -68937,13 +74953,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://security.paloaltonetworks.com/CVE-2021-44228 notes: '' references: - '' - last_updated: '2021-12-13T00:00:00' - - vendor: Netapp - product: Multiple NetApp products + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: Okyo Grade cves: cve-2021-4104: investigated: false @@ -68966,13 +74983,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://security.netapp.com/advisory/ntap-20211210-0007/ + - https://security.paloaltonetworks.com/CVE-2021-44228 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Netcup - product: '' + - vendor: Palo-Alto Networks + product: Palo-Alto Networks-OS for Firewall and Wildfire cves: cve-2021-4104: investigated: false @@ -68995,13 +75012,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.netcup-news.de/2021/12/14/pruefung-log4j-sicherheitsluecken-abgeschlossen/ + - https://security.paloaltonetworks.com/CVE-2021-44228 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: NetGate PFSense - product: '' + - vendor: Palo-Alto Networks + product: Palo-Alto Networks-OS for Panorama cves: cve-2021-4104: investigated: false @@ -69009,8 +75026,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '9.0' + - '9.1' + - '10.0' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -69024,13 +75044,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forum.netgate.com/topic/168417/java-log4j-vulnerability-is-pfsense-affected/35 + - https://security.paloaltonetworks.com/CVE-2021-44228 notes: '' references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Netwrix - product: '' + - Upgrade Panorama to PAN-OS 10.1 to remediate this issue. This advisory will + be updated when hot fixes for the affected Panorama versions are available. + PAN-OS for Panorama versions 8.1, 10.1 are not affected. + last_updated: '2021-12-15T00:00:00' + - vendor: Palo-Alto Networks + product: Prisma Access cves: cve-2021-4104: investigated: false @@ -69053,13 +75075,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.netwrix.com/netwrix_statement_on_cve_2021_44228_the_apache_log4j_vulnerability.html + - https://security.paloaltonetworks.com/CVE-2021-44228 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: New Relic - product: Containerized Private Minion (CPM) + - vendor: Palo-Alto Networks + product: Prisma Cloud cves: cve-2021-4104: investigated: false @@ -69067,10 +75089,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - 3.0.57 + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -69083,14 +75104,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.newrelic.com/docs/security/new-relic-security/security-bulletins/security-bulletin-nr21-04/ - notes: New Relic is in the process of revising guidance/documentation, however - the fix version remains sufficient. + - https://security.paloaltonetworks.com/CVE-2021-44228 + notes: '' references: - - '[Security Bulletin NR21-04](https://docs.newrelic.com/docs/security/new-relic-security/security-bulletins/security-bulletin-nr21-04/)' - last_updated: '2021-12-18T00:00:00' - - vendor: New Relic - product: New Relic Java Agent + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: Prisma Cloud Compute cves: cve-2021-4104: investigated: false @@ -69098,9 +75118,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - <7.4.3 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -69114,14 +75133,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.newrelic.com/docs/release-notes/agent-release-notes/java-release-notes/java-agent-743/ - notes: Initially fixed in 7.4.2, but additional vulnerability found + - https://security.paloaltonetworks.com/CVE-2021-44228 + notes: '' references: - - '[New Relic tracking](https://github.com/newrelic/newrelic-java-agent/issues/605), - covers CVE-2021-44228, CVE-2021-45046' - last_updated: '2021-12-20T00:00:00' - - vendor: NextCloud - product: '' + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: SaaS Security cves: cve-2021-4104: investigated: false @@ -69144,13 +75162,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.nextcloud.com/t/apache-log4j-does-not-affect-nextcloud/129244 + - https://security.paloaltonetworks.com/CVE-2021-44228 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Nextflow - product: Nextflow + - vendor: Palo-Alto Networks + product: User-ID Agent cves: cve-2021-4104: investigated: false @@ -69158,11 +75176,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - 21.04.0.5552 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -69174,13 +75191,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.nextflow.io/docs/latest/index.html + - https://security.paloaltonetworks.com/CVE-2021-44228 notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Nexus Group - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: WildFire Appliance cves: cve-2021-4104: investigated: false @@ -69203,13 +75220,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://doc.nexusgroup.com/pages/viewpage.action?pageId=83133294 + - https://security.paloaltonetworks.com/CVE-2021-44228 notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Nice Software (AWS) EnginFRAME - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: WildFire Cloud cves: cve-2021-4104: investigated: false @@ -69232,254 +75249,256 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.enginframe.com/ + - https://security.paloaltonetworks.com/CVE-2021-44228 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: NinjaRMM - product: '' + - vendor: Panasonic + product: KX-HDV100 cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://ninjarmm.zendesk.com/hc/en-us/articles/4416226194189-12-10-21-Security-Declaration-NinjaOne-not-affected-by-CVE-2021-44228-log4j- - notes: This advisory is available to customers only and has not been reviewed - by CISA + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html + notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Nomachine - product: '' + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-HDV130 cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.nomachine.com/topic/apache-log4j-notification + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: NoviFlow - product: '' + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-HDV230 cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://noviflow.com/noviflow-products-and-the-log4shell-exploit-cve-2021-44228/ + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Nulab - product: Backlog + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-HDV330 cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - N/A (SaaS) - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://nulab.com/blog/company-news/log4shell/ + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Nulab - product: Backlog Enterprise (On-premises) + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-HDV340 cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - < 1.11.7 - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://nulab.com/blog/company-news/log4shell/ + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Nulab - product: Cacoo + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-HDV430 cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - N/A (SaaS) - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://nulab.com/blog/company-news/log4shell/ + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Nulab - product: Cacoo Enterprise (On-premises) + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-HDV800 cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - < 4.0.4 - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://nulab.com/blog/company-news/log4shell/ + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Nulab - product: Typetalk + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-TGP500 cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - N/A (SaaS) - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://nulab.com/blog/company-news/log4shell/ + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Nutanix - product: AHV + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-TGP550 cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -69490,26 +75509,26 @@ software: unaffected_versions: - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: AOS + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-TGP600 cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -69518,117 +75537,118 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - LTS (including Prism Element) - - Community Edition + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: AOS + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-TGP700 cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - STS (including Prism Element) - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf - notes: Patched in 6.0.2.4, available on the Portal for download. + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: Beam + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-UDS124 cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf - notes: Saas-Based Procuct. See Advisory. + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: BeamGov + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-UT113 cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf - notes: Saas-Based Procuct. See Advisory. + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: Calm + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-UT123 cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -69639,26 +75659,26 @@ software: unaffected_versions: - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: Calm Tunnel VM + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-UT133 cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -69669,26 +75689,26 @@ software: unaffected_versions: - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: Collector + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-UT136 cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -69699,81 +75719,83 @@ software: unaffected_versions: - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: Collector Portal + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-UT248 cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf - notes: Saas-Based Procuct. See Advisory. + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: Data Lens + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-UT670 cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf - notes: Saas-Based Procuct. See Advisory. + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: Era + last_updated: '2022-01-20T00:00:00' + - vendor: Panopto + product: '' cves: cve-2021-4104: investigated: false @@ -69781,11 +75803,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -69797,13 +75818,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + - https://support.panopto.com/s/article/Panopto-Statement-on-the-Log4j2-Zero-Day-Vulnerability notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: File Analytics + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PaperCut + product: PaperCut MF cves: cve-2021-4104: investigated: false @@ -69813,9 +75834,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 2.1.x - - 2.2.x - - 3.0+ + - 21.0 and later fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -69829,14 +75848,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf - notes: Mitigated in version 3.0.1 which is available on the Portal for download. - Mitigation is available [here](https://portal.nutanix.com/kb/12499) + - https://www.papercut.com/support/known-issues/?id=PO-684#ng + notes: Versions 21.0 and later are impacted. Versions 20 and earlier are NOT impacted + by this. Workaround manual steps available in reference. Upgrade to PaperCut + NG/MF version 21.2.3 Now Available to resolve. references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: Files + last_updated: '2021-12-16T00:00:00' + - vendor: PaperCut + product: PaperCut NG cves: cve-2021-4104: investigated: false @@ -69845,10 +75865,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 21.0 and later fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -69860,13 +75880,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf - notes: '' + - https://www.papercut.com/support/known-issues/?id=PO-684#ng + notes: Versions 21.0 and later are impacted. Versions 20 and earlier are NOT impacted + by this. Workaround manual steps available in reference. Upgrade to PaperCut + NG/MF version 21.2.3 Now Available to resolve. references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: Flow + last_updated: '2021-12-16T00:00:00' + - vendor: Parallels + product: '' cves: cve-2021-4104: investigated: false @@ -69874,11 +75896,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -69890,13 +75911,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + - https://kb.parallels.com/en/128696 notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: Flow Security Cental + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Parse.ly + product: '' cves: cve-2021-4104: investigated: false @@ -69919,13 +75940,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf - notes: Saas-Based Procuct. See Advisory. + - https://blog.parse.ly/parse-ly-log4shell/ + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: Foundation + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PBXMonitor + product: RMM for 3CX PBX cves: cve-2021-4104: investigated: false @@ -69933,11 +75954,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -69949,13 +75969,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf - notes: '' + - https://www.pbxmonitor.net/changelog.php + notes: Mirror Servers were also checked to ensure Log4J was not installed or being + used by any of our systems. references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: Frame + last_updated: '2021-12-22T00:00:00' + - vendor: Pega + product: '' cves: cve-2021-4104: investigated: false @@ -69978,13 +75999,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf - notes: Saas-Based Procuct. See Advisory. + - https://docs.pega.com/security-advisory/security-advisory-apache-log4j-zero-day-vulnerability + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: FrameGov + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pentaho + product: '' cves: cve-2021-4104: investigated: false @@ -70007,13 +76028,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf - notes: Saas-Based Procuct. See Advisory. + - https://support.pentaho.com/hc/en-us/articles/4416229254541-log4j-2-zero-day-vulnerability-No-impact-to-supported-versions-of-Pentaho- + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: FSCVM + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pepperl+Fuchs + product: '' cves: cve-2021-4104: investigated: false @@ -70021,11 +76042,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -70037,13 +76057,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + - https://www.pepperl-fuchs.com/global/en/29079.htm notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: Insights + last_updated: '2021-12-21T00:00:00' + - vendor: Percona + product: '' cves: cve-2021-4104: investigated: false @@ -70066,13 +76086,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf - notes: Saas-Based Procuct. See Advisory. + - https://www.percona.com/blog/log4jshell-vulnerability-update/ + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: Karbon + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pexip + product: '' cves: cve-2021-4104: investigated: false @@ -70080,9 +76100,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - All + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -70096,13 +76115,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf - notes: Mitigation is available [here](https://portal.nutanix.com/kb/12483) + - https://www.pexip.com/blog1.0/pexip-statement-on-log4j-vulnerability + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: Karbon Platform Service + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Phenix Id + product: '' cves: cve-2021-4104: investigated: false @@ -70125,13 +76144,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf - notes: Saas-Based Procuct. See Advisory. + - https://support.phenixid.se/uncategorized/log4j-fix/ + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: LCM + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Philips + product: Multiple products cves: cve-2021-4104: investigated: false @@ -70139,11 +76158,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -70155,13 +76173,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + - https://www.philips.com/a-w/security/security-advisories.html notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: Leap + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PHOENIX CONTACT + product: Cloud Services cves: cve-2021-4104: investigated: false @@ -70184,13 +76202,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf - notes: Saas-Based Procuct. See Advisory. + - https://dam-mdc.phoenixcontact.com/asset/156443151564/1a0f6db6bbc86540bfe4f05fd65877f4/Vulnerability_Statement_Log4J_20211215.pdf + notes: Partly affected. Remediations are being implemented. references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: Mine + last_updated: '2021-12-22T00:00:00' + - vendor: PHOENIX CONTACT + product: Physical products containing firmware cves: cve-2021-4104: investigated: false @@ -70198,9 +76216,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - All + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -70214,13 +76231,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf - notes: Mitigation is available [here](https://portal.nutanix.com/kb/12484) + - https://dam-mdc.phoenixcontact.com/asset/156443151564/1a0f6db6bbc86540bfe4f05fd65877f4/Vulnerability_Statement_Log4J_20211215.pdf + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: Move + last_updated: '2021-12-22T00:00:00' + - vendor: PHOENIX CONTACT + product: Software Products cves: cve-2021-4104: investigated: false @@ -70228,11 +76245,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -70244,13 +76260,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + - https://dam-mdc.phoenixcontact.com/asset/156443151564/1a0f6db6bbc86540bfe4f05fd65877f4/Vulnerability_Statement_Log4J_20211215.pdf notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: MSP + last_updated: '2021-12-22T00:00:00' + - vendor: Ping Identity + product: PingAccess cves: cve-2021-4104: investigated: false @@ -70260,7 +76276,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - All + - 4.0 <= version <= 6.3.2 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -70274,13 +76290,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf - notes: Mitigation is available [here](https://portal.nutanix.com/kb/12482) + - https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228 + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: NCC + last_updated: '2021-12-15T00:00:00' + - vendor: Ping Identity + product: PingCentral cves: cve-2021-4104: investigated: false @@ -70288,11 +76304,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -70304,13 +76319,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + - https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228 notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: NGT + last_updated: '2021-12-15T00:00:00' + - vendor: Ping Identity + product: PingFederate cves: cve-2021-4104: investigated: false @@ -70319,10 +76334,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 8.0 <= version <= 10.3.4 fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -70334,13 +76349,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + - https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228 notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: Objects + last_updated: '2021-12-15T00:00:00' + - vendor: Ping Identity + product: PingFederate Java Integration Kit cves: cve-2021-4104: investigated: false @@ -70350,7 +76365,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - All + - < 2.7.2 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -70364,13 +76379,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf - notes: Mitigation is available [here](https://portal.nutanix.com/kb/12482) + - https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228 + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: Prism Central + last_updated: '2021-12-15T00:00:00' + - vendor: Ping Identity + product: PingFederate OAuth Playground cves: cve-2021-4104: investigated: false @@ -70379,9 +76394,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: - - All + affected_versions: + - < 4.3.1 + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -70394,13 +76409,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf - notes: Patched in 2021-9.0.3, available on the Portal for download. + - https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228 + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: Sizer + last_updated: '2021-12-15T00:00:00' + - vendor: Ping Identity + product: PingIntelligence cves: cve-2021-4104: investigated: false @@ -70423,13 +76438,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf - notes: Saas-Based Procuct. See Advisory. + - https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228 + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: Volumes + last_updated: '2021-12-15T00:00:00' + - vendor: Pitney Bowes + product: '' cves: cve-2021-4104: investigated: false @@ -70437,11 +76452,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -70453,13 +76467,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + - https://www.pitneybowes.com/us/support/apache-log4j-vulnerability.html notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: Witness VM + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Planmeca + product: '' cves: cve-2021-4104: investigated: false @@ -70467,9 +76481,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - All + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -70483,13 +76496,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf - notes: Mitigation is available [here](https://portal.nutanix.com/kb/12491) + - https://www.planmeca.com/apache-log4j-vulnerability-in-planmeca-products/ + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: X-Ray + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Planon Software + product: '' cves: cve-2021-4104: investigated: false @@ -70497,11 +76510,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -70513,12 +76525,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf - notes: '' + - https://my.planonsoftware.com/uk/news/log4j-impact-on-planon/ + notes: This advisory is available for customers only and has not been reviewed + by CISA references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nvidia + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Platform.SH product: '' cves: cve-2021-4104: @@ -70542,12 +76555,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://nvidia.custhelp.com/app/answers/detail/a_id/5294 + - https://platform.sh/blog/2021/platformsh-protects-from-apache-log4j/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: NXLog + - vendor: Plesk product: '' cves: cve-2021-4104: @@ -70571,13 +76584,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://nxlog.co/news/apache-log4j-vulnerability-cve-2021-44228 + - https://support.plesk.com/hc/en-us/articles/4412182812818-CVE-2021-44228-vulnerability-in-log4j-package-of-Apache notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Objectif Lune - product: '' + - vendor: Plex + product: Plex Industrial IoT cves: cve-2021-4104: investigated: false @@ -70600,12 +76613,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://learn.objectiflune.com/blog/security/statement-on-log4j-vulnerability-cve-2021-4428/ - notes: '' + - https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605 + notes: The product has been updated to Log4j version 2.15. An additional patch + is being developed to update to 2.16. No user interaction is required. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: OCLC + last_updated: '2021-12-15T00:00:00' + - vendor: Polycom product: '' cves: cve-2021-4104: @@ -70629,12 +76643,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://oclc.service-now.com/status + - https://support.polycom.com/content/dam/polycom-support/global/documentation/plygn-21-08-poly-systems-apache.pdf notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Octopus + - vendor: Portainer product: '' cves: cve-2021-4104: @@ -70658,13 +76672,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://advisories.octopus.com/adv/December.2306508680.html + - https://www.portainer.io/blog/portainer-statement-re-log4j-cve-2021-44228 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Okta - product: Advanced Server Access + - vendor: PortSwigger + product: '' cves: cve-2021-4104: investigated: false @@ -70687,13 +76701,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://sec.okta.com/articles/2021/12/log4shell + - https://forum.portswigger.net/thread/are-burp-collaborator-or-burp-enterprise-vulnerable-to-log4j-dc6524e0 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: Okta - product: Okta Access Gateway + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PostGreSQL + product: '' cves: cve-2021-4104: investigated: false @@ -70716,13 +76730,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://sec.okta.com/articles/2021/12/log4shell + - https://www.postgresql.org/about/news/postgresql-jdbc-and-the-log4j-cve-2371/ notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: Okta - product: Okta AD Agent + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Postman + product: '' cves: cve-2021-4104: investigated: false @@ -70745,13 +76759,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://sec.okta.com/articles/2021/12/log4shell + - https://support.postman.com/hc/en-us/articles/4415791933335-Is-Postman-impacted-by-the-Log4j-vulnerability-CVE-2021-44228- notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: Okta - product: Okta Browser Plugin + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Power Admin LLC + product: PA File Sight cves: cve-2021-4104: investigated: false @@ -70759,10 +76773,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - NONE cve-2021-45046: investigated: false affected_versions: [] @@ -70773,14 +76788,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://sec.okta.com/articles/2021/12/log4shell + vendor_links: [] notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: Okta - product: Okta IWA Web Agent + last_updated: '2021-12-17T00:00:00' + - vendor: Power Admin LLC + product: PA Server Monitor cves: cve-2021-4104: investigated: false @@ -70788,10 +76802,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - NONE cve-2021-45046: investigated: false affected_versions: [] @@ -70802,14 +76817,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://sec.okta.com/articles/2021/12/log4shell + vendor_links: [] notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: Okta - product: Okta LDAP Agent + last_updated: '2021-12-17T00:00:00' + - vendor: Power Admin LLC + product: PA Storage Monitor cves: cve-2021-4104: investigated: false @@ -70817,10 +76831,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - NONE cve-2021-45046: investigated: false affected_versions: [] @@ -70831,14 +76846,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://sec.okta.com/articles/2021/12/log4shell + vendor_links: [] notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: Okta - product: Okta Mobile + last_updated: '2021-12-17T00:00:00' + - vendor: Pretix + product: '' cves: cve-2021-4104: investigated: false @@ -70861,13 +76875,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://sec.okta.com/articles/2021/12/log4shell + - https://pretix.eu/about/de/blog/20211213-log4j/ notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: Okta - product: Okta On-Prem MFA Agent + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PrimeKey + product: '' cves: cve-2021-4104: investigated: false @@ -70875,9 +76889,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - < 1.4.6 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -70891,13 +76904,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://trust.okta.com/security-advisories/okta-on-prem-mfa-agent-cve-2021-44228 + - https://support.primekey.com/news/posts/information-about-primekey-products-and-log4j-vulnerability-cve-2021-44228 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: Okta - product: Okta RADIUS Server Agent + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Progress / IpSwitch + product: '' cves: cve-2021-4104: investigated: false @@ -70905,9 +76918,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - < 2.17.0 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -70921,13 +76933,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://trust.okta.com/security-advisories/okta-radius-server-agent-cve-2021-44228 + - https://www.progress.com/security notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: Okta - product: Okta Verify + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: ProofPoint + product: '' cves: cve-2021-4104: investigated: false @@ -70950,13 +76962,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://sec.okta.com/articles/2021/12/log4shell - notes: '' + - https://proofpointcommunities.force.com/community/s/article/Proofpoint-Statement-Regarding-CVE-2021-44228-Java-logging-package-log4j2 + notes: This advisory is available for customers only and has not been reviewed + by CISA references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: Okta - product: Okta Workflows + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: ProSeS + product: '' cves: cve-2021-4104: investigated: false @@ -70979,12 +76992,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://sec.okta.com/articles/2021/12/log4shell + - https://www.proses.de/en/2021/12/16/log4shell-cve-2021-44228/ notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: Onespan + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Prosys product: '' cves: cve-2021-4104: @@ -71008,12 +77021,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.onespan.com/remote-code-execution-vulnerability-in-log4j2-cve-2018-11776 + - https://prosysopc.com/news/important-security-release/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Opengear + - vendor: Proxmox product: '' cves: cve-2021-4104: @@ -71037,12 +77050,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://opengear.zendesk.com/hc/en-us/articles/4412713339419-CVE-2021-44228-aka-Log4Shell-Opengear-products-are-not-affected + - https://forum.proxmox.com/threads/log4j-exploit-what-to-do.101254/#post-436880 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: OpenMRS TALK + - vendor: PRTG Paessler product: '' cves: cve-2021-4104: @@ -71066,13 +77079,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://talk.openmrs.org/t/urgent-security-advisory-2021-12-11-re-apache-log4j-2/35341 + - https://kb.paessler.com/en/topic/90213-is-prtg-affected-by-cve-2021-44228 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: OpenNMS - product: '' + - vendor: PTC + product: Axeda Platform cves: cve-2021-4104: investigated: false @@ -71080,8 +77093,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 6.9.2 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -71095,13 +77109,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.opennms.com/en/blog/2021-12-10-opennms-products-affected-by-apache-log4j-vulnerability-cve-2021-44228/ + - https://www.ptc.com/en/support/article/CS358990 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: OpenSearch - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: ThingsWorx Analytics cves: cve-2021-4104: investigated: false @@ -71109,8 +77123,13 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '8.5' + - '9.0' + - '9.1' + - '9.2' + - All supported versions fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -71124,13 +77143,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.opendistrocommunity.dev/t/log4j-patch-for-cve-2021-44228/7950 + - https://www.ptc.com/en/support/article/CS358901 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: OpenText - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: ThingsWorx Platform cves: cve-2021-4104: investigated: false @@ -71138,8 +77157,13 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '8.5' + - '9.0' + - '9.1' + - '9.2' + - All supported versions fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -71153,13 +77177,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.opentext.com/support/log4j-remote-code-execution-advisory + - https://www.ptc.com/en/support/article/CS358901 notes: '' references: - '' - last_updated: '2021-12-23T00:00:00' - - vendor: Opto 22 - product: GROOV-AR1, GROOV-AR1-BASE, GROOV-AR1-SNAP + last_updated: '2021-12-17T00:00:00' + - vendor: PTV Group + product: '' cves: cve-2021-4104: investigated: false @@ -71167,43 +77191,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - < 4.3g - fixed_versions: - - 4.3g - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://blog.opto22.com/optoblog/new-update-to-address-log4shell/log4j-exploit - notes: The Log4j vulnerability affects all products running groov View software - references: - - '' - last_updated: '2022-01-13T00:00:00' - - vendor: Opto 22 - product: GROOV-AT1, GROOV-AT1-SNAP - cves: - cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: - - < 4.3g - fixed_versions: - - 4.3g - unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -71215,13 +77206,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.opto22.com/optoblog/new-update-to-address-log4shell/log4j-exploit - notes: The Log4j vulnerability affects all products running groov View software + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' references: - '' - last_updated: '2022-01-13T00:00:00' - - vendor: Opto 22 - product: GROOV-SVR-WIN, GROOV-SVR-WIN-BASE, GROOV-SVR-WIN-SNAP + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pulse Secure + product: Ivanti Connect Secure (ICS) cves: cve-2021-4104: investigated: false @@ -71229,43 +77220,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - < 4.3g - fixed_versions: - - 4.3g - unaffected_versions: [] - cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://blog.opto22.com/optoblog/new-update-to-address-log4shell/log4j-exploit - notes: The Log4j vulnerability affects all products running groov View software - references: - - '' - last_updated: '2022-01-13T00:00:00' - - vendor: Opto 22 - product: GRV-EPIC-PR1, GRV-EPIC-PR2 - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: - - < 3.3.2 - fixed_versions: - - 3.3.2 - unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -71277,13 +77235,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.opto22.com/optoblog/new-update-to-address-log4shell/log4j-exploit - notes: The Log4j vulnerability affects all products running groov View software + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR + notes: '' references: - '' - last_updated: '2022-01-13T00:00:00' - - vendor: Oracle - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pulse Secure + product: Ivanti Neurons for secure Access cves: cve-2021-4104: investigated: false @@ -71306,14 +77264,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.oracle.com/security-alerts/alert-cve-2021-44228.html - notes: The support document is available to customers only and has not been reviewed - by CISA + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Oracle - product: Enterprise Manager + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pulse Secure + product: Ivanti Neurons for secure Access cves: cve-2021-4104: investigated: false @@ -71321,44 +77278,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - '13.5' - - 13.4 & 13.3.2 - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.oracle.com/security-alerts/alert-cve-2021-44228.html - notes: Patch status and other security guidance is restricted to Oracle account/support - members. The support document is available to customers only and has not been - reviewed by CISA. - references: - - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Oracle - product: Exadata - cves: - cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: - - <21.3.4 - fixed_versions: [] - unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -71370,15 +77293,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.oracle.com/security-alerts/alert-cve-2021-44228.html - notes: Patch status and other security guidance is restricted to Oracle account/support - members. The support document is available to customers only and has not been - reviewed by CISA. + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Orgavision - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pulse Secure + product: Ivanti Neurons for ZTA cves: cve-2021-4104: investigated: false @@ -71401,13 +77322,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.orgavision.com/neuigkeiten/sicherheitsluecke-java-library-log4j + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Osirium - product: PAM + - vendor: Pulse Secure + product: Ivanti Neurons for ZTA cves: cve-2021-4104: investigated: false @@ -71430,13 +77351,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.osirium.com/blog/apache-log4j-vulnerability + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Osirium - product: PEM + - vendor: Pulse Secure + product: Pulse Connect Secure cves: cve-2021-4104: investigated: false @@ -71459,13 +77380,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.osirium.com/blog/apache-log4j-vulnerability + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Osirium - product: PPA + - vendor: Pulse Secure + product: Pulse Desktop Client cves: cve-2021-4104: investigated: false @@ -71488,13 +77409,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.osirium.com/blog/apache-log4j-vulnerability + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: OTRS - product: '' + - vendor: Pulse Secure + product: Pulse Mobile Client cves: cve-2021-4104: investigated: false @@ -71517,13 +77438,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://portal.otrs.com/external + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: OVHCloud - product: '' + - vendor: Pulse Secure + product: Pulse One cves: cve-2021-4104: investigated: false @@ -71546,13 +77467,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.ovhcloud.com/log4shell-how-to-protect-my-cloud-workloads/ + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: OwnCloud - product: '' + - vendor: Pulse Secure + product: Pulse Policy Secure cves: cve-2021-4104: investigated: false @@ -71575,13 +77496,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://central.owncloud.org/t/owncloud-not-directly-affected-by-log4j-vulnerability/35493 + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: OxygenXML - product: Author + - vendor: Pulse Secure + product: Pulse Secure Services Director cves: cve-2021-4104: investigated: false @@ -71603,13 +77524,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] - notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' + vendor_links: + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: OxygenXML - product: Developer + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pulse Secure + product: Pulse Secure Virtual Traffic Manager cves: cve-2021-4104: investigated: false @@ -71631,13 +77553,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] - notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' + vendor_links: + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: OxygenXML - product: Editor + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pulse Secure + product: Pulse Secure Web Application Firewall cves: cve-2021-4104: investigated: false @@ -71659,13 +77582,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] - notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' + vendor_links: + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: OxygenXML - product: Oxygen Content Fusion + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pulse Secure + product: Pulse ZTA cves: cve-2021-4104: investigated: false @@ -71673,11 +77597,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - '2.0' - - '3.0' - - '4.1' + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -71690,13 +77611,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] - notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' + vendor_links: + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: OxygenXML - product: Oxygen Feedback Enterprise + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Puppet + product: '' cves: cve-2021-4104: investigated: false @@ -71704,9 +77626,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 1.4.4 & older + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -71719,13 +77640,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] - notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' + vendor_links: + - https://puppet.com/blog/puppet-response-to-remote-code-execution-vulnerability-cve-2021-44228/ + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: OxygenXML - product: Oxygen License Server + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pure Storage + product: '' cves: cve-2021-4104: investigated: false @@ -71733,9 +77655,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - v22.1 to v24.0 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -71748,13 +77669,15 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] - notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' + vendor_links: + - https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_(%22log4j%22) + notes: This advisory is available for customers only and has not been reviewed + by CISA references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: OxygenXML - product: Oxygen PDF Chemistry + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pure Storage + product: Cloud Blockstore cves: cve-2021-4104: investigated: false @@ -71764,10 +77687,8 @@ software: cve-2021-44228: investigated: true affected_versions: - - v22.1 - - '23.0' - - '23.1' - - '24.0' + - CBS6.1.x + - CBS6.2.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -71780,13 +77701,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] - notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' + vendor_links: + - https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j + notes: Patch expected 12/27/2021 references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: OxygenXML - product: Oxygen SDK + last_updated: '2021-12-15T00:00:00' + - vendor: Pure Storage + product: Flash Array cves: cve-2021-4104: investigated: false @@ -71794,8 +77716,12 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 5.3.x + - 6.0.x + - 6.1.x + - 6.2.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -71808,13 +77734,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] - notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' + vendor_links: + - https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j + notes: Patch expected 12/20/2021 references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: OxygenXML - product: Plugins (see advisory link) + last_updated: '2021-12-15T00:00:00' + - vendor: Pure Storage + product: FlashBlade cves: cve-2021-4104: investigated: false @@ -71822,8 +77749,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 3.1.x + - 3.2.x + - 3.3.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -71836,13 +77766,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] - notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' + vendor_links: + - https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j + notes: Patch expected 12/24/2021 references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: OxygenXML - product: Publishing Engine + last_updated: '2021-12-15T00:00:00' + - vendor: Pure Storage + product: PortWorx cves: cve-2021-4104: investigated: false @@ -71850,8 +77781,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 2.8.0+ fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -71864,13 +77796,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] - notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' + vendor_links: + - https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: OxygenXML - product: Web Author + last_updated: '2021-12-15T00:00:00' + - vendor: Pure Storage + product: Pure1 cves: cve-2021-4104: investigated: false @@ -71878,9 +77811,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - N/A unaffected_versions: [] cve-2021-45046: investigated: false @@ -71892,13 +77826,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] - notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' + vendor_links: + - https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: OxygenXML - product: WebHelp + last_updated: '2021-12-15T00:00:00' + - vendor: Pyramid Analytics + product: '' cves: cve-2021-4104: investigated: false @@ -71920,13 +77855,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] - notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' + vendor_links: + - https://community.pyramidanalytics.com/t/83hjjt4/log4j-security-vulnerability-pyramid + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: PagerDuty - product: PagerDuty SaaS + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Qconference + product: FaceTalk cves: cve-2021-4104: investigated: false @@ -71934,9 +77870,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -71949,16 +77886,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.pagerduty.com/docs/pagerduty-log4j-zero-day-vulnerability - notes: We currently see no evidence of compromises on our platform. Our teams - continue to monitor for new developments and for impacts on sub-processors and - dependent systems. PagerDuty SaaS customers do not need to take any additional - action for their PagerDuty SaaS environment + - https://qconferencing.com/status-vulnerability-log4j-en-qconferencing/ + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Palantir - product: Palantir AI Inference Platform (AIP) + last_updated: '2021-12-16T07:18:50+00:00' + - vendor: QF-Test + product: All cves: cve-2021-4104: investigated: false @@ -71966,10 +77900,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - All + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -71982,14 +77915,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.palantir.com/security-advisories/log4j-vulnerability/ - notes: Fully remediated as of 1.97.0. Disconnected customer instances may require - manual updates. + - https://www.qfs.de/en/blog/article/no-log4j-vulnerability-in-qf-test.html + notes: '' references: - '' - last_updated: '2021-12-19T00:00:00' - - vendor: Palantir - product: Palantir Apollo + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Qlik + product: AIS, including ARC cves: cve-2021-4104: investigated: false @@ -72013,13 +77945,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.palantir.com/security-advisories/log4j-vulnerability/ - notes: No impact, and updates have been deployed for full remediation. + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' references: - '' - last_updated: '2021-12-19T00:00:00' - - vendor: Palantir - product: Palantir Foundry + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Attunity Visibility cves: cve-2021-4104: investigated: false @@ -72029,9 +77961,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: + fixed_versions: [] + unaffected_versions: - All - unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -72043,15 +77975,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.palantir.com/security-advisories/log4j-vulnerability/ - notes: No impact to Palantir-hosted or Apollo-connected instances, and updates - have been deployed for full remediation. Disconnected customer instances may - require manual updates. + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' references: - '' - last_updated: '2021-12-19T00:00:00' - - vendor: Palantir - product: Palantir Gotham + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: AutoML cves: cve-2021-4104: investigated: false @@ -72061,9 +77991,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: + fixed_versions: [] + unaffected_versions: - All - unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -72075,15 +78005,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.palantir.com/security-advisories/log4j-vulnerability/ - notes: No impact to Palantir-hosted or Apollo-connected instances, and updates - have been deployed for full remediation. Disconnected customer instances may - require manual updates. + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' references: - '' - last_updated: '2021-12-19T00:00:00' - - vendor: Palo-Alto Networks - product: Bridgecrew + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Blendr cves: cve-2021-4104: investigated: false @@ -72091,10 +78019,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -72106,13 +78035,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://security.paloaltonetworks.com/CVE-2021-44228 + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Palo-Alto Networks - product: CloudGenix + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: C4DL cves: cve-2021-4104: investigated: false @@ -72120,9 +78049,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '6.6' unaffected_versions: [] cve-2021-45046: investigated: false @@ -72135,13 +78065,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://security.paloaltonetworks.com/CVE-2021-44228 + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Palo-Alto Networks - product: Cortex Data Lake + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: C4DW cves: cve-2021-4104: investigated: false @@ -72149,9 +78079,12 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '6.6' + - 6.6.1 + - '7.0' unaffected_versions: [] cve-2021-45046: investigated: false @@ -72164,13 +78097,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://security.paloaltonetworks.com/CVE-2021-44228 + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Palo-Alto Networks - product: Cortex XDR Agent + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Catalog cves: cve-2021-4104: investigated: false @@ -72178,9 +78111,16 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 4.10.0 + - 4.10.1 + - 4.10.2 + - 4.11.0 + - 4.11.1 + - 4.12.0 + - 4.12.1 unaffected_versions: [] cve-2021-45046: investigated: false @@ -72193,13 +78133,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://security.paloaltonetworks.com/CVE-2021-44228 + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Palo-Alto Networks - product: Cortex Xpanse + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Compose cves: cve-2021-4104: investigated: false @@ -72207,9 +78147,12 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '2021.2' + - '2021.5' + - '2021.8' unaffected_versions: [] cve-2021-45046: investigated: false @@ -72222,13 +78165,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://security.paloaltonetworks.com/CVE-2021-44228 + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Palo-Alto Networks - product: Cortex XSOAR + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Compose for Data Lakes cves: cve-2021-4104: investigated: false @@ -72236,10 +78179,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '6.6' cve-2021-45046: investigated: false affected_versions: [] @@ -72251,13 +78195,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://security.paloaltonetworks.com/CVE-2021-44228 + - https://community.qlik.com/t5/Knowledge/CVE-2021-44228-Handling-the-log4j-lookups-critical-vulnerability/ta-p/1869987 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Palo-Alto Networks - product: Expedition + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Compose for Data Wharehouses cves: cve-2021-4104: investigated: false @@ -72265,10 +78209,13 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '6.6' + - 6.6.1 + - '7.0' cve-2021-45046: investigated: false affected_versions: [] @@ -72280,13 +78227,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://security.paloaltonetworks.com/CVE-2021-44228 + - https://community.qlik.com/t5/Knowledge/CVE-2021-44228-Handling-the-log4j-lookups-critical-vulnerability/ta-p/1869990 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Palo-Alto Networks - product: GlobalProtect App + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: GeoAnalytics Plus cves: cve-2021-4104: investigated: false @@ -72294,9 +78241,14 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 5.26.5 + - 5.27.5 - 5.28.2 + - 5.29.4 - 5.30.1 + - 5.31.1 + - 5.31.2 unaffected_versions: [] cve-2021-45046: investigated: false @@ -72309,13 +78261,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://security.paloaltonetworks.com/CVE-2021-44228 + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Palo-Alto Networks - product: IoT Security + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: GeoAnalytics Server cves: cve-2021-4104: investigated: false @@ -72323,9 +78275,12 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 4.19.1 - 4.27.3 + - 4.23.4 + - 4.32.3 unaffected_versions: [] cve-2021-45046: investigated: false @@ -72338,13 +78293,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://security.paloaltonetworks.com/CVE-2021-44228 + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Palo-Alto Networks - product: Okyo Grade + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Nodegraph cves: cve-2021-4104: investigated: false @@ -72352,10 +78307,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -72367,13 +78323,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://security.paloaltonetworks.com/CVE-2021-44228 + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Palo-Alto Networks - product: Palo-Alto Networks-OS for Firewall and Wildfire + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Nprinting cves: cve-2021-4104: investigated: false @@ -72381,10 +78337,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -72396,13 +78353,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://security.paloaltonetworks.com/CVE-2021-44228 + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Palo-Alto Networks - product: Palo-Alto Networks-OS for Panorama + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: ODBC Connector Package cves: cve-2021-4104: investigated: false @@ -72411,12 +78368,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '9.0' - - '9.1' - - '10.0' + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -72428,15 +78383,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://security.paloaltonetworks.com/CVE-2021-44228 + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 notes: '' references: - - Upgrade Panorama to PAN-OS 10.1 to remediate this issue. This advisory will - be updated when hot fixes for the affected Panorama versions are available. - PAN-OS for Panorama versions 8.1, 10.1 are not affected. - last_updated: '2021-12-15T00:00:00' - - vendor: Palo-Alto Networks - product: Prisma Access + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: QEM cves: cve-2021-4104: investigated: false @@ -72444,9 +78397,13 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '6.6' + - '7.0' + - '2021.5' + - '2021.11' unaffected_versions: [] cve-2021-45046: investigated: false @@ -72459,13 +78416,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://security.paloaltonetworks.com/CVE-2021-44228 + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Palo-Alto Networks - product: Prisma Cloud + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik Alerting cves: cve-2021-4104: investigated: false @@ -72473,10 +78430,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -72488,13 +78446,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://security.paloaltonetworks.com/CVE-2021-44228 + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Palo-Alto Networks - product: Prisma Cloud Compute + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik Catalog cves: cve-2021-4104: investigated: false @@ -72502,10 +78460,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - May 2021 release and after cve-2021-45046: investigated: false affected_versions: [] @@ -72517,13 +78476,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://security.paloaltonetworks.com/CVE-2021-44228 + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Palo-Alto Networks - product: SaaS Security + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik Data Transfer cves: cve-2021-4104: investigated: false @@ -72531,10 +78490,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -72546,13 +78506,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://security.paloaltonetworks.com/CVE-2021-44228 + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Palo-Alto Networks - product: User-ID Agent + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik Enterprise Manager cves: cve-2021-4104: investigated: false @@ -72560,9 +78520,13 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '6.6' + - '7.0' + - '2021.5' + - '2021.11' unaffected_versions: [] cve-2021-45046: investigated: false @@ -72575,13 +78539,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://security.paloaltonetworks.com/CVE-2021-44228 + - https://community.qlik.com/t5/Knowledge/CVE-2021-44228-Handling-the-log4j-lookups-critical-vulnerability/ta-p/1869994 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Palo-Alto Networks - product: WildFire Appliance + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik Forts cves: cve-2021-4104: investigated: false @@ -72589,10 +78553,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -72604,13 +78569,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://security.paloaltonetworks.com/CVE-2021-44228 + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Palo-Alto Networks - product: WildFire Cloud + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik RepliWeb and ARC cves: cve-2021-4104: investigated: false @@ -72618,10 +78583,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -72633,16 +78599,16 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://security.paloaltonetworks.com/CVE-2021-44228 + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Panasonic - product: KX-HDV100 + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik Sense Business cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -72651,28 +78617,28 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 notes: '' references: - '' - last_updated: '2022-01-20T00:00:00' - - vendor: Panasonic - product: KX-HDV130 + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik Sense Enterprise cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -72683,26 +78649,26 @@ software: unaffected_versions: - All cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 notes: '' references: - '' - last_updated: '2022-01-20T00:00:00' - - vendor: Panasonic - product: KX-HDV230 + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik Sense Enterprise SaaS cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -72711,28 +78677,28 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 notes: '' references: - '' - last_updated: '2022-01-20T00:00:00' - - vendor: Panasonic - product: KX-HDV330 + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik View cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -72743,26 +78709,26 @@ software: unaffected_versions: - All cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 notes: '' references: - '' - last_updated: '2022-01-20T00:00:00' - - vendor: Panasonic - product: KX-HDV340 + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik Web Connectors cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -72773,56 +78739,59 @@ software: unaffected_versions: - All cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 notes: '' references: - '' - last_updated: '2022-01-20T00:00:00' - - vendor: Panasonic - product: KX-HDV430 + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Replicate cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All + fixed_versions: + - '6.6' + - '7.0' + - '2021.5' + - '2021.11' + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 notes: '' references: - '' - last_updated: '2022-01-20T00:00:00' - - vendor: Panasonic - product: KX-HDV800 + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: REST Connectors cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -72833,26 +78802,26 @@ software: unaffected_versions: - All cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 notes: '' references: - '' - last_updated: '2022-01-20T00:00:00' - - vendor: Panasonic - product: KX-TGP500 + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Salesforce and SAP Connectors cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -72863,116 +78832,116 @@ software: unaffected_versions: - All cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html - notes: '' + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: Connectos are not affected. references: - '' - last_updated: '2022-01-20T00:00:00' - - vendor: Panasonic - product: KX-TGP550 + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: QMATIC + product: Appointment Booking cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All + fixed_versions: + - 2.4+ + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html - notes: '' + - https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability + notes: Update to v. 2.8.2 which contains log4j 2.16 references: - '' - last_updated: '2022-01-20T00:00:00' - - vendor: Panasonic - product: KX-TGP600 + last_updated: '2021-12-21T00:00:00' + - vendor: QMATIC + product: Appointment Booking cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All + fixed_versions: + - Cloud/Managed Service + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html - notes: '' + - https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability + notes: log4j 2.16 applied 2021-12-15 references: - '' - last_updated: '2022-01-20T00:00:00' - - vendor: Panasonic - product: KX-TGP700 + last_updated: '2021-12-21T00:00:00' + - vendor: QMATIC + product: Insights cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All + fixed_versions: + - Cloud + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html - notes: '' + - https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability + notes: log4j 2.16 applied 2021-12-16 references: - '' - last_updated: '2022-01-20T00:00:00' - - vendor: Panasonic - product: KX-UDS124 + last_updated: '2021-12-21T00:00:00' + - vendor: QMATIC + product: Orchestra Central cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -72981,28 +78950,28 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - 6.0+ cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html + - https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability notes: '' references: - '' - last_updated: '2022-01-20T00:00:00' - - vendor: Panasonic - product: KX-UT113 + last_updated: '2021-12-21T00:00:00' + - vendor: QNAP + product: QES Operating System cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -73011,28 +78980,28 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html + - https://www.qnap.com/en-uk/security-advisory/qsa-21-58 notes: '' references: - '' - last_updated: '2022-01-20T00:00:00' - - vendor: Panasonic - product: KX-UT123 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: QNAP + product: Qsirch cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -73041,28 +79010,28 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html + - https://www.qnap.com/en-uk/security-advisory/qsa-21-58 notes: '' references: - '' - last_updated: '2022-01-20T00:00:00' - - vendor: Panasonic - product: KX-UT133 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: QNAP + product: QTS Operating System cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -73071,28 +79040,28 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html + - https://www.qnap.com/en-uk/security-advisory/qsa-21-58 notes: '' references: - '' - last_updated: '2022-01-20T00:00:00' - - vendor: Panasonic - product: KX-UT136 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: QNAP + product: QuTS Hero Operating System cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -73101,85 +79070,83 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html + - https://www.qnap.com/en-uk/security-advisory/qsa-21-58 notes: '' references: - '' - last_updated: '2022-01-20T00:00:00' - - vendor: Panasonic - product: KX-UT248 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: QOPPA + product: All cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html + - https://kbdeveloper.qoppa.com/cve-2021-44228-apache-log4j-vulnerability/ notes: '' references: - '' - last_updated: '2022-01-20T00:00:00' - - vendor: Panasonic - product: KX-UT670 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: QOS.ch + product: SLF4J Simple Logging Facade for Java cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html + - https://www.slf4j.org/log4shell.html notes: '' references: - '' - last_updated: '2022-01-20T00:00:00' - - vendor: Panopto - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: QSC Q-SYS + product: All cves: cve-2021-4104: investigated: false @@ -73202,13 +79169,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.panopto.com/s/article/Panopto-Statement-on-the-Log4j2-Zero-Day-Vulnerability + - https://qscprod.force.com/selfhelpportal/s/article/Are-Q-SYS-products-affected-by-the-Log4j-vulnerability-CVE-2021-44228 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: PaperCut - product: PaperCut MF + - vendor: QT + product: All cves: cve-2021-4104: investigated: false @@ -73216,9 +79183,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 21.0 and later + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -73232,15 +79198,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.papercut.com/support/known-issues/?id=PO-684#ng - notes: Versions 21.0 and later are impacted. Versions 20 and earlier are NOT impacted - by this. Workaround manual steps available in reference. Upgrade to PaperCut - NG/MF version 21.2.3 Now Available to resolve. + - https://www.qt.io/blog/the-qt-company-products-not-affected-by-cve-2021-44228-log4j-vulnerability + notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: PaperCut - product: PaperCut NG + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Quest + product: Foglight cves: cve-2021-4104: investigated: false @@ -73248,11 +79212,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 21.0 and later + investigated: false + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '5.9' cve-2021-45046: investigated: false affected_versions: [] @@ -73264,15 +79228,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.papercut.com/support/known-issues/?id=PO-684#ng - notes: Versions 21.0 and later are impacted. Versions 20 and earlier are NOT impacted - by this. Workaround manual steps available in reference. Upgrade to PaperCut - NG/MF version 21.2.3 Now Available to resolve. + - https://support.quest.com/fr-fr/search#q=CVE-2021-44228&t=Global + notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Parallels - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Quest + product: Foglight cves: cve-2021-4104: investigated: false @@ -73280,9 +79242,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '6.0' unaffected_versions: [] cve-2021-45046: investigated: false @@ -73295,13 +79258,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.parallels.com/en/128696 + - https://support.quest.com/fr-fr/search#q=CVE-2021-44228&t=Global notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Parse.ly - product: '' + - vendor: Quest + product: Quest KACE SMA cves: cve-2021-4104: investigated: false @@ -73309,10 +79272,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -73324,13 +79288,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.parse.ly/parse-ly-log4shell/ + - https://support.quest.com/fr-fr/search#q=CVE-2021-44228&t=Global notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: PBXMonitor - product: RMM for 3CX PBX + - vendor: R + product: R cves: cve-2021-4104: investigated: false @@ -73338,10 +79302,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 4.1.1 cve-2021-45046: investigated: false affected_versions: [] @@ -73353,13 +79318,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.pbxmonitor.net/changelog.php - notes: Mirror Servers were also checked to ensure Log4J was not installed or being - used by any of our systems. + - https://www.r-project.org/ + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Pega + last_updated: '2021-12-21T00:00:00' + - vendor: R2ediviewer product: '' cves: cve-2021-4104: @@ -73383,12 +79347,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.pega.com/security-advisory/security-advisory-apache-log4j-zero-day-vulnerability + - https://r2ediviewer.de/DE/reload.html?Change-log_17858584.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Pentaho + - vendor: Radware product: '' cves: cve-2021-4104: @@ -73412,13 +79376,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.pentaho.com/hc/en-us/articles/4416229254541-log4j-2-zero-day-vulnerability-No-impact-to-supported-versions-of-Pentaho- + - https://support.radware.com/app/answers/answer_view/a_id/1029752 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Pepperl+Fuchs - product: '' + - vendor: Rapid7 + product: AlcidekArt, kAdvisor, and kAudit cves: cve-2021-4104: investigated: false @@ -73426,10 +79390,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - on-prem cve-2021-45046: investigated: false affected_versions: [] @@ -73441,13 +79406,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.pepperl-fuchs.com/global/en/29079.htm + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Percona - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: AppSpider Enterprise cves: cve-2021-4104: investigated: false @@ -73455,10 +79420,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - on-prem cve-2021-45046: investigated: false affected_versions: [] @@ -73470,13 +79436,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.percona.com/blog/log4jshell-vulnerability-update/ + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Pexip - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: AppSpider Pro cves: cve-2021-4104: investigated: false @@ -73484,10 +79450,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - on-prem cve-2021-45046: investigated: false affected_versions: [] @@ -73499,13 +79466,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.pexip.com/blog1.0/pexip-statement-on-log4j-vulnerability + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Phenix Id - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: Insight Agent cves: cve-2021-4104: investigated: false @@ -73513,10 +79480,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - on-prem cve-2021-45046: investigated: false affected_versions: [] @@ -73528,13 +79496,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.phenixid.se/uncategorized/log4j-fix/ + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Philips - product: Multiple products + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: InsightAppSec Scan Engine cves: cve-2021-4104: investigated: false @@ -73542,10 +79510,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - on-prem cve-2021-45046: investigated: false affected_versions: [] @@ -73557,13 +79526,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.philips.com/a-w/security/security-advisories.html + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: PHOENIX CONTACT - product: Cloud Services + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: InsightAppSec Scan Engine cves: cve-2021-4104: investigated: false @@ -73571,10 +79540,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - on-prem cve-2021-45046: investigated: false affected_versions: [] @@ -73586,13 +79556,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://dam-mdc.phoenixcontact.com/asset/156443151564/1a0f6db6bbc86540bfe4f05fd65877f4/Vulnerability_Statement_Log4J_20211215.pdf - notes: Partly affected. Remediations are being implemented. + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: PHOENIX CONTACT - product: Physical products containing firmware + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: InsightCloudSec/DivvyCloud cves: cve-2021-4104: investigated: false @@ -73600,10 +79570,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - on-prem cve-2021-45046: investigated: false affected_versions: [] @@ -73615,13 +79586,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://dam-mdc.phoenixcontact.com/asset/156443151564/1a0f6db6bbc86540bfe4f05fd65877f4/Vulnerability_Statement_Log4J_20211215.pdf + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: PHOENIX CONTACT - product: Software Products + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: InsightConnect Orchestrator cves: cve-2021-4104: investigated: false @@ -73629,10 +79600,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - on-prem cve-2021-45046: investigated: false affected_versions: [] @@ -73644,13 +79616,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://dam-mdc.phoenixcontact.com/asset/156443151564/1a0f6db6bbc86540bfe4f05fd65877f4/Vulnerability_Statement_Log4J_20211215.pdf + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Ping Identity - product: PingAccess + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: InsightIDR Network Sensor cves: cve-2021-4104: investigated: false @@ -73659,10 +79631,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 4.0 <= version <= 6.3.2 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - on-prem cve-2021-45046: investigated: false affected_versions: [] @@ -73674,13 +79646,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228 + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - - vendor: Ping Identity - product: PingCentral + - vendor: Rapid7 + product: InsightIDR/InsightOps Collector & Event Sources cves: cve-2021-4104: investigated: false @@ -73688,10 +79660,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - on-prem cve-2021-45046: investigated: false affected_versions: [] @@ -73703,13 +79676,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228 + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - - vendor: Ping Identity - product: PingFederate + - vendor: Rapid7 + product: InsightOps DataHub cves: cve-2021-4104: investigated: false @@ -73719,7 +79692,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 8.0 <= version <= 10.3.4 + - InsightOps DataHub <= 2.0 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -73733,13 +79706,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228 - notes: '' + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: Upgrade [DataHub to version 2.0.1](https://rep.logentries.com/datahub/DataHub_2.0.1.deb) + using the [following instructions](https://docs.rapid7.com/insightops/setting-up-datahub/). references: - '' last_updated: '2021-12-15T00:00:00' - - vendor: Ping Identity - product: PingFederate Java Integration Kit + - vendor: Rapid7 + product: InsightOps non-Java logging libraries cves: cve-2021-4104: investigated: false @@ -73748,10 +79722,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - < 2.7.2 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - on-prem cve-2021-45046: investigated: false affected_versions: [] @@ -73763,13 +79737,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228 + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - - vendor: Ping Identity - product: PingFederate OAuth Playground + - vendor: Rapid7 + product: InsightOps r7insight_java logging library cves: cve-2021-4104: investigated: false @@ -73779,7 +79753,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - < 4.3.1 + - <=3.0.8 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -73793,13 +79767,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228 - notes: '' + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: Upgrade [r7insight_java](https://github.com/rapid7/r7insight_java) to 3.0.9 references: - '' last_updated: '2021-12-15T00:00:00' - - vendor: Ping Identity - product: PingIntelligence + - vendor: Rapid7 + product: InsightVM Kubernetes Monitor cves: cve-2021-4104: investigated: false @@ -73807,10 +79781,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - on-prem cve-2021-45046: investigated: false affected_versions: [] @@ -73822,13 +79797,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228 + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - - vendor: Pitney Bowes - product: '' + - vendor: Rapid7 + product: InsightVM/Nexpose cves: cve-2021-4104: investigated: false @@ -73836,10 +79811,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - on-prem cve-2021-45046: investigated: false affected_versions: [] @@ -73851,13 +79827,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.pitneybowes.com/us/support/apache-log4j-vulnerability.html + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Planmeca - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: InsightVM/Nexpose Console cves: cve-2021-4104: investigated: false @@ -73865,10 +79841,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - on-prem cve-2021-45046: investigated: false affected_versions: [] @@ -73880,13 +79857,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.planmeca.com/apache-log4j-vulnerability-in-planmeca-products/ - notes: '' + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: Installations of the InsightVM/Nexpose have “log4j-over-slf4j-1.7.7.jar” + packaged in them. This is a different library than log4j-core and is not vulnerable + to Log4Shell. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Planon Software - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: InsightVM/Nexpose Engine cves: cve-2021-4104: investigated: false @@ -73894,10 +79873,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - on-prem cve-2021-45046: investigated: false affected_versions: [] @@ -73909,14 +79889,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.planonsoftware.com/uk/news/log4j-impact-on-planon/ - notes: This advisory is available for customers only and has not been reviewed - by CISA + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: Installations of the InsightVM/Nexpose have “log4j-over-slf4j-1.7.7.jar” + packaged in them. This is a different library than log4j-core and is not vulnerable + to Log4Shell. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Platform.SH - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: IntSights virtual appliance cves: cve-2021-4104: investigated: false @@ -73924,10 +79905,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - on-prem cve-2021-45046: investigated: false affected_versions: [] @@ -73939,13 +79921,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://platform.sh/blog/2021/platformsh-protects-from-apache-log4j/ + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Plesk - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: Logentries DataHub cves: cve-2021-4104: investigated: false @@ -73953,8 +79935,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - Linux version <= 1.2.0.820; Windows version <= 1.2.0.820 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -73968,13 +79951,16 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.plesk.com/hc/en-us/articles/4412182812818-CVE-2021-44228-vulnerability-in-log4j-package-of-Apache - notes: '' + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: 'Linux: Install DataHub_1.2.0.822.deb using the following [instructions](https://docs.logentries.com/docs/datahub-linux). + Windows: Run version 1.2.0.822 in a Docker container or as a Java command per + these [instructions](https://docs.logentries.com/docs/datahub-windows). You + can find more details [here](https://docs.logentries.com/docs/datahub-linux).' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Plex - product: Plex Industrial IoT + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: Logentries le_java logging library cves: cve-2021-4104: investigated: false @@ -73982,8 +79968,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 'All versions: this is a deprecated component' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -73997,14 +79984,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605 - notes: The product has been updated to Log4j version 2.15. An additional patch - is being developed to update to 2.16. No user interaction is required. + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: Migrate to version 3.0.9 of [r7insight_java](https://github.com/rapid7/r7insight_java) references: - '' last_updated: '2021-12-15T00:00:00' - - vendor: Polycom - product: '' + - vendor: Rapid7 + product: Metasploit Framework cves: cve-2021-4104: investigated: false @@ -74012,10 +79998,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - on-prem cve-2021-45046: investigated: false affected_versions: [] @@ -74027,13 +80014,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.polycom.com/content/dam/polycom-support/global/documentation/plygn-21-08-poly-systems-apache.pdf + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Portainer - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: Metasploit Pro cves: cve-2021-4104: investigated: false @@ -74041,10 +80028,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - on-prem cve-2021-45046: investigated: false affected_versions: [] @@ -74056,13 +80044,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.portainer.io/blog/portainer-statement-re-log4j-cve-2021-44228 - notes: '' + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: Metasploit Pro ships with log4j but has specific configurations applied + to it that mitigate Log4Shell. A future update will contain a fully patched + version of log4j. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: PortSwigger - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: tCell Java Agent cves: cve-2021-4104: investigated: false @@ -74070,10 +80060,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - on-prem cve-2021-45046: investigated: false affected_versions: [] @@ -74085,13 +80076,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forum.portswigger.net/thread/are-burp-collaborator-or-burp-enterprise-vulnerable-to-log4j-dc6524e0 + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: PostGreSQL - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: Velociraptor cves: cve-2021-4104: investigated: false @@ -74099,10 +80090,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - on-prem cve-2021-45046: investigated: false affected_versions: [] @@ -74114,12 +80106,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.postgresql.org/about/news/postgresql-jdbc-and-the-log4j-cve-2371/ + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Postman + last_updated: '2021-12-15T00:00:00' + - vendor: Raritan product: '' cves: cve-2021-4104: @@ -74143,13 +80135,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.postman.com/hc/en-us/articles/4415791933335-Is-Postman-impacted-by-the-Log4j-vulnerability-CVE-2021-44228- + - https://www.raritan.com/support notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Power Admin LLC - product: PA File Sight + - vendor: Ravelin + product: '' cves: cve-2021-4104: investigated: false @@ -74157,11 +80149,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - NONE + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -74172,13 +80163,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://syslog.ravelin.com/log4shell-cve-2021-44228-4338bb8da67b notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Power Admin LLC - product: PA Server Monitor + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Real-Time Innovations (RTI) + product: Distributed Logger cves: cve-2021-4104: investigated: false @@ -74186,11 +80178,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - NONE + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -74201,13 +80192,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Power Admin LLC - product: PA Storage Monitor + last_updated: '2021-12-16T00:00:00' + - vendor: Real-Time Innovations (RTI) + product: Recording Console cves: cve-2021-4104: investigated: false @@ -74215,11 +80207,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - NONE + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -74230,13 +80221,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Pretix - product: '' + last_updated: '2021-12-16T00:00:00' + - vendor: Real-Time Innovations (RTI) + product: RTI Administration Console cves: cve-2021-4104: investigated: false @@ -74259,13 +80251,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://pretix.eu/about/de/blog/20211213-log4j/ + - https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: PrimeKey - product: '' + last_updated: '2021-12-16T00:00:00' + - vendor: Real-Time Innovations (RTI) + product: RTI Code Generator cves: cve-2021-4104: investigated: false @@ -74288,13 +80280,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.primekey.com/news/posts/information-about-primekey-products-and-log4j-vulnerability-cve-2021-44228 + - https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Progress / IpSwitch - product: '' + last_updated: '2021-12-16T00:00:00' + - vendor: Real-Time Innovations (RTI) + product: RTI Code Generator Server cves: cve-2021-4104: investigated: false @@ -74317,13 +80309,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.progress.com/security + - https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: ProofPoint - product: '' + last_updated: '2021-12-16T00:00:00' + - vendor: Real-Time Innovations (RTI) + product: RTI Micro Application Generator (MAG) cves: cve-2021-4104: investigated: false @@ -74331,10 +80323,44 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: + - as part of RTI Connext Micro 3.0.0 + - 3.0.1 + - 3.0.2 + - 3.0.3 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + vendor_links: + - https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Real-Time Innovations (RTI) + product: RTI Micro Application Generator (MAG) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - as part of RTI Connext Professional 6.0.0 and 6.0.1 + fixed_versions: [] + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -74346,14 +80372,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://proofpointcommunities.force.com/community/s/article/Proofpoint-Statement-Regarding-CVE-2021-44228-Java-logging-package-log4j2 - notes: This advisory is available for customers only and has not been reviewed - by CISA + - https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products + notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: ProSeS - product: '' + last_updated: '2021-12-16T00:00:00' + - vendor: Real-Time Innovations (RTI) + product: RTI Monitor cves: cve-2021-4104: investigated: false @@ -74376,13 +80401,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.proses.de/en/2021/12/16/log4shell-cve-2021-44228/ + - https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Prosys - product: '' + last_updated: '2021-12-16T00:00:00' + - vendor: Red Hat + product: log4j-core cves: cve-2021-4104: investigated: false @@ -74405,13 +80430,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://prosysopc.com/news/important-security-release/ + - https://access.redhat.com/security/cve/cve-2021-44228 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Proxmox - product: '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat + product: Red Hat Integration Camel K cves: cve-2021-4104: investigated: false @@ -74434,13 +80459,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forum.proxmox.com/threads/log4j-exploit-what-to-do.101254/#post-436880 - notes: '' + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '[RHSA-2021:5130](https://access.redhat.com/errata/RHSA-2021:5130)' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: PRTG Paessler - product: '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat + product: Red Hat build of Quarkus cves: cve-2021-4104: investigated: false @@ -74463,13 +80488,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.paessler.com/en/topic/90213-is-prtg-affected-by-cve-2021-44228 + - https://access.redhat.com/security/cve/cve-2021-44228 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: PTC - product: Axeda Platform + last_updated: '2021-12-20T00:00:00' + - vendor: Red Hat + product: Red Hat CodeReady Studio cves: cve-2021-4104: investigated: false @@ -74478,9 +80503,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 6.9.2 - fixed_versions: [] + affected_versions: [] + fixed_versions: + - 12.21.0 unaffected_versions: [] cve-2021-45046: investigated: false @@ -74493,13 +80518,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ptc.com/en/support/article/CS358990 - notes: '' + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '[CRS 12.21.1 Patch](https://developers.redhat.com/products/codeready-studio/download?source=sso)' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: PTC - product: ThingsWorx Analytics + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat + product: Red Hat Data Grid cves: cve-2021-4104: investigated: false @@ -74508,13 +80533,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '8.5' - - '9.0' - - '9.1' - - '9.2' - - All supported versions - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '8' unaffected_versions: [] cve-2021-45046: investigated: false @@ -74527,13 +80548,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ptc.com/en/support/article/CS358901 - notes: '' + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '[RHSA-2021:5132](http://access.redhat.com/errata/RHSA-2021:5132)' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: PTC - product: ThingsWorx Platform + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat + product: Red Hat Decision Manager cves: cve-2021-4104: investigated: false @@ -74542,14 +80563,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '8.5' - - '9.0' - - '9.1' - - '9.2' - - All supported versions + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '7' cve-2021-45046: investigated: false affected_versions: [] @@ -74561,13 +80578,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ptc.com/en/support/article/CS358901 + - https://access.redhat.com/security/cve/cve-2021-44228 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: PTV Group - product: '' + last_updated: '2021-12-20T00:00:00' + - vendor: Red Hat + product: Red Hat Enterprise Linux cves: cve-2021-4104: investigated: false @@ -74575,10 +80592,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '6' cve-2021-45046: investigated: false affected_versions: [] @@ -74590,13 +80608,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + - https://access.redhat.com/security/cve/cve-2021-44228 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Pulse Secure - product: Ivanti Connect Secure (ICS) + last_updated: '2021-12-20T00:00:00' + - vendor: Red Hat + product: Red Hat Enterprise Linux cves: cve-2021-4104: investigated: false @@ -74604,10 +80622,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '7' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Red Hat + product: Red Hat Enterprise Linux + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '8' cve-2021-45046: investigated: false affected_versions: [] @@ -74619,13 +80668,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR + - https://access.redhat.com/security/cve/cve-2021-44228 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Pulse Secure - product: Ivanti Neurons for secure Access + last_updated: '2021-12-20T00:00:00' + - vendor: Red Hat + product: Red Hat Integration Camel Quarkus cves: cve-2021-4104: investigated: false @@ -74648,13 +80697,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR - notes: '' + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '[RHSA-2021:5126](https://access.redhat.com/errata/RHSA-2021:5126)' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Pulse Secure - product: Ivanti Neurons for secure Access + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat + product: Red Hat JBoss A-MQ Streaming cves: cve-2021-4104: investigated: false @@ -74677,13 +80726,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR - notes: '' + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '[RHSA-2021:5138](https://access.redhat.com/errata/RHSA-2021:5138)' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Pulse Secure - product: Ivanti Neurons for ZTA + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat + product: Red Hat JBoss Enterprise Application Platform cves: cve-2021-4104: investigated: false @@ -74691,9 +80740,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '7' unaffected_versions: [] cve-2021-45046: investigated: false @@ -74706,13 +80756,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR - notes: '' + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: "[Maven Patch](https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform&downloadType=securityPatches&version=7.4)\ + \ - Affects only the Mavenized distribution. Container, Zip and RPM distro aren't\ + \ affected." references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Pulse Secure - product: Ivanti Neurons for ZTA + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat + product: Red Hat JBoss Enterprise Application Platform Expansion Pack cves: cve-2021-4104: investigated: false @@ -74720,10 +80772,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '7' cve-2021-45046: investigated: false affected_versions: [] @@ -74735,13 +80788,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR + - https://access.redhat.com/security/cve/cve-2021-44228 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Pulse Secure - product: Pulse Connect Secure + last_updated: '2021-12-20T00:00:00' + - vendor: Red Hat + product: Red Hat JBoss Fuse cves: cve-2021-4104: investigated: false @@ -74749,9 +80802,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '7' unaffected_versions: [] cve-2021-45046: investigated: false @@ -74764,13 +80818,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR - notes: '' + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '[RHSA-2021:5134](https://access.redhat.com/errata/RHSA-2021:5134)' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Pulse Secure - product: Pulse Desktop Client + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat + product: Red Hat Process Automation cves: cve-2021-4104: investigated: false @@ -74778,9 +80832,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '7' unaffected_versions: [] cve-2021-45046: investigated: false @@ -74793,13 +80848,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR - notes: '' + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: "[Maven Patch](https://access.redhat.com/jbossnetwork/restricted/softwareDetail.html?softwareId=103671&product=rhpam&version=7.11.1&downloadType=patches)\ + \ - Affects only the Mavenized distribution. Container, Zip and RPM distro aren't\ + \ affected." references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Pulse Secure - product: Pulse Mobile Client + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat + product: Red Hat Single Sign-On cves: cve-2021-4104: investigated: false @@ -74807,10 +80864,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '7' cve-2021-45046: investigated: false affected_versions: [] @@ -74822,13 +80880,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR + - https://access.redhat.com/security/cve/cve-2021-44228 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Pulse Secure - product: Pulse One + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat + product: Red Hat Vert.X cves: cve-2021-4104: investigated: false @@ -74836,9 +80894,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '4' unaffected_versions: [] cve-2021-45046: investigated: false @@ -74851,13 +80910,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR - notes: '' + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '[RHSA-2021:5093](https://access.redhat.com/errata/RHSA-2021:5093)' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Pulse Secure - product: Pulse Policy Secure + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat + product: Satellite 5 cves: cve-2021-4104: investigated: false @@ -74880,13 +80939,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR + - https://access.redhat.com/security/cve/cve-2021-44228 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Pulse Secure - product: Pulse Secure Services Director + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat + product: Spacewalk cves: cve-2021-4104: investigated: false @@ -74909,13 +80968,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR + - https://access.redhat.com/security/cve/cve-2021-44228 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Pulse Secure - product: Pulse Secure Virtual Traffic Manager + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat OpenShift Container Platform 3.11 + product: openshift3/ose-logging-elasticsearch5 cves: cve-2021-4104: investigated: false @@ -74938,13 +80997,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR - notes: '' + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '[RHSA-2021:5094](http://access.redhat.com/errata/RHSA-2021:5094)' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Pulse Secure - product: Pulse Secure Web Application Firewall + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat OpenShift Container Platform 4 + product: openshift4/ose-logging-elasticsearch6 cves: cve-2021-4104: investigated: false @@ -74967,13 +81026,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR - notes: '' + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: Please refer to Red Hat Customer Portal to find the right errata for your + version. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Pulse Secure - product: Pulse ZTA + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat OpenShift Container Platform 4 + product: openshift4/ose-metering-hive cves: cve-2021-4104: investigated: false @@ -74996,13 +81056,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR - notes: '' + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: Please refer to Red Hat Customer Portal to find the right errata for your + version. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Puppet - product: '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat OpenShift Container Platform 4 + product: openshift4/ose-metering-presto cves: cve-2021-4104: investigated: false @@ -75025,13 +81086,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://puppet.com/blog/puppet-response-to-remote-code-execution-vulnerability-cve-2021-44228/ - notes: '' + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: Please refer to Red Hat Customer Portal to find the right errata for your + version. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Pure Storage - product: '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat OpenShift Logging + product: logging-elasticsearch6-container cves: cve-2021-4104: investigated: false @@ -75054,14 +81116,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_(%22log4j%22) - notes: This advisory is available for customers only and has not been reviewed - by CISA + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: Please refer to Red Hat Customer Portal to find the right errata for your + version. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Pure Storage - product: Cloud Blockstore + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat OpenStack Platform 13 (Queens) + product: opendaylight cves: cve-2021-4104: investigated: false @@ -75069,45 +81131,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - CBS6.1.x - - CBS6.2.x - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j - notes: Patch expected 12/27/2021 - references: - - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Pure Storage - product: Flash Array - cves: - cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: - - 5.3.x - - 6.0.x - - 6.1.x - - 6.2.x - fixed_versions: [] - unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -75119,13 +81146,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j - notes: Patch expected 12/20/2021 + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: End of Life references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Pure Storage - product: FlashBlade + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat Software Collections + product: rh-java-common-log4j cves: cve-2021-4104: investigated: false @@ -75133,11 +81160,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 3.1.x - - 3.2.x - - 3.3.x + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -75151,13 +81175,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j - notes: Patch expected 12/24/2021 + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Pure Storage - product: PortWorx + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat Software Collections + product: rh-maven35-log4j12 cves: cve-2021-4104: investigated: false @@ -75165,9 +81189,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 2.8.0+ + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -75181,13 +81204,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j + - https://access.redhat.com/security/cve/cve-2021-44228 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Pure Storage - product: Pure1 + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat Software Collections + product: rh-maven36-log4j12 cves: cve-2021-4104: investigated: false @@ -75195,10 +81218,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - N/A + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -75211,12 +81233,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j + - https://access.redhat.com/security/cve/cve-2021-44228 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Pyramid Analytics + last_updated: '2021-12-21T00:00:00' + - vendor: Red5Pro product: '' cves: cve-2021-4104: @@ -75240,13 +81262,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.pyramidanalytics.com/t/83hjjt4/log4j-security-vulnerability-pyramid + - https://www.red5pro.com/blog/red5-marked-safe-from-log4j-and-log4j2-zero-day/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Qconference - product: FaceTalk + - vendor: RedGate + product: '' cves: cve-2021-4104: investigated: false @@ -75254,10 +81276,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - '' + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -75270,13 +81291,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://qconferencing.com/status-vulnerability-log4j-en-qconferencing/ + - https://www.red-gate.com/privacy-and-security/vulnerabilities/2021-12-15-log4j-statement notes: '' references: - '' - last_updated: '2021-12-16T07:18:50+00:00' - - vendor: QF-Test - product: All + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Redis + product: '' cves: cve-2021-4104: investigated: false @@ -75299,13 +81320,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.qfs.de/en/blog/article/no-log4j-vulnerability-in-qf-test.html + - https://redis.com/security/notice-apache-log4j2-cve-2021-44228/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Qlik - product: AIS, including ARC + - vendor: Reiner SCT + product: '' cves: cve-2021-4104: investigated: false @@ -75313,11 +81334,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -75329,13 +81349,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + - https://forum.reiner-sct.com/index.php?/topic/5973-timecard-und-log4j-schwachstelle/&do=findComment&comment=14933 notes: '' references: - '' - last_updated: '2021-12-15T07:18:50+00:00' - - vendor: Qlik - product: Attunity Visibility + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: ReportURI + product: '' cves: cve-2021-4104: investigated: false @@ -75343,11 +81363,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -75359,13 +81378,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + - https://scotthelme.co.uk/responding-to-the-log4j-2-vulnerability/ notes: '' references: - '' - last_updated: '2021-12-15T07:18:50+00:00' - - vendor: Qlik - product: AutoML + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: ResMed + product: AirView cves: cve-2021-4104: investigated: false @@ -75373,11 +81392,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -75389,13 +81407,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + - https://www.resmed.com/en-us/security/ notes: '' references: - '' - last_updated: '2021-12-15T07:18:50+00:00' - - vendor: Qlik - product: Blendr + last_updated: '2021-12-21T00:00:00' + - vendor: ResMed + product: myAir cves: cve-2021-4104: investigated: false @@ -75403,11 +81421,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -75419,13 +81436,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + - https://www.resmed.com/en-us/security/ notes: '' references: - '' - last_updated: '2021-12-15T07:18:50+00:00' - - vendor: Qlik - product: C4DL + last_updated: '2021-12-21T00:00:00' + - vendor: Respondus + product: '' cves: cve-2021-4104: investigated: false @@ -75433,10 +81450,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - '6.6' + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -75449,13 +81465,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 - notes: '' + - https://support.respondus.com/support/index.php?/News/NewsItem/View/339 + notes: This advisory is available to customers only and has not been reviewed + by CISA references: - '' - last_updated: '2021-12-15T07:18:50+00:00' - - vendor: Qlik - product: C4DW + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Revenera / Flexera + product: '' cves: cve-2021-4104: investigated: false @@ -75463,12 +81480,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - '6.6' - - 6.6.1 - - '7.0' + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -75481,13 +81495,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + - https://community.flexera.com/t5/Revenera-Company-News/Security-Advisory-Log4j-Java-Vulnerability-CVE-2021-44228/ba-p/216905 notes: '' references: - '' - last_updated: '2021-12-15T07:18:50+00:00' - - vendor: Qlik - product: Catalog + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Ricoh + product: '' cves: cve-2021-4104: investigated: false @@ -75495,16 +81509,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - 4.10.0 - - 4.10.1 - - 4.10.2 - - 4.11.0 - - 4.11.1 - - 4.12.0 - - 4.12.1 + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -75517,13 +81524,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + - https://www.ricoh.com/info/2021/1215_1/ notes: '' references: - '' - last_updated: '2021-12-15T07:18:50+00:00' - - vendor: Qlik - product: Compose + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: RingCentral + product: '' cves: cve-2021-4104: investigated: false @@ -75531,12 +81538,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - '2021.2' - - '2021.5' - - '2021.8' + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -75549,13 +81553,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + - https://www.ringcentral.com/trust-center/security-bulletin.html notes: '' references: - '' - last_updated: '2021-12-15T07:18:50+00:00' - - vendor: Qlik - product: Compose for Data Lakes + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Riverbed + product: '' cves: cve-2021-4104: investigated: false @@ -75563,11 +81567,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '6.6' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -75579,13 +81582,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.qlik.com/t5/Knowledge/CVE-2021-44228-Handling-the-log4j-lookups-critical-vulnerability/ta-p/1869987 + - https://supportkb.riverbed.com/support/index?page=content&id=S35645 notes: '' references: - '' - last_updated: '2021-12-15T07:18:50+00:00' - - vendor: Qlik - product: Compose for Data Wharehouses + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Rockwell Automation + product: FactoryTalk Analytics DataFlowML cves: cve-2021-4104: investigated: false @@ -75594,12 +81597,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 4.00.00 fixed_versions: [] - unaffected_versions: - - '6.6' - - 6.6.1 - - '7.0' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -75611,13 +81612,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.qlik.com/t5/Knowledge/CVE-2021-44228-Handling-the-log4j-lookups-critical-vulnerability/ta-p/1869990 + - https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605 notes: '' references: - '' - last_updated: '2021-12-15T07:18:50+00:00' - - vendor: Qlik - product: GeoAnalytics Plus + last_updated: '2021-12-15T00:00:00' + - vendor: Rockwell Automation + product: FactoryTalk Analytics DataView cves: cve-2021-4104: investigated: false @@ -75626,13 +81627,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: - - 5.26.5 - - 5.27.5 - 5.28.2 - - 5.29.4 - 5.30.1 - - 5.31.1 - - 5.31.2 + affected_versions: + - 3.03.00 + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -75645,13 +81642,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + - https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605 notes: '' references: - '' - last_updated: '2021-12-15T07:18:50+00:00' - - vendor: Qlik - product: GeoAnalytics Server + last_updated: '2021-12-15T00:00:00' + - vendor: Rockwell Automation + product: Industrial Data Center cves: cve-2021-4104: investigated: false @@ -75662,9 +81659,10 @@ software: investigated: true affected_versions: [] fixed_versions: - - 4.19.1 - 4.27.3 - - 4.23.4 - - 4.32.3 + - Gen 1 + - Gen 2 + - Gen 3 + - Gen 3.5 unaffected_versions: [] cve-2021-45046: investigated: false @@ -75677,13 +81675,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + - https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605 notes: '' references: - '' - last_updated: '2021-12-15T07:18:50+00:00' - - vendor: Qlik - product: Nodegraph + last_updated: '2021-12-15T00:00:00' + - vendor: Rockwell Automation + product: MES EIG cves: cve-2021-4104: investigated: false @@ -75692,10 +81690,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 3.03.00 fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -75707,13 +81705,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 - notes: '' + - https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605 + notes: Customers should upgrade to EIG Hub if possible or work with their local + representatives about alternative solutions. references: - '' - last_updated: '2021-12-15T07:18:50+00:00' - - vendor: Qlik - product: Nprinting + last_updated: '2021-12-15T00:00:00' + - vendor: Rockwell Automation + product: VersaVirtual cves: cve-2021-4104: investigated: false @@ -75723,9 +81722,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All + fixed_versions: + - Series A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -75737,13 +81736,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + - https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605 notes: '' references: - '' - last_updated: '2021-12-15T07:18:50+00:00' - - vendor: Qlik - product: ODBC Connector Package + last_updated: '2021-12-15T00:00:00' + - vendor: Rockwell Automation + product: Warehouse Management cves: cve-2021-4104: investigated: false @@ -75752,10 +81751,13 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 4.01.00 + - 4.02.00 + - 4.02.01 + - 4.02.02 fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -75767,13 +81769,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + - https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605 notes: '' references: - '' - last_updated: '2021-12-15T07:18:50+00:00' - - vendor: Qlik - product: QEM + last_updated: '2021-12-15T00:00:00' + - vendor: Rollbar + product: '' cves: cve-2021-4104: investigated: false @@ -75781,13 +81783,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - '6.6' - - '7.0' - - '2021.5' - - '2021.11' + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -75800,13 +81798,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + - https://rollbar.com/blog/log4j-zero-day-2021-log4shell/ notes: '' references: - '' - last_updated: '2021-12-15T07:18:50+00:00' - - vendor: Qlik - product: Qlik Alerting + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Rosette.com + product: '' cves: cve-2021-4104: investigated: false @@ -75814,11 +81812,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -75830,13 +81827,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + - https://support.rosette.com/hc/en-us/articles/4416216525965-Log4j-Vulnerability notes: '' references: - '' - last_updated: '2021-12-15T07:18:50+00:00' - - vendor: Qlik - product: Qlik Catalog + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: RSA + product: SecurID Authentication Manager cves: cve-2021-4104: investigated: false @@ -75844,11 +81841,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - May 2021 release and after + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -75859,14 +81855,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + vendor_links: [] notes: '' references: - '' - last_updated: '2021-12-15T07:18:50+00:00' - - vendor: Qlik - product: Qlik Data Transfer + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: RSA + product: SecurID Authentication Manager Prime cves: cve-2021-4104: investigated: false @@ -75874,11 +81869,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -75889,14 +81883,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + vendor_links: [] notes: '' references: - '' - last_updated: '2021-12-15T07:18:50+00:00' - - vendor: Qlik - product: Qlik Enterprise Manager + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: RSA + product: SecurID Authentication Manager WebTier cves: cve-2021-4104: investigated: false @@ -75904,13 +81897,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - '6.6' - - '7.0' - - '2021.5' - - '2021.11' + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -75922,14 +81911,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://community.qlik.com/t5/Knowledge/CVE-2021-44228-Handling-the-log4j-lookups-critical-vulnerability/ta-p/1869994 + vendor_links: [] notes: '' references: - '' - last_updated: '2021-12-15T07:18:50+00:00' - - vendor: Qlik - product: Qlik Forts + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: RSA + product: SecurID Governance and Lifecycle cves: cve-2021-4104: investigated: false @@ -75937,11 +81925,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -75952,14 +81939,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + vendor_links: [] notes: '' references: - '' - last_updated: '2021-12-15T07:18:50+00:00' - - vendor: Qlik - product: Qlik RepliWeb and ARC + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: RSA + product: SecurID Governance and Lifecycle Cloud cves: cve-2021-4104: investigated: false @@ -75967,11 +81953,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -75982,14 +81967,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + vendor_links: [] notes: '' references: - '' - last_updated: '2021-12-15T07:18:50+00:00' - - vendor: Qlik - product: Qlik Sense Business + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: RSA + product: SecurID Identity Router cves: cve-2021-4104: investigated: false @@ -75997,11 +81981,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -76012,14 +81995,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + vendor_links: [] notes: '' references: - '' - last_updated: '2021-12-15T07:18:50+00:00' - - vendor: Qlik - product: Qlik Sense Enterprise + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: RSA Netwitness + product: '' cves: cve-2021-4104: investigated: false @@ -76027,11 +82009,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -76043,13 +82024,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + - https://community.rsa.com/t5/netwitness-platform-product/netwitness-apache-vulnerability-log4j2-cve-2021-44228-nbsp/ta-p/660540 notes: '' references: - '' - last_updated: '2021-12-15T07:18:50+00:00' - - vendor: Qlik - product: Qlik Sense Enterprise SaaS + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Rstudioapi + product: Rstudioapi cves: cve-2021-4104: investigated: false @@ -76061,7 +82042,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - '0.13' cve-2021-45046: investigated: false affected_versions: [] @@ -76073,13 +82054,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + - https://github.com/rstudio/rstudioapi notes: '' references: - '' - last_updated: '2021-12-15T07:18:50+00:00' - - vendor: Qlik - product: Qlik View + last_updated: '2021-12-21T00:00:00' + - vendor: Rubrik + product: '' cves: cve-2021-4104: investigated: false @@ -76087,11 +82068,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -76103,13 +82083,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 - notes: '' + - https://support.rubrik.com/s/announcementdetail?Id=a406f000001PwOcAAK + notes: This advisory is available to customers only and has not been reviewed + by CISA references: - '' - last_updated: '2021-12-15T07:18:50+00:00' - - vendor: Qlik - product: Qlik Web Connectors + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Ruckus + product: Virtual SmartZone (vSZ) cves: cve-2021-4104: investigated: false @@ -76118,10 +82099,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 5.1 to 6.0 fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -76133,13 +82114,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + - https://support.ruckuswireless.com/security_bulletins/313 notes: '' references: - '' - last_updated: '2021-12-15T07:18:50+00:00' - - vendor: Qlik - product: Replicate + last_updated: '2021-12-13T00:00:00' + - vendor: RunDeck by PagerDuty + product: '' cves: cve-2021-4104: investigated: false @@ -76147,13 +82128,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - '6.6' - - '7.0' - - '2021.5' - - '2021.11' + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -76166,13 +82143,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + - https://docs.rundeck.com/docs/history/CVEs/ notes: '' references: - '' - last_updated: '2021-12-15T07:18:50+00:00' - - vendor: Qlik - product: REST Connectors + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Runecast + product: Runecast Analyzer cves: cve-2021-4104: investigated: false @@ -76182,9 +82159,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All + fixed_versions: + - 6.0.3 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -76196,13 +82173,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + - https://www.runecast.com/release-notes notes: '' references: - '' - last_updated: '2021-12-15T07:18:50+00:00' - - vendor: Qlik - product: Salesforce and SAP Connectors + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: SAE-IT + product: '' cves: cve-2021-4104: investigated: false @@ -76210,11 +82187,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -76226,13 +82202,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 - notes: Connectos are not affected. + - https://www.sae-it.com/nc/de/news/sicherheitsmeldungen.html + notes: '' references: - '' - last_updated: '2021-12-15T07:18:50+00:00' - - vendor: QMATIC - product: Appointment Booking + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: SAFE FME Server + product: '' cves: cve-2021-4104: investigated: false @@ -76240,10 +82216,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - 2.4+ + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -76256,13 +82231,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability - notes: Update to v. 2.8.2 which contains log4j 2.16 + - https://community.safe.com/s/article/Is-FME-Server-Affected-by-the-Security-Vulnerability-Reported-Against-log4j + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: QMATIC - product: Appointment Booking + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: SAGE + product: '' cves: cve-2021-4104: investigated: false @@ -76270,10 +82245,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - Cloud/Managed Service + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -76286,13 +82260,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability - notes: log4j 2.16 applied 2021-12-15 + - https://www.sagecity.com/sage-global-solutions/sage-crm/f/sage-crm-announcements-news-and-alerts/178655/advisory-apache-log4j-vulnerability-cve-2021-44228 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: QMATIC - product: Insights + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: SailPoint + product: '' cves: cve-2021-4104: investigated: false @@ -76300,10 +82274,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - Cloud + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -76316,13 +82289,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability - notes: log4j 2.16 applied 2021-12-16 + - https://community.sailpoint.com/t5/IdentityIQ-Blog/IdentityIQ-log4j-Remote-Code-Execution-Vulnerability/ba-p/206681 + notes: This advisory is available to customers only and has not been reviewed + by CISA references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: QMATIC - product: Orchestra Central + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Salesforce + product: Analytics Cloud cves: cve-2021-4104: investigated: false @@ -76332,13 +82306,14 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - 6.0+ + fixed_versions: + - All + unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -76346,13 +82321,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability - notes: '' + - https://help.salesforce.com/s/articleView?id=000363736&type=1 + notes: Analytics Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned + services and third-party vendors have been patched to address the issues currently + identified in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: QNAP - product: QES Operating System + last_updated: '2022-01-26T00:00:00' + - vendor: Salesforce + product: B2C Commerce Cloud cves: cve-2021-4104: investigated: false @@ -76362,13 +82339,14 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' + fixed_versions: + - All + unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -76376,13 +82354,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.qnap.com/en-uk/security-advisory/qsa-21-58 - notes: '' + - https://help.salesforce.com/s/articleView?id=000363736&type=1 + notes: B2C Commerce Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned + services and third-party vendors have been patched to address the issues currently + identified in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: QNAP - product: Qsirch + last_updated: '2022-01-26T00:00:00' + - vendor: Salesforce + product: ClickSoftware (As-a-Service) cves: cve-2021-4104: investigated: false @@ -76392,13 +82372,14 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' + fixed_versions: + - All + unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -76406,13 +82387,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.qnap.com/en-uk/security-advisory/qsa-21-58 - notes: '' + - https://help.salesforce.com/s/articleView?id=000363736&type=1 + notes: ClickSoftware (As-a-Service) was affected by CVE-2021-44228 and CVE-2021-45046. + Salesforce-owned services and third-party vendors have been patched to address + the issues currently identified in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: QNAP - product: QTS Operating System + last_updated: '2022-01-26T00:00:00' + - vendor: Salesforce + product: ClickSoftware (On-Premise) cves: cve-2021-4104: investigated: false @@ -76422,13 +82405,14 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' + fixed_versions: + - All + unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -76436,13 +82420,16 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.qnap.com/en-uk/security-advisory/qsa-21-58 - notes: '' + - https://help.salesforce.com/s/articleView?id=000363736&type=1 + notes: ClickSoftware (On-Premise) was affected by CVE-2021-44228 and CVE-2021-45046. + Salesforce-owned services and third-party vendors have been patched to address + the issues currently identified in CVE-2021-44228 and CVE-2021-45046. Additional + details are available here. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: QNAP - product: QuTS Hero Operating System + last_updated: '2022-01-26T00:00:00' + - vendor: Salesforce + product: Data.com cves: cve-2021-4104: investigated: false @@ -76452,13 +82439,14 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' + fixed_versions: + - All + unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -76466,13 +82454,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.qnap.com/en-uk/security-advisory/qsa-21-58 - notes: '' + - https://help.salesforce.com/s/articleView?id=000363736&type=1 + notes: Data.com was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned + services and third-party vendors have been patched to address the issues currently + identified in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: QOPPA - product: All + last_updated: '2022-01-26T00:00:00' + - vendor: Salesforce + product: DataLoader cves: cve-2021-4104: investigated: false @@ -76480,14 +82470,16 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '>=53.0.2' unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '>=53.0.2' unaffected_versions: [] cve-2021-45105: investigated: false @@ -76495,13 +82487,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kbdeveloper.qoppa.com/cve-2021-44228-apache-log4j-vulnerability/ - notes: '' + - https://github.com/forcedotcom/dataloader/releases/tag/v53.0.2 + notes: This version is for use with Salesforce Winter '22 or higher release through + Salesforce Force Partner API and Force WSC v53.0.0. It contains the fix for + CVE-2021-44228, CVE-2021-45046, and CVE-2021-45105 by upgrading to log4j 2.17.0. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: QOS.ch - product: SLF4J Simple Logging Facade for Java + last_updated: '2022-01-26T00:00:00' + - vendor: Salesforce + product: Datorama cves: cve-2021-4104: investigated: false @@ -76509,14 +82503,16 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -76524,13 +82520,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.slf4j.org/log4shell.html - notes: '' + - https://help.salesforce.com/s/articleView?id=000363736&type=1 + notes: Datorama was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned + services and third-party vendors have been patched to address the issues currently + identified in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: QSC Q-SYS - product: All + last_updated: '2022-01-26T00:00:00' + - vendor: Salesforce + product: Evergage (Interaction Studio) cves: cve-2021-4104: investigated: false @@ -76538,14 +82536,16 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -76553,13 +82553,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://qscprod.force.com/selfhelpportal/s/article/Are-Q-SYS-products-affected-by-the-Log4j-vulnerability-CVE-2021-44228 - notes: '' + - https://help.salesforce.com/s/articleView?id=000363736&type=1 + notes: Evergage (Interaction Studio) was affected by CVE-2021-44228 and CVE-2021-45046. + Salesforce-owned services and third-party vendors have been patched to address + the issues currently identified in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: QT - product: All + last_updated: '2022-01-26T00:00:00' + - vendor: Salesforce + product: Experience (Community) Cloud cves: cve-2021-4104: investigated: false @@ -76567,14 +82569,16 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -76582,13 +82586,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.qt.io/blog/the-qt-company-products-not-affected-by-cve-2021-44228-log4j-vulnerability - notes: '' + - https://help.salesforce.com/s/articleView?id=000363736&type=1 + notes: Experience Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned + services and third-party vendors have been patched to address the issues currently + identified in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Quest - product: Foglight + last_updated: '2022-01-26T00:00:00' + - vendor: Salesforce + product: Force.com cves: cve-2021-4104: investigated: false @@ -76596,15 +82602,16 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '5.9' + fixed_versions: + - All + unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -76612,13 +82619,18 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.quest.com/fr-fr/search#q=CVE-2021-44228&t=Global - notes: '' + - https://help.salesforce.com/s/articleView?id=000363736&type=1 + notes: Force.com was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned + services and third-party vendors have been patched to address the issues currently + identified in CVE-2021-44228 and CVE-2021-45046. The Data Loader tool has been + patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. + Make sure that you are using Data Loader version 53.0.2 or later. Follow the + steps described here to download the latest version of Data Loader. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Quest - product: Foglight + last_updated: '2022-01-26T00:00:00' + - vendor: Salesforce + product: Heroku cves: cve-2021-4104: investigated: false @@ -76628,27 +82640,29 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - '6.0' - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.quest.com/fr-fr/search#q=CVE-2021-44228&t=Global - notes: '' + - https://help.salesforce.com/s/articleView?id=000363736&type=1 + notes: Heroku is reported to not be affected by the issues currently identified + in CVE-2021-44228 or CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Quest - product: Quest KACE SMA + last_updated: '2022-01-26T00:00:00' + - vendor: Salesforce + product: Marketing Cloud cves: cve-2021-4104: investigated: false @@ -76658,13 +82672,14 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' + fixed_versions: + - All + unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -76672,13 +82687,16 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.quest.com/fr-fr/search#q=CVE-2021-44228&t=Global - notes: '' + - https://help.salesforce.com/s/articleView?id=000363736&type=1 + notes: Salesforce-owned services within Marketing Cloud are not affected by the + issues currently identified in CVE-2021-44228 or CVE-2021-45046. Third-party + vendors have been patched to address the security issues currently identified + in CVE-2021-44228 or CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: R - product: R + last_updated: '2022-01-26T00:00:00' + - vendor: Salesforce + product: MuleSoft (Cloud) cves: cve-2021-4104: investigated: false @@ -76688,13 +82706,14 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - 4.1.1 + fixed_versions: + - All + unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -76702,13 +82721,16 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.r-project.org/ - notes: '' + - https://help.salesforce.com/s/articleView?id=000363736&type=1 + notes: MuleSoft (Cloud) was affected by CVE-2021-44228 and CVE-2021-45046. Mulesoft + services, including dataloader.io, have been updated to mitigate the issues + currently identified in CVE-2021-44228 and CVE-2021-45046. Please see additional + details here. references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: R2ediviewer - product: '' + last_updated: '2022-01-26T00:00:00' + - vendor: Salesforce + product: MuleSoft (On-Premise) cves: cve-2021-4104: investigated: false @@ -76716,14 +82738,16 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -76731,13 +82755,17 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://r2ediviewer.de/DE/reload.html?Change-log_17858584.html - notes: '' + - https://help.salesforce.com/s/articleView?id=000363736&type=1 + notes: MuleSoft (On-Premise) was affected by CVE-2021-44228 and CVE-2021-45046. + Salesforce-owned services and third-party vendors, including Private Cloud Edition + (PCE) and Anypoint Studio, have a mitigation in place to address the issues + currently identified in CVE-2021-44228 and CVE-2021-45046. Please see additional + details here. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Radware - product: '' + last_updated: '2022-01-26T00:00:00' + - vendor: Salesforce + product: Pardot cves: cve-2021-4104: investigated: false @@ -76745,14 +82773,16 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -76760,13 +82790,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.radware.com/app/answers/answer_view/a_id/1029752 - notes: '' + - https://help.salesforce.com/s/articleView?id=000363736&type=1 + notes: Pardot was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned + services and third-party vendors have been patched to address the issues currently + identified in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Rapid7 - product: AlcidekArt, kAdvisor, and kAudit + last_updated: '2022-01-26T00:00:00' + - vendor: Salesforce + product: Sales Cloud cves: cve-2021-4104: investigated: false @@ -76776,13 +82808,14 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - on-prem + fixed_versions: + - All + unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -76790,13 +82823,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 - notes: '' + - https://help.salesforce.com/s/articleView?id=000363736&type=1 + notes: Sales Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned + services and third-party vendors have been patched to address the issues currently + identified in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Rapid7 - product: AppSpider Enterprise + last_updated: '2022-01-26T00:00:00' + - vendor: Salesforce + product: Service Cloud cves: cve-2021-4104: investigated: false @@ -76806,13 +82841,14 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - on-prem + fixed_versions: + - All + unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -76820,13 +82856,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 - notes: '' + - https://help.salesforce.com/s/articleView?id=000363736&type=1 + notes: Service Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned + services and third-party vendors have been patched to address the issues currently + identified in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Rapid7 - product: AppSpider Pro + last_updated: '2022-01-26T00:00:00' + - vendor: Salesforce + product: Slack cves: cve-2021-4104: investigated: false @@ -76836,13 +82874,14 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - on-prem + fixed_versions: + - All + unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -76850,13 +82889,16 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 - notes: '' + - https://help.salesforce.com/s/articleView?id=000363736&type=1 + notes: Slack was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned + services and third-party vendors have been patched to address the issues currently + identified in both CVE-2021-44228 and CVE-2021-45046. Additional details are + available here. references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Rapid7 - product: Insight Agent + last_updated: '2022-01-26T00:00:00' + - vendor: Salesforce + product: Social Studio cves: cve-2021-4104: investigated: false @@ -76866,13 +82908,14 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - on-prem + fixed_versions: + - All + unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -76880,13 +82923,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 - notes: '' + - https://help.salesforce.com/s/articleView?id=000363736&type=1 + notes: Social Studio was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned + services and third-party vendors have been patched to address the issues currently + identified in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Rapid7 - product: InsightAppSec Scan Engine + last_updated: '2022-01-26T00:00:00' + - vendor: Salesforce + product: Tableau (On-Premise) cves: cve-2021-4104: investigated: false @@ -76896,9 +82941,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - on-prem + fixed_versions: + - < 2021.4.1 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -76910,13 +82955,16 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 - notes: '' + - https://kb.tableau.com/articles/issue/Apache-Log4j2-vulnerability-Log4shell + notes: Tableau (On-Premise) was affected by CVE-2021-44228 and CVE-2021-45046. + Patches to address the issues currently identified in both CVE-2021-44228 and + CVE-2021-45046 are available for download. Additional details are available + here. references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Rapid7 - product: InsightAppSec Scan Engine + last_updated: '2021-12-16T00:00:00' + - vendor: Salesforce + product: Tableau (Online) cves: cve-2021-4104: investigated: false @@ -76926,13 +82974,14 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - on-prem + fixed_versions: + - All + unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -76940,13 +82989,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 - notes: '' + - https://help.salesforce.com/s/articleView?id=000363736&type=1 + notes: Tableau Online was affected by CVE-2021-44228 and CVE-2021-45046. Services + have been patched to mitigate the issues currently identified in both CVE-2021-44228 + and CVE-2021-45046. references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Rapid7 - product: InsightCloudSec/DivvyCloud + last_updated: '2022-01-26T00:00:00' + - vendor: Samsung Electronics America + product: Knox Admin Portal cves: cve-2021-4104: investigated: false @@ -76958,25 +83009,26 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - on-prem + - All cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Rapid7 - product: InsightConnect Orchestrator + last_updated: '2022-01-17T00:00:00' + - vendor: Samsung Electronics America + product: Knox Asset Intelligence cves: cve-2021-4104: investigated: false @@ -76988,25 +83040,26 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - on-prem + - All cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Rapid7 - product: InsightIDR Network Sensor + last_updated: '2022-01-17T00:00:00' + - vendor: Samsung Electronics America + product: Knox Configure cves: cve-2021-4104: investigated: false @@ -77018,25 +83071,26 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - on-prem + - All cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Rapid7 - product: InsightIDR/InsightOps Collector & Event Sources + last_updated: '2022-01-17T00:00:00' + - vendor: Samsung Electronics America + product: Knox E-FOTA One cves: cve-2021-4104: investigated: false @@ -77048,25 +83102,26 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - on-prem + - All cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Rapid7 - product: InsightOps DataHub + last_updated: '2022-01-17T00:00:00' + - vendor: Samsung Electronics America + product: Knox Guard cves: cve-2021-4104: investigated: false @@ -77075,29 +83130,29 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - InsightOps DataHub <= 2.0 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 - notes: Upgrade [DataHub to version 2.0.1](https://rep.logentries.com/datahub/DataHub_2.0.1.deb) - using the [following instructions](https://docs.rapid7.com/insightops/setting-up-datahub/). + - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Rapid7 - product: InsightOps non-Java logging libraries + last_updated: '2022-01-17T00:00:00' + - vendor: Samsung Electronics America + product: Knox License Management cves: cve-2021-4104: investigated: false @@ -77109,25 +83164,26 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - on-prem + - All cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Rapid7 - product: InsightOps r7insight_java logging library + last_updated: '2022-01-17T00:00:00' + - vendor: Samsung Electronics America + product: Knox Manage cves: cve-2021-4104: investigated: false @@ -77136,14 +83192,15 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - <=3.0.8 - fixed_versions: [] + affected_versions: [] + fixed_versions: + - Cloud unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - Cloud unaffected_versions: [] cve-2021-45105: investigated: false @@ -77151,13 +83208,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 - notes: Upgrade [r7insight_java](https://github.com/rapid7/r7insight_java) to 3.0.9 + - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Rapid7 - product: InsightVM Kubernetes Monitor + last_updated: '2022-01-17T00:00:00' + - vendor: Samsung Electronics America + product: Knox Managed Services Provider (MSP) cves: cve-2021-4104: investigated: false @@ -77169,25 +83226,26 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - on-prem + - All cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Rapid7 - product: InsightVM/Nexpose + last_updated: '2022-01-17T00:00:00' + - vendor: Samsung Electronics America + product: Knox Mobile Enrollment cves: cve-2021-4104: investigated: false @@ -77199,25 +83257,26 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - on-prem + - All cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Rapid7 - product: InsightVM/Nexpose Console + last_updated: '2022-01-17T00:00:00' + - vendor: Samsung Electronics America + product: Knox Reseller Portal cves: cve-2021-4104: investigated: false @@ -77227,13 +83286,14 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - on-prem + fixed_versions: + - Cloud + unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - Cloud unaffected_versions: [] cve-2021-45105: investigated: false @@ -77241,15 +83301,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 - notes: Installations of the InsightVM/Nexpose have “log4j-over-slf4j-1.7.7.jar” - packaged in them. This is a different library than log4j-core and is not vulnerable - to Log4Shell. + - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Rapid7 - product: InsightVM/Nexpose Engine + last_updated: '2022-01-17T00:00:00' + - vendor: Sangoma + product: '' cves: cve-2021-4104: investigated: false @@ -77257,11 +83315,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - on-prem + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -77273,15 +83330,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 - notes: Installations of the InsightVM/Nexpose have “log4j-over-slf4j-1.7.7.jar” - packaged in them. This is a different library than log4j-core and is not vulnerable - to Log4Shell. + - https://help.sangoma.com/community/s/article/Log4Shell + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Rapid7 - product: IntSights virtual appliance + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: SAP + product: '' cves: cve-2021-4104: investigated: false @@ -77289,11 +83344,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - on-prem + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -77305,13 +83359,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 - notes: '' + - https://support.sap.com/content/dam/support/en_us/library/ssp/my-support/trust-center/sap-tc-01-5025.pdf + notes: This advisory is available to customers only and has not been reviewed + by CISA references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Rapid7 - product: Logentries DataHub + last_updated: '2021-12-17T00:00:00' + - vendor: SAP Advanced Platform + product: '' cves: cve-2021-4104: investigated: false @@ -77319,9 +83374,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Linux version <= 1.2.0.820; Windows version <= 1.2.0.820 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -77335,16 +83389,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 - notes: 'Linux: Install DataHub_1.2.0.822.deb using the following [instructions](https://docs.logentries.com/docs/datahub-linux). - Windows: Run version 1.2.0.822 in a Docker container or as a Java command per - these [instructions](https://docs.logentries.com/docs/datahub-windows). You - can find more details [here](https://docs.logentries.com/docs/datahub-linux).' + - https://launchpad.support.sap.com/#/notes/3130698 + notes: This advisory is available to customers only and has not been reviewed + by CISA references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Rapid7 - product: Logentries le_java logging library + last_updated: '2021-12-17T00:00:00' + - vendor: SAP BusinessObjects + product: '' cves: cve-2021-4104: investigated: false @@ -77352,9 +83404,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 'All versions: this is a deprecated component' + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -77368,13 +83419,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 - notes: Migrate to version 3.0.9 of [r7insight_java](https://github.com/rapid7/r7insight_java) + - https://blogs.sap.com/2021/12/16/cve-2021-44228-impact-of-log4j-vulnerability-on-sap-businessobjects/ + notes: The support document is available to customers only and has not been reviewed + by CISA references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Rapid7 - product: Metasploit Framework + last_updated: '2021-12-17T00:00:00' + - vendor: SAS + product: '' cves: cve-2021-4104: investigated: false @@ -77382,11 +83434,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - on-prem + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -77398,13 +83449,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + - https://support.sas.com/content/support/en/security-bulletins/remote-code-execution-vulnerability-cve-2021-44228.html notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Rapid7 - product: Metasploit Pro + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: SASSAFRAS + product: '' cves: cve-2021-4104: investigated: false @@ -77412,11 +83463,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - on-prem + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -77428,15 +83478,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 - notes: Metasploit Pro ships with log4j but has specific configurations applied - to it that mitigate Log4Shell. A future update will contain a fully patched - version of log4j. + - https://www.sassafras.com/log4j-vulnerability-cve-2021-44228/ + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Rapid7 - product: tCell Java Agent + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Savignano software solutions + product: '' cves: cve-2021-4104: investigated: false @@ -77444,11 +83492,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - on-prem + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -77460,13 +83507,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + - https://savignano.atlassian.net/wiki/spaces/SNOTIFY/blog/2021/12/13/2839740417/No+Log4j+Vulnerability+in+S+Notify notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Rapid7 - product: Velociraptor + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: SBT + product: SBT cves: cve-2021-4104: investigated: false @@ -77475,10 +83522,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - <1.5.6 fixed_versions: [] - unaffected_versions: - - on-prem + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -77490,12 +83537,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + - https://github.com/sbt/sbt/releases/tag/v1.5.7 notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - - vendor: Raritan + - vendor: ScaleComputing product: '' cves: cve-2021-4104: @@ -77519,12 +83566,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.raritan.com/support - notes: '' + - https://community.scalecomputing.com/s/article/Apache-Log4j-Vulnerability + notes: This advisory is available to customers only and has not been reviewed + by CISA references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Ravelin + - vendor: ScaleFusion MobileLock Pro product: '' cves: cve-2021-4104: @@ -77548,13 +83596,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://syslog.ravelin.com/log4shell-cve-2021-44228-4338bb8da67b + - https://help.mobilock.in/article/t9sx43yg44-scalefusion-security-advisory-for-apache-log-4-j-vulnerability-cve-2021-44228 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Real-Time Innovations (RTI) - product: Distributed Logger + - vendor: Schneider Electric + product: EASYFIT cves: cve-2021-4104: investigated: false @@ -77562,8 +83610,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - Current software and earlier fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -77577,13 +83626,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products + - https://www.se.com/us/en/download/document/7EN52-0390/ notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Real-Time Innovations (RTI) - product: Recording Console + last_updated: '2021-12-20T00:00:00' + - vendor: Schneider Electric + product: Ecoreal XL cves: cve-2021-4104: investigated: false @@ -77591,8 +83640,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - Current software and earlier fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -77606,13 +83656,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products + - https://www.se.com/us/en/download/document/7EN52-0390/ notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Real-Time Innovations (RTI) - product: RTI Administration Console + last_updated: '2021-12-20T00:00:00' + - vendor: Schneider Electric + product: EcoStruxure IT Expert cves: cve-2021-4104: investigated: false @@ -77620,9 +83670,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - Cloud unaffected_versions: [] cve-2021-45046: investigated: false @@ -77634,14 +83685,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products + vendor_links: [] notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Real-Time Innovations (RTI) - product: RTI Code Generator + last_updated: '2021-12-20T00:00:00' + - vendor: Schneider Electric + product: EcoStruxure IT Gateway cves: cve-2021-4104: investigated: false @@ -77649,9 +83699,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - V1.5.0 to V1.13.0 unaffected_versions: [] cve-2021-45046: investigated: false @@ -77664,13 +83715,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products + - https://ecostruxureit.com/download-and-set-upecostruxureit-gateway/ notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Real-Time Innovations (RTI) - product: RTI Code Generator Server + last_updated: '2021-12-20T00:00:00' + - vendor: Schneider Electric + product: Eurotherm Data Reviewer cves: cve-2021-4104: investigated: false @@ -77678,8 +83729,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - V3.0.2 and prior fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -77693,13 +83745,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products + - https://www.se.com/us/en/download/document/7EN52-0390/ notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Real-Time Innovations (RTI) - product: RTI Micro Application Generator (MAG) + last_updated: '2021-12-20T00:00:00' + - vendor: Schneider Electric + product: Facility Expert Small Business cves: cve-2021-4104: investigated: false @@ -77708,12 +83760,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - as part of RTI Connext Micro 3.0.0 - - 3.0.1 - - 3.0.2 - - 3.0.3 - fixed_versions: [] + affected_versions: [] + fixed_versions: + - Cloud unaffected_versions: [] cve-2021-45046: investigated: false @@ -77726,13 +83775,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products + - https://www.se.com/us/en/download/document/7EN52-0390/ notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Real-Time Innovations (RTI) - product: RTI Micro Application Generator (MAG) + last_updated: '2021-12-20T00:00:00' + - vendor: Schneider Electric + product: MSE cves: cve-2021-4104: investigated: false @@ -77742,7 +83791,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - as part of RTI Connext Professional 6.0.0 and 6.0.1 + - Current software and earlier fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -77756,13 +83805,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products + - https://www.se.com/us/en/download/document/7EN52-0390/ notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Real-Time Innovations (RTI) - product: RTI Monitor + last_updated: '2021-12-20T00:00:00' + - vendor: Schneider Electric + product: NetBotz750/755 cves: cve-2021-4104: investigated: false @@ -77770,8 +83819,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - Software versions 5.0 through 5.3.0 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -77785,13 +83835,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products + - https://www.se.com/us/en/download/document/7EN52-0390/ notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Red Hat - product: log4j-core + last_updated: '2021-12-20T00:00:00' + - vendor: Schneider Electric + product: NEW630 cves: cve-2021-4104: investigated: false @@ -77799,8 +83849,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - Current software and earlier fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -77814,13 +83865,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://access.redhat.com/security/cve/cve-2021-44228 + - https://www.se.com/us/en/download/document/7EN52-0390/ notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Red Hat - product: Red Hat Integration Camel K + last_updated: '2021-12-20T00:00:00' + - vendor: Schneider Electric + product: SDK BOM cves: cve-2021-4104: investigated: false @@ -77828,8 +83879,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - Current software and earlier fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -77843,13 +83895,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://access.redhat.com/security/cve/cve-2021-44228 - notes: '[RHSA-2021:5130](https://access.redhat.com/errata/RHSA-2021:5130)' + - https://www.se.com/us/en/download/document/7EN52-0390/ + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Red Hat - product: Red Hat build of Quarkus + last_updated: '2021-12-20T00:00:00' + - vendor: Schneider Electric + product: SDK-Docgen cves: cve-2021-4104: investigated: false @@ -77857,8 +83909,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - Current software and earlier fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -77872,13 +83925,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://access.redhat.com/security/cve/cve-2021-44228 + - https://www.se.com/us/en/download/document/7EN52-0390/ notes: '' references: - '' last_updated: '2021-12-20T00:00:00' - - vendor: Red Hat - product: Red Hat CodeReady Studio + - vendor: Schneider Electric + product: SDK-TNC cves: cve-2021-4104: investigated: false @@ -77887,9 +83940,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: - - 12.21.0 + affected_versions: + - Current software and earlier + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -77902,13 +83955,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://access.redhat.com/security/cve/cve-2021-44228 - notes: '[CRS 12.21.1 Patch](https://developers.redhat.com/products/codeready-studio/download?source=sso)' + - https://www.se.com/us/en/download/document/7EN52-0390/ + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Red Hat - product: Red Hat Data Grid + last_updated: '2021-12-20T00:00:00' + - vendor: Schneider Electric + product: SDK-UMS cves: cve-2021-4104: investigated: false @@ -77917,9 +83970,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: - - '8' + affected_versions: + - Current software and earlier + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -77932,13 +83985,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://access.redhat.com/security/cve/cve-2021-44228 - notes: '[RHSA-2021:5132](http://access.redhat.com/errata/RHSA-2021:5132)' + - https://www.se.com/us/en/download/document/7EN52-0390/ + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Red Hat - product: Red Hat Decision Manager + last_updated: '2021-12-20T00:00:00' + - vendor: Schneider Electric + product: SDK3D2DRenderer cves: cve-2021-4104: investigated: false @@ -77947,10 +84000,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - Current software and earlier fixed_versions: [] - unaffected_versions: - - '7' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -77962,13 +84015,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://access.redhat.com/security/cve/cve-2021-44228 + - https://www.se.com/us/en/download/document/7EN52-0390/ notes: '' references: - '' last_updated: '2021-12-20T00:00:00' - - vendor: Red Hat - product: Red Hat Enterprise Linux + - vendor: Schneider Electric + product: SDK3D360Widget cves: cve-2021-4104: investigated: false @@ -77977,10 +84030,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - Current software and earlier fixed_versions: [] - unaffected_versions: - - '6' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -77992,13 +84045,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://access.redhat.com/security/cve/cve-2021-44228 + - https://www.se.com/us/en/download/document/7EN52-0390/ notes: '' references: - '' last_updated: '2021-12-20T00:00:00' - - vendor: Red Hat - product: Red Hat Enterprise Linux + - vendor: Schneider Electric + product: Select and Config DATA cves: cve-2021-4104: investigated: false @@ -78007,10 +84060,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - Current software and earlier fixed_versions: [] - unaffected_versions: - - '7' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -78022,13 +84075,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://access.redhat.com/security/cve/cve-2021-44228 + - https://www.se.com/us/en/download/document/7EN52-0390/ notes: '' references: - '' last_updated: '2021-12-20T00:00:00' - - vendor: Red Hat - product: Red Hat Enterprise Linux + - vendor: Schneider Electric + product: SNC-API cves: cve-2021-4104: investigated: false @@ -78037,10 +84090,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - Current software and earlier fixed_versions: [] - unaffected_versions: - - '8' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -78052,13 +84105,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://access.redhat.com/security/cve/cve-2021-44228 + - https://www.se.com/us/en/download/document/7EN52-0390/ notes: '' references: - '' last_updated: '2021-12-20T00:00:00' - - vendor: Red Hat - product: Red Hat Integration Camel Quarkus + - vendor: Schneider Electric + product: SNC-CMM cves: cve-2021-4104: investigated: false @@ -78066,8 +84119,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - Current software and earlier fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -78081,13 +84135,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://access.redhat.com/security/cve/cve-2021-44228 - notes: '[RHSA-2021:5126](https://access.redhat.com/errata/RHSA-2021:5126)' + - https://www.se.com/us/en/download/document/7EN52-0390/ + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Red Hat - product: Red Hat JBoss A-MQ Streaming + last_updated: '2021-12-20T00:00:00' + - vendor: Schneider Electric + product: SNCSEMTECH cves: cve-2021-4104: investigated: false @@ -78095,8 +84149,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - Current software and earlier fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -78110,13 +84165,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://access.redhat.com/security/cve/cve-2021-44228 - notes: '[RHSA-2021:5138](https://access.redhat.com/errata/RHSA-2021:5138)' + - https://www.se.com/us/en/download/document/7EN52-0390/ + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Red Hat - product: Red Hat JBoss Enterprise Application Platform + last_updated: '2021-12-20T00:00:00' + - vendor: Schneider Electric + product: SPIMV3 cves: cve-2021-4104: investigated: false @@ -78125,9 +84180,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: - - '7' + affected_versions: + - Current software and earlier + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -78140,15 +84195,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://access.redhat.com/security/cve/cve-2021-44228 - notes: "[Maven Patch](https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform&downloadType=securityPatches&version=7.4)\ - \ - Affects only the Mavenized distribution. Container, Zip and RPM distro aren't\ - \ affected." + - https://www.se.com/us/en/download/document/7EN52-0390/ + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Red Hat - product: Red Hat JBoss Enterprise Application Platform Expansion Pack + last_updated: '2021-12-20T00:00:00' + - vendor: Schneider Electric + product: SWBEditor cves: cve-2021-4104: investigated: false @@ -78157,10 +84210,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - Current software and earlier fixed_versions: [] - unaffected_versions: - - '7' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -78172,13 +84225,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://access.redhat.com/security/cve/cve-2021-44228 + - https://www.se.com/us/en/download/document/7EN52-0390/ notes: '' references: - '' last_updated: '2021-12-20T00:00:00' - - vendor: Red Hat - product: Red Hat JBoss Fuse + - vendor: Schneider Electric + product: SWBEngine cves: cve-2021-4104: investigated: false @@ -78187,9 +84240,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: - - '7' + affected_versions: + - Current software and earlier + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -78202,13 +84255,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://access.redhat.com/security/cve/cve-2021-44228 - notes: '[RHSA-2021:5134](https://access.redhat.com/errata/RHSA-2021:5134)' + - https://www.se.com/us/en/download/document/7EN52-0390/ + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Red Hat - product: Red Hat Process Automation + last_updated: '2021-12-20T00:00:00' + - vendor: Schneider Electric + product: Wiser by SE platform cves: cve-2021-4104: investigated: false @@ -78219,7 +84272,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '7' + - Cloud unaffected_versions: [] cve-2021-45046: investigated: false @@ -78231,16 +84284,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://access.redhat.com/security/cve/cve-2021-44228 - notes: "[Maven Patch](https://access.redhat.com/jbossnetwork/restricted/softwareDetail.html?softwareId=103671&product=rhpam&version=7.11.1&downloadType=patches)\ - \ - Affects only the Mavenized distribution. Container, Zip and RPM distro aren't\ - \ affected." + vendor_links: [] + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Red Hat - product: Red Hat Single Sign-On + last_updated: '2021-12-20T00:00:00' + - vendor: Schweitzer Engineering Laboratories + product: '' cves: cve-2021-4104: investigated: false @@ -78248,11 +84298,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '7' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -78264,13 +84313,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://access.redhat.com/security/cve/cve-2021-44228 + - https://selinc.com/support/security-notifications/ notes: '' references: - '' last_updated: '2021-12-21T00:00:00' - - vendor: Red Hat - product: Red Hat Vert.X + - vendor: SCM Manager + product: '' cves: cve-2021-4104: investigated: false @@ -78278,10 +84327,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - '4' + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -78294,13 +84342,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://access.redhat.com/security/cve/cve-2021-44228 - notes: '[RHSA-2021:5093](https://access.redhat.com/errata/RHSA-2021:5093)' + - https://scm-manager.org/blog/posts/2021-12-13-log4shell/ + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Red Hat - product: Satellite 5 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: ScreenBeam + product: '' cves: cve-2021-4104: investigated: false @@ -78323,13 +84371,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://access.redhat.com/security/cve/cve-2021-44228 + - https://customersupport.screenbeam.com/hc/en-us/articles/4416468085389-December-2021-Security-Alert-Log4j-CVE-2021-44228 notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Red Hat - product: Spacewalk + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: SDL worldServer + product: '' cves: cve-2021-4104: investigated: false @@ -78352,13 +84400,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://access.redhat.com/security/cve/cve-2021-44228 + - https://gateway.sdl.com/apex/communityknowledge?articleName=000017707 notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Red Hat OpenShift Container Platform 3.11 - product: openshift3/ose-logging-elasticsearch5 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Seagull Scientific + product: '' cves: cve-2021-4104: investigated: false @@ -78381,13 +84429,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://access.redhat.com/security/cve/cve-2021-44228 - notes: '[RHSA-2021:5094](http://access.redhat.com/errata/RHSA-2021:5094)' + - https://support.seagullscientific.com/hc/en-us/articles/4415794235543-Apache-Log4Shell-Vulnerability + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Red Hat OpenShift Container Platform 4 - product: openshift4/ose-logging-elasticsearch6 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: SecurePoint + product: '' cves: cve-2021-4104: investigated: false @@ -78410,14 +84458,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://access.redhat.com/security/cve/cve-2021-44228 - notes: Please refer to Red Hat Customer Portal to find the right errata for your - version. + - https://www.securepoint.de/news/details/sicherheitsluecke-log4j-securepoint-loesungen-nicht-betroffen.html + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Red Hat OpenShift Container Platform 4 - product: openshift4/ose-metering-hive + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Security Onion + product: '' cves: cve-2021-4104: investigated: false @@ -78440,14 +84487,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://access.redhat.com/security/cve/cve-2021-44228 - notes: Please refer to Red Hat Customer Portal to find the right errata for your - version. + - https://blog.securityonion.net/2021/12/security-onion-2390-20211210-hotfix-now.html + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Red Hat OpenShift Container Platform 4 - product: openshift4/ose-metering-presto + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Securonix + product: Extended Detection and Response (XDR) cves: cve-2021-4104: investigated: false @@ -78455,8 +84501,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -78470,14 +84517,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://access.redhat.com/security/cve/cve-2021-44228 - notes: Please refer to Red Hat Customer Portal to find the right errata for your - version. + - https://www.securonix.com/wp-content/uploads/2021/12/CVE-2021-44228-Securonix-Cloud-Customer-Update.pdf + notes: Patching ongoing as of 12/10/2021 references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Red Hat OpenShift Logging - product: logging-elasticsearch6-container + last_updated: '2021-12-10T00:00:00' + - vendor: Securonix + product: Next Gen SIEM cves: cve-2021-4104: investigated: false @@ -78485,8 +84531,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -78500,14 +84547,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://access.redhat.com/security/cve/cve-2021-44228 - notes: Please refer to Red Hat Customer Portal to find the right errata for your - version. + - https://www.securonix.com/wp-content/uploads/2021/12/CVE-2021-44228-Securonix-Cloud-Customer-Update.pdf + notes: Patching ongoing as of 12/10/2021 references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Red Hat OpenStack Platform 13 (Queens) - product: opendaylight + last_updated: '2021-12-10T00:00:00' + - vendor: Securonix + product: Security Analytics and Operations Platform (SOAR) cves: cve-2021-4104: investigated: false @@ -78515,8 +84561,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -78530,13 +84577,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://access.redhat.com/security/cve/cve-2021-44228 - notes: End of Life + - https://www.securonix.com/wp-content/uploads/2021/12/CVE-2021-44228-Securonix-Cloud-Customer-Update.pdf + notes: Patching ongoing as of 12/10/2021 references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Red Hat Software Collections - product: rh-java-common-log4j + last_updated: '2021-12-10T00:00:00' + - vendor: Securonix + product: SNYPR Application cves: cve-2021-4104: investigated: false @@ -78559,13 +84606,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://access.redhat.com/security/cve/cve-2021-44228 + - https://www.securonix.com/wp-content/uploads/2021/12/CVE-2021-44228-Securonix-OnPrem-Customer-Update.pdf notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Red Hat Software Collections - product: rh-maven35-log4j12 + last_updated: '2021-12-10T00:00:00' + - vendor: Securonix + product: User and Entity Behavior Analytics(UEBA) cves: cve-2021-4104: investigated: false @@ -78573,8 +84620,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -78588,13 +84636,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://access.redhat.com/security/cve/cve-2021-44228 - notes: '' + - https://www.securonix.com/wp-content/uploads/2021/12/CVE-2021-44228-Securonix-Cloud-Customer-Update.pdf + notes: Patching ongoing as of 12/10/2021 references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Red Hat Software Collections - product: rh-maven36-log4j12 + last_updated: '2021-12-10T00:00:00' + - vendor: Seeburger + product: '' cves: cve-2021-4104: investigated: false @@ -78617,12 +84665,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://access.redhat.com/security/cve/cve-2021-44228 - notes: '' + - https://servicedesk.seeburger.de/portal/en-US/Knowledge/Article/?defId=101040&id=25486312&COMMAND=Open + notes: This advisory is available to customers only and has not been reviewed + by CISA. references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Red5Pro + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: SentinelOne product: '' cves: cve-2021-4104: @@ -78646,12 +84695,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.red5pro.com/blog/red5-marked-safe-from-log4j-and-log4j2-zero-day/ + - https://www.sentinelone.com/blog/cve-2021-44228-staying-secure-apache-log4j-vulnerability/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: RedGate + - vendor: Sentry product: '' cves: cve-2021-4104: @@ -78675,12 +84724,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.red-gate.com/privacy-and-security/vulnerabilities/2021-12-15-log4j-statement + - https://blog.sentry.io/2021/12/15/sentrys-response-to-log4j-vulnerability-cve-2021-44228 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Redis + - vendor: SEP product: '' cves: cve-2021-4104: @@ -78704,12 +84753,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://redis.com/security/notice-apache-log4j2-cve-2021-44228/ + - https://support.sep.de/otrs/public.pl?Action=PublicFAQZoom;ItemID=132 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Reiner SCT + - vendor: Server Eye product: '' cves: cve-2021-4104: @@ -78733,12 +84782,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forum.reiner-sct.com/index.php?/topic/5973-timecard-und-log4j-schwachstelle/&do=findComment&comment=14933 + - https://www.server-eye.de/blog/sicherheitsluecke-log4j-server-eye-systeme-sind-nicht-betroffen/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: ReportURI + - vendor: ServiceNow product: '' cves: cve-2021-4104: @@ -78762,13 +84811,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://scotthelme.co.uk/responding-to-the-log4j-2-vulnerability/ + - https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1000959 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: ResMed - product: AirView + - vendor: Shibboleth + product: '' cves: cve-2021-4104: investigated: false @@ -78791,13 +84840,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.resmed.com/en-us/security/ + - http://shibboleth.net/pipermail/announce/2021-December/000253.html notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: ResMed - product: myAir + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Shibboleth + product: All Products cves: cve-2021-4104: investigated: false @@ -78805,10 +84854,12 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - Identity Provider>=3.0 + - All other software versions cve-2021-45046: investigated: false affected_versions: [] @@ -78820,12 +84871,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.resmed.com/en-us/security/ + - https://shibboleth.net/pipermail/announce/2021-December/000253.html notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Respondus + last_updated: '2021-12-10T00:00:00' + - vendor: Shopify product: '' cves: cve-2021-4104: @@ -78849,13 +84900,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.respondus.com/support/index.php?/News/NewsItem/View/339 - notes: This advisory is available to customers only and has not been reviewed - by CISA + - https://community.shopify.com/c/technical-q-a/is-shopify-affected-by-the-log4j-vulnerability/td-p/1417625 + notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Revenera / Flexera + - vendor: Siebel product: '' cves: cve-2021-4104: @@ -78879,13 +84929,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.flexera.com/t5/Revenera-Company-News/Security-Advisory-Log4j-Java-Vulnerability-CVE-2021-44228/ba-p/216905 + - https://www.siebelhub.com/main/2021/12/log4j-vulnerability-cve-2021-44228-and-siebel-crm.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Ricoh - product: '' + - vendor: Siemens + product: Affected Products cves: cve-2021-4104: investigated: false @@ -78908,13 +84958,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ricoh.com/info/2021/1215_1/ - notes: '' + - https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf + notes: 'Siemens requests: See pdf for the complete list of affected products, + CSAF for automated parsing of data' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: RingCentral - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens + product: Affected Products cves: cve-2021-4104: investigated: false @@ -78937,13 +84988,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ringcentral.com/trust-center/security-bulletin.html - notes: '' + - https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf + notes: 'Siemens requests: See pdf for the complete list of affected products, + CSAF for automated parsing of data' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Riverbed - product: '' + last_updated: '2021-12-19T00:00:00' + - vendor: Siemens Energy + product: Affected Products cves: cve-2021-4104: investigated: false @@ -78966,13 +85018,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportkb.riverbed.com/support/index?page=content&id=S35645 - notes: '' + - https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf + notes: 'Siemens requests: See pdf for the complete list of affected products, + CSAF for automated parsing of data' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Rockwell Automation - product: FactoryTalk Analytics DataFlowML + last_updated: '2021-12-21T00:00:00' + - vendor: Siemens Energy + product: Affected Products cves: cve-2021-4104: investigated: false @@ -78980,41 +85033,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 4.00.00 - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605 - notes: '' - references: - - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Rockwell Automation - product: FactoryTalk Analytics DataView - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: - - 3.03.00 - fixed_versions: [] - unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -79026,13 +85048,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605 - notes: '' + - https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf + notes: 'Siemens requests: See pdf for the complete list of affected products, + CSAF for automated parsing of data' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Rockwell Automation - product: Industrial Data Center + last_updated: '2021-12-20T00:00:00' + - vendor: Siemens Energy + product: Affected Products cves: cve-2021-4104: investigated: false @@ -79040,44 +85063,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - Gen 1 - - Gen 2 - - Gen 3 - - Gen 3.5 - unaffected_versions: [] - cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605 - notes: '' - references: - - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Rockwell Automation - product: MES EIG - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: - - 3.03.00 - fixed_versions: [] - unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -79089,14 +85078,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605 - notes: Customers should upgrade to EIG Hub if possible or work with their local - representatives about alternative solutions. + - https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf + notes: 'Siemens requests: See pdf for the complete list of affected products, + CSAF for automated parsing of data' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Rockwell Automation - product: VersaVirtual + last_updated: '2021-12-16T00:00:00' + - vendor: Siemens Healthineers + product: ATELLICA DATA MANAGER v1.1.1 / v1.2.1 / v1.3.1 cves: cve-2021-4104: investigated: false @@ -79104,10 +85093,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - Series A + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -79120,13 +85108,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605 - notes: '' + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: If you have determined that your Atellica Data Manager has a “Java communication + engine” service, and you require an immediate mitigation, then please contact + your Siemens Customer Care Center or your local Siemens technical support representative. references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Rockwell Automation - product: Warehouse Management + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: CENTRALINK v16.0.2 / v16.0.3 cves: cve-2021-4104: investigated: false @@ -79134,12 +85124,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 4.01.00 - - 4.02.00 - - 4.02.01 - - 4.02.02 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -79153,13 +85139,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605 - notes: '' + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: If you have determined that your CentraLink has a “Java communication engine” + service, and you require a mitigation, then please contact your Siemens Customer + Care Center or your local Siemens technical support representative. references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Rollbar - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: Cios Flow S1 / Alpha / Spin VA30 cves: cve-2021-4104: investigated: false @@ -79182,13 +85170,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://rollbar.com/blog/log4j-zero-day-2021-log4shell/ - notes: '' + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: evaluation ongoing references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Rosette.com - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: Cios Select FD/I.I. VA21 / VA21-S3P cves: cve-2021-4104: investigated: false @@ -79211,13 +85199,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.rosette.com/hc/en-us/articles/4416216525965-Log4j-Vulnerability - notes: '' + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: evaluation ongoing references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: RSA - product: SecurID Authentication Manager + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: DICOM Proxy VB10A cves: cve-2021-4104: investigated: false @@ -79239,13 +85227,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] - notes: '' + vendor_links: + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'Workaround: remove the vulnerable class from the .jar file' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: RSA - product: SecurID Authentication Manager Prime + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: go.All, Som10 VA20 / VA30 / VA40 cves: cve-2021-4104: investigated: false @@ -79267,13 +85256,15 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] - notes: '' + vendor_links: + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'Workaround: In the meantime, we recommend preventing access to port 8090 + from other devices by configuration of the hospital network.' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: RSA - product: SecurID Authentication Manager WebTier + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: go.Fit, Som10 VA30 cves: cve-2021-4104: investigated: false @@ -79295,13 +85286,15 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] - notes: '' + vendor_links: + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'Workaround: In the meantime, we recommend preventing access to port 8090 + from other devices by configuration of the hospital network.' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: RSA - product: SecurID Governance and Lifecycle + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: go.Now, Som10 VA10 / VA20 / VA30 / VA40 cves: cve-2021-4104: investigated: false @@ -79323,13 +85316,15 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] - notes: '' + vendor_links: + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'Workaround: In the meantime, we recommend preventing access to port 8090 + from other devices by configuration of the hospital network.' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: RSA - product: SecurID Governance and Lifecycle Cloud + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: go.Open Pro, Som10 VA30 / VA40 cves: cve-2021-4104: investigated: false @@ -79351,13 +85346,15 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] - notes: '' + vendor_links: + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'Workaround: In the meantime, we recommend preventing access to port 8090 + from other devices by configuration of the hospital network.' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: RSA - product: SecurID Identity Router + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: go.Sim, Som10 VA30 / VA40 cves: cve-2021-4104: investigated: false @@ -79379,13 +85376,15 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] - notes: '' + vendor_links: + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'Workaround: In the meantime, we recommend preventing access to port 8090 + from other devices by configuration of the hospital network.' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: RSA Netwitness - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: go.Top, Som10 VA20 / VA20A_SP5 / VA30 / VA40 cves: cve-2021-4104: investigated: false @@ -79408,13 +85407,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.rsa.com/t5/netwitness-platform-product/netwitness-apache-vulnerability-log4j2-cve-2021-44228-nbsp/ta-p/660540 - notes: '' + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'Workaround: In the meantime, we recommend preventing access to port 8090 + from other devices by configuration of the hospital network.' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Rstudioapi - product: Rstudioapi + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: go.Up, Som10 VA10 / VA20 / VA30 / VA40 cves: cve-2021-4104: investigated: false @@ -79422,11 +85422,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '0.13' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -79438,13 +85437,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://github.com/rstudio/rstudioapi - notes: '' + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'Workaround: In the meantime, we recommend preventing access to port 8090 + from other devices by configuration of the hospital network.' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Rubrik - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: MAGNETOM AERA 1,5T, MAGNETOM PRISMA, MAGNETOM PRISMA FIT, MAGNETOM SKYRA + 3T NUMARIS/X VA30A cves: cve-2021-4104: investigated: false @@ -79467,14 +85468,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.rubrik.com/s/announcementdetail?Id=a406f000001PwOcAAK - notes: This advisory is available to customers only and has not been reviewed - by CISA + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'LOG4J is used in the context of the help system. Workaround: close port + 8090 for standalone systems. Setup IP whitelisting for "need to access" systems + to network port 8090 in case a second console is connected.' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Ruckus - product: Virtual SmartZone (vSZ) + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: MAGNETOM Altea NUMARIS/X VA20A cves: cve-2021-4104: investigated: false @@ -79482,9 +85484,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 5.1 to 6.0 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -79498,13 +85499,16 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.ruckuswireless.com/security_bulletins/313 - notes: '' + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'LOG4J is used in the context of the help system. Workaround: close port + 8090 for standalone systems. Setup IP whitelisting for "need to access" systems + to network port 8090 in case a second console is connected.' references: - '' - last_updated: '2021-12-13T00:00:00' - - vendor: RunDeck by PagerDuty - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: MAGNETOM ALTEA, MAGNETOM LUMINA, MAGNETOM SOLA, MAGNETOM VIDA NUMARIS/X + VA31A cves: cve-2021-4104: investigated: false @@ -79527,13 +85531,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.rundeck.com/docs/history/CVEs/ - notes: '' + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'LOG4J is used in the context of the help system. Workaround: close port + 8090 for standalone systems. Setup IP whitelisting for "need to access" systems + to network port 8090 in case a second console is connected.' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Runecast - product: Runecast Analyzer + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: MAGNETOM Amira NUMARIS/X VA12M cves: cve-2021-4104: investigated: false @@ -79541,10 +85547,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - 6.0.3 + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -79557,13 +85562,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.runecast.com/release-notes - notes: '' + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'LOG4J is used in the context of the help system. Workaround: close port + 8090 for standalone systems. Setup IP whitelisting for "need to access" systems + to network port 8090 in case a second console is connected.' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: SAE-IT - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: MAGNETOM Free.Max NUMARIS/X VA40 cves: cve-2021-4104: investigated: false @@ -79586,13 +85593,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.sae-it.com/nc/de/news/sicherheitsmeldungen.html - notes: '' + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'LOG4J is used in the context of the help system. Workaround: close port + 8090 for standalone systems. Setup IP whitelisting for "need to access" systems + to network port 8090 in case a second console is connected.' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: SAFE FME Server - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: MAGNETOM Lumina NUMARIS/X VA20A cves: cve-2021-4104: investigated: false @@ -79615,13 +85624,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.safe.com/s/article/Is-FME-Server-Affected-by-the-Security-Vulnerability-Reported-Against-log4j - notes: '' + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'LOG4J is used in the context of the help system. Workaround: close port + 8090 for standalone systems. Setup IP whitelisting for "need to access" systems + to network port 8090 in case a second console is connected.' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: SAGE - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: MAGNETOM Sempra NUMARIS/X VA12M cves: cve-2021-4104: investigated: false @@ -79644,13 +85655,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.sagecity.com/sage-global-solutions/sage-crm/f/sage-crm-announcements-news-and-alerts/178655/advisory-apache-log4j-vulnerability-cve-2021-44228 - notes: '' + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'LOG4J is used in the context of the help system. Workaround: close port + 8090 for standalone systems. Setup IP whitelisting for "need to access" systems + to network port 8090 in case a second console is connected.' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: SailPoint - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: MAGNETOM Sola fit NUMARIS/X VA20A cves: cve-2021-4104: investigated: false @@ -79673,14 +85686,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.sailpoint.com/t5/IdentityIQ-Blog/IdentityIQ-log4j-Remote-Code-Execution-Vulnerability/ba-p/206681 - notes: This advisory is available to customers only and has not been reviewed - by CISA + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'LOG4J is used in the context of the help system. Workaround: close port + 8090 for standalone systems. Setup IP whitelisting for "need to access" systems + to network port 8090 in case a second console is connected.' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Salesforce - product: Analytics Cloud + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: MAGNETOM Sola NUMARIS/X VA20A cves: cve-2021-4104: investigated: false @@ -79688,16 +85702,14 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - All + fixed_versions: [] unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - All + fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false @@ -79705,15 +85717,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: Analytics Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned - services and third-party vendors have been patched to address the issues currently - identified in CVE-2021-44228 and CVE-2021-45046. + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'LOG4J is used in the context of the help system. Workaround: close port + 8090 for standalone systems. Setup IP whitelisting for "need to access" systems + to network port 8090 in case a second console is connected.' references: - '' - last_updated: '2022-01-26T00:00:00' - - vendor: Salesforce - product: B2C Commerce Cloud + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: MAGNETOM Vida fit NUMARIS/X VA20A cves: cve-2021-4104: investigated: false @@ -79721,16 +85733,14 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - All + fixed_versions: [] unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - All + fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false @@ -79738,15 +85748,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: B2C Commerce Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned - services and third-party vendors have been patched to address the issues currently - identified in CVE-2021-44228 and CVE-2021-45046. + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'LOG4J is used in the context of the help system. Workaround: close port + 8090 for standalone systems. Setup IP whitelisting for "need to access" systems + to network port 8090 in case a second console is connected.' references: - '' - last_updated: '2022-01-26T00:00:00' - - vendor: Salesforce - product: ClickSoftware (As-a-Service) + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: MAGNETOM Vida NUMARIS/X VA10A* / VA20A cves: cve-2021-4104: investigated: false @@ -79754,16 +85764,14 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - All + fixed_versions: [] unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - All + fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false @@ -79771,15 +85779,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: ClickSoftware (As-a-Service) was affected by CVE-2021-44228 and CVE-2021-45046. - Salesforce-owned services and third-party vendors have been patched to address - the issues currently identified in CVE-2021-44228 and CVE-2021-45046. + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'LOG4J is used in the context of the help system. Workaround: close port + 8090 for standalone systems. Setup IP whitelisting for "need to access" systems + to network port 8090 in case a second console is connected.' references: - '' - last_updated: '2022-01-26T00:00:00' - - vendor: Salesforce - product: ClickSoftware (On-Premise) + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: SENSIS DMCC / DMCM / TS / VM / PPWS / DS VD12A cves: cve-2021-4104: investigated: false @@ -79787,16 +85795,14 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - All + fixed_versions: [] unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - All + fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false @@ -79804,16 +85810,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: ClickSoftware (On-Premise) was affected by CVE-2021-44228 and CVE-2021-45046. - Salesforce-owned services and third-party vendors have been patched to address - the issues currently identified in CVE-2021-44228 and CVE-2021-45046. Additional - details are available here. + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: evaluation ongoing references: - '' - last_updated: '2022-01-26T00:00:00' - - vendor: Salesforce - product: Data.com + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: Somatom Emotion Som5 VC50 cves: cve-2021-4104: investigated: false @@ -79821,16 +85824,14 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - All + fixed_versions: [] unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - All + fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false @@ -79838,15 +85839,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: Data.com was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned - services and third-party vendors have been patched to address the issues currently - identified in CVE-2021-44228 and CVE-2021-45046. + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: evaluation ongoing references: - '' - last_updated: '2022-01-26T00:00:00' - - vendor: Salesforce - product: DataLoader + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: Somatom Scope Som5 VC50 cves: cve-2021-4104: investigated: false @@ -79854,16 +85853,14 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - '>=53.0.2' + fixed_versions: [] unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - '>=53.0.2' + fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false @@ -79871,15 +85868,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://github.com/forcedotcom/dataloader/releases/tag/v53.0.2 - notes: This version is for use with Salesforce Winter '22 or higher release through - Salesforce Force Partner API and Force WSC v53.0.0. It contains the fix for - CVE-2021-44228, CVE-2021-45046, and CVE-2021-45105 by upgrading to log4j 2.17.0. + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: evaluation ongoing references: - '' - last_updated: '2022-01-26T00:00:00' - - vendor: Salesforce - product: Datorama + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: Syngo Carbon Space VA10A / VA10A-CUT2 / VA20A cves: cve-2021-4104: investigated: false @@ -79887,16 +85882,14 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - All + fixed_versions: [] unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - All + fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false @@ -79904,15 +85897,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: Datorama was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned - services and third-party vendors have been patched to address the issues currently - identified in CVE-2021-44228 and CVE-2021-45046. + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'Workaround: remove the vulnerable class from the .jar file' references: - '' - last_updated: '2022-01-26T00:00:00' - - vendor: Salesforce - product: Evergage (Interaction Studio) + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: Syngo MobileViewer VA10A cves: cve-2021-4104: investigated: false @@ -79920,16 +85911,14 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - All + fixed_versions: [] unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - All + fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false @@ -79937,15 +85926,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: Evergage (Interaction Studio) was affected by CVE-2021-44228 and CVE-2021-45046. - Salesforce-owned services and third-party vendors have been patched to address - the issues currently identified in CVE-2021-44228 and CVE-2021-45046. + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: The vulnerability will be patch/mitigated in upcoming releases\patches. references: - '' - last_updated: '2022-01-26T00:00:00' - - vendor: Salesforce - product: Experience (Community) Cloud + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: syngo Plaza VB20A / VB20A_HF01 - HF07 / VB30A / VB30A_HF01 / VB30A_HF02 + / VB30B / VB30C / VB30C_HF01 - HF06 / VB30C_HF91 cves: cve-2021-4104: investigated: false @@ -79953,16 +85941,14 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - All + fixed_versions: [] unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - All + fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false @@ -79970,15 +85956,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: Experience Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned - services and third-party vendors have been patched to address the issues currently - identified in CVE-2021-44228 and CVE-2021-45046. + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'Workaround: remove the vulnerable class from the .jar file' references: - '' - last_updated: '2022-01-26T00:00:00' - - vendor: Salesforce - product: Force.com + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: syngo Workflow MLR VB37A / VB37A_HF01 / VB37A_HF02 / VB37B / VB37B_HF01 + - HF07 / VB37B_HF93 / VB37B_HF94 / VB37B_HF96 cves: cve-2021-4104: investigated: false @@ -79986,16 +85971,14 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - All + fixed_versions: [] unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - All + fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false @@ -80003,18 +85986,16 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: Force.com was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned - services and third-party vendors have been patched to address the issues currently - identified in CVE-2021-44228 and CVE-2021-45046. The Data Loader tool has been - patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. - Make sure that you are using Data Loader version 53.0.2 or later. Follow the - steps described here to download the latest version of Data Loader. + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: Please contact your Customer Service to get support on mitigating the vulnerability. references: - '' - last_updated: '2022-01-26T00:00:00' - - vendor: Salesforce - product: Heroku + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: syngo.via VB20A / VB20A_HF01 - HF08 / VB20A_HF91 / VB20B / VB30A / VB30A_HF01 + - VB30A_HF08 / VB30A_HF91VB30B / VB30B_HF01 / VB40A / VB40A_HF01 - HF02 /VB40B + / VB40B_HF01 - HF05 / VB50A / VB50A_CUT / VB50A_D4VB50B / VB50B_HF01 - HF03 + / VB60A / VB60A_CUT / VB60A_D4 / VB60A_HF01 cves: cve-2021-4104: investigated: false @@ -80022,31 +86003,28 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: Heroku is reported to not be affected by the issues currently identified - in CVE-2021-44228 or CVE-2021-45046. + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'Workaround: remove the vulnerable class from the .jar file' references: - '' - last_updated: '2022-01-26T00:00:00' - - vendor: Salesforce - product: Marketing Cloud + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: syngo.via WebViewer VA13B / VA20A / VA20B cves: cve-2021-4104: investigated: false @@ -80054,16 +86032,14 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - All + fixed_versions: [] unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - All + fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false @@ -80071,16 +86047,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: Salesforce-owned services within Marketing Cloud are not affected by the - issues currently identified in CVE-2021-44228 or CVE-2021-45046. Third-party - vendors have been patched to address the security issues currently identified - in CVE-2021-44228 or CVE-2021-45046. + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'Workaround: remove the vulnerable class from the .jar file' references: - '' - last_updated: '2022-01-26T00:00:00' - - vendor: Salesforce - product: MuleSoft (Cloud) + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: X.Ceed Somaris 10 VA40* cves: cve-2021-4104: investigated: false @@ -80088,16 +86061,14 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - All + fixed_versions: [] unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - All + fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false @@ -80105,16 +86076,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: MuleSoft (Cloud) was affected by CVE-2021-44228 and CVE-2021-45046. Mulesoft - services, including dataloader.io, have been updated to mitigate the issues - currently identified in CVE-2021-44228 and CVE-2021-45046. Please see additional - details here. + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'Workaround: In the meantime, we recommend preventing access to port 8090 + from other devices by configuration of the hospital network.' references: - '' - last_updated: '2022-01-26T00:00:00' - - vendor: Salesforce - product: MuleSoft (On-Premise) + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: X.Cite Somaris 10 VA30*/VA40* cves: cve-2021-4104: investigated: false @@ -80122,16 +86091,14 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - All + fixed_versions: [] unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - All + fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false @@ -80139,17 +86106,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: MuleSoft (On-Premise) was affected by CVE-2021-44228 and CVE-2021-45046. - Salesforce-owned services and third-party vendors, including Private Cloud Edition - (PCE) and Anypoint Studio, have a mitigation in place to address the issues - currently identified in CVE-2021-44228 and CVE-2021-45046. Please see additional - details here. + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'Workaround: In the meantime, we recommend preventing access to port 8090 + from other devices by configuration of the hospital network.' references: - '' - last_updated: '2022-01-26T00:00:00' - - vendor: Salesforce - product: Pardot + last_updated: '2021-12-22T00:00:00' + - vendor: Sierra Wireless + product: '' cves: cve-2021-4104: investigated: false @@ -80157,16 +86121,14 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - All + fixed_versions: [] unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - All + fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false @@ -80174,15 +86136,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: Pardot was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned - services and third-party vendors have been patched to address the issues currently - identified in CVE-2021-44228 and CVE-2021-45046. + - https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2021-007/ + notes: '' references: - '' - last_updated: '2022-01-26T00:00:00' - - vendor: Salesforce - product: Sales Cloud + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Sierra Wireless + product: AirVantage and Octave cloud platforms cves: cve-2021-4104: investigated: false @@ -80190,16 +86150,14 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - All + fixed_versions: [] unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - All + fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false @@ -80207,15 +86165,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: Sales Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned - services and third-party vendors have been patched to address the issues currently - identified in CVE-2021-44228 and CVE-2021-45046. + - https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2021-007/#sthash.iT98k4HP.dpbs + notes: These systems do not operate with the specific non-standard configuration + required for CVE-2021-25046 and hence were not vulnerable to it. references: - '' - last_updated: '2022-01-26T00:00:00' - - vendor: Salesforce - product: Service Cloud + last_updated: '2022-01-05T00:00:00' + - vendor: Sierra Wireless + product: AM/AMM servers cves: cve-2021-4104: investigated: false @@ -80223,16 +86180,14 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - All + fixed_versions: [] unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - All + fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false @@ -80240,15 +86195,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: Service Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned - services and third-party vendors have been patched to address the issues currently - identified in CVE-2021-44228 and CVE-2021-45046. + - https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2021-007/#sthash.iT98k4HP.dpbs + notes: '' references: - '' - last_updated: '2022-01-26T00:00:00' - - vendor: Salesforce - product: Slack + last_updated: '2022-01-05T00:00:00' + - vendor: Signald + product: '' cves: cve-2021-4104: investigated: false @@ -80256,16 +86209,14 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - All + fixed_versions: [] unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - All + fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false @@ -80273,16 +86224,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: Slack was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned - services and third-party vendors have been patched to address the issues currently - identified in both CVE-2021-44228 and CVE-2021-45046. Additional details are - available here. + - https://gitlab.com/signald/signald/-/issues/259 + notes: '' references: - '' - last_updated: '2022-01-26T00:00:00' - - vendor: Salesforce - product: Social Studio + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Silver Peak + product: Orchestrator, Silver Peak GMS cves: cve-2021-4104: investigated: false @@ -80290,16 +86238,14 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - All + fixed_versions: [] unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - All + fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false @@ -80307,15 +86253,16 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: Social Studio was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned - services and third-party vendors have been patched to address the issues currently - identified in CVE-2021-44228 and CVE-2021-45046. + - https://www.arubanetworks.com/website/techdocs/sdwan/docs/advisories/media/security_advisory_notice_apache_log4j2_cve_2021_44228.pdf + notes: Customer managed Orchestrator and legacy GMS products are affected by this + vulnerability. This includes on-premise and customer managed instances running + in public cloud services such as AWS, Azure, Google, or Oracle Cloud. See Corrective + Action Required for details about how to mitigate this exploit. references: - '' - last_updated: '2022-01-26T00:00:00' - - vendor: Salesforce - product: Tableau (On-Premise) + last_updated: '2021-12-14T00:00:00' + - vendor: SingleWire + product: '' cves: cve-2021-4104: investigated: false @@ -80323,10 +86270,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - < 2021.4.1 + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -80339,16 +86285,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.tableau.com/articles/issue/Apache-Log4j2-vulnerability-Log4shell - notes: Tableau (On-Premise) was affected by CVE-2021-44228 and CVE-2021-45046. - Patches to address the issues currently identified in both CVE-2021-44228 and - CVE-2021-45046 are available for download. Additional details are available - here. + - https://support.singlewire.com/s/article/Apache-Log4j2-vulnerability-CVE-2021-44228 + notes: This advisory is available to customers only and has not been reviewed + by CISA references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Salesforce - product: Tableau (Online) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: SISCO + product: '' cves: cve-2021-4104: investigated: false @@ -80356,16 +86300,14 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - All + fixed_versions: [] unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - All + fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false @@ -80373,15 +86315,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: Tableau Online was affected by CVE-2021-44228 and CVE-2021-45046. Services - have been patched to mitigate the issues currently identified in both CVE-2021-44228 - and CVE-2021-45046. + - https://sisconet.com/sisco-news/log4j/ + notes: '' references: - '' - last_updated: '2022-01-26T00:00:00' - - vendor: Samsung Electronics America - product: Knox Admin Portal + last_updated: '2022-01-05T00:00:00' + - vendor: Sitecore + product: '' cves: cve-2021-4104: investigated: false @@ -80389,30 +86329,28 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services + - https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1001391 notes: '' references: - '' - last_updated: '2022-01-17T00:00:00' - - vendor: Samsung Electronics America - product: Knox Asset Intelligence + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Skillable + product: '' cves: cve-2021-4104: investigated: false @@ -80420,30 +86358,28 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services + - https://skillable.com/log4shell/ notes: '' references: - '' - last_updated: '2022-01-17T00:00:00' - - vendor: Samsung Electronics America - product: Knox Configure + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: SLF4J + product: '' cves: cve-2021-4104: investigated: false @@ -80451,30 +86387,28 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services + - http://slf4j.org/log4shell.html notes: '' references: - '' - last_updated: '2022-01-17T00:00:00' - - vendor: Samsung Electronics America - product: Knox E-FOTA One + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Slurm + product: Slurm cves: cve-2021-4104: investigated: false @@ -80486,26 +86420,25 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - 20.11.8 cve-2021-45046: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services + - https://slurm.schedmd.com/documentation.html notes: '' references: - '' - last_updated: '2022-01-17T00:00:00' - - vendor: Samsung Electronics America - product: Knox Guard + last_updated: '2021-12-21T00:00:00' + - vendor: SMA Solar Technology AG + product: '' cves: cve-2021-4104: investigated: false @@ -80513,30 +86446,28 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services + - https://files.sma.de/downloads/HK_Log4j-en-10.pdf?_ga=2.237963714.352491368.1640298543-2015796445.1640298540 notes: '' references: - '' - last_updated: '2022-01-17T00:00:00' - - vendor: Samsung Electronics America - product: Knox License Management + last_updated: '2022-01-05T00:00:00' + - vendor: SmartBear + product: '' cves: cve-2021-4104: investigated: false @@ -80544,30 +86475,28 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services + - https://smartbear.com/security/cve-2021-44228/ notes: '' references: - '' - last_updated: '2022-01-17T00:00:00' - - vendor: Samsung Electronics America - product: Knox Manage + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: SmileCDR + product: '' cves: cve-2021-4104: investigated: false @@ -80575,16 +86504,14 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - Cloud + fixed_versions: [] unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - Cloud + fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false @@ -80592,13 +86519,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services + - https://www.smilecdr.com/our-blog/a-statement-on-log4shell-cve-2021-44228 notes: '' references: - '' - last_updated: '2022-01-17T00:00:00' - - vendor: Samsung Electronics America - product: Knox Managed Services Provider (MSP) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Sn0m + product: '' cves: cve-2021-4104: investigated: false @@ -80606,30 +86533,28 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services + - https://www.snom.com/en/press/log4j-poses-no-threat-snom-phones/ notes: '' references: - '' - last_updated: '2022-01-17T00:00:00' - - vendor: Samsung Electronics America - product: Knox Mobile Enrollment + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Snakemake + product: Snakemake cves: cve-2021-4104: investigated: false @@ -80641,26 +86566,25 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - 6.12.1 cve-2021-45046: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services + - https://snakemake.readthedocs.io/en/stable/ notes: '' references: - '' - last_updated: '2022-01-17T00:00:00' - - vendor: Samsung Electronics America - product: Knox Reseller Portal + last_updated: '2021-12-21T00:00:00' + - vendor: Snow Software + product: Snow Commander cves: cve-2021-4104: investigated: false @@ -80671,13 +86595,12 @@ software: investigated: true affected_versions: [] fixed_versions: - - Cloud + - 8.1 to 8.10.2 unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - Cloud + fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false @@ -80685,13 +86608,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services + - https://community.snowsoftware.com/s/feed/0D5690000B4U6hUCQS notes: '' references: - '' - last_updated: '2022-01-17T00:00:00' - - vendor: Sangoma - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Snow Software + product: VM Access Proxy cves: cve-2021-4104: investigated: false @@ -80699,9 +86622,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - v3.1 to v3.6 unaffected_versions: [] cve-2021-45046: investigated: false @@ -80714,12 +86638,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.sangoma.com/community/s/article/Log4Shell + - https://community.snowsoftware.com/s/feed/0D5690000B4U6hUCQS notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: SAP + - vendor: Snowflake product: '' cves: cve-2021-4104: @@ -80743,14 +86667,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.sap.com/content/dam/support/en_us/library/ssp/my-support/trust-center/sap-tc-01-5025.pdf - notes: This advisory is available to customers only and has not been reviewed - by CISA + - https://community.snowflake.com/s/article/No-Snowflake-exposure-to-Apache-Log4j-vulnerability-CVE-2021-44228 + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: SAP Advanced Platform - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Snyk + product: Cloud Platform cves: cve-2021-4104: investigated: false @@ -80773,13 +86696,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://launchpad.support.sap.com/#/notes/3130698 - notes: This advisory is available to customers only and has not been reviewed - by CISA + - https://updates.snyk.io/snyk%27s-cloud-platform-all-clear-from-log4j-exploits-216499 + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: SAP BusinessObjects + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Software AG product: '' cves: cve-2021-4104: @@ -80803,14 +86725,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blogs.sap.com/2021/12/16/cve-2021-44228-impact-of-log4j-vulnerability-on-sap-businessobjects/ - notes: The support document is available to customers only and has not been reviewed - by CISA + - https://tech.forums.softwareag.com/t/log4j-zero-day-vulnerability/253849 + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: SAS - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: SolarWinds + product: Database Performance Analyzer (DPA) cves: cve-2021-4104: investigated: false @@ -80818,8 +86739,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 2021.1.x + - 2021.3.x + - 2022.1.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -80833,13 +86757,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.sas.com/content/support/en/security-bulletins/remote-code-execution-vulnerability-cve-2021-44228.html - notes: '' + - https://www.solarwinds.com/trust-center/security-advisories/cve-2021-44228 + notes: 'For more information, please see the following KB article: [link](https://support.solarwinds.com/SuccessCenter/s/article/Database-Performance-Analyzer-DPA-and-the-Apache-Log4j-Vulnerability-CVE-2021-44228?language=en_US)' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: SASSAFRAS - product: '' + last_updated: '2021-12-23T00:00:00' + - vendor: SolarWinds + product: Orion Platform cves: cve-2021-4104: investigated: false @@ -80862,13 +86786,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.sassafras.com/log4j-vulnerability-cve-2021-44228/ + - https://www.solarwinds.com/trust-center/security-advisories/cve-2021-44228 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Savignano software solutions - product: '' + last_updated: '2021-12-23T00:00:00' + - vendor: SolarWinds + product: Server & Application Monitor (SAM) cves: cve-2021-4104: investigated: false @@ -80876,8 +86800,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - SAM 2020.2.6 and later fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -80891,13 +86816,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://savignano.atlassian.net/wiki/spaces/SNOTIFY/blog/2021/12/13/2839740417/No+Log4j+Vulnerability+in+S+Notify - notes: '' + - https://www.solarwinds.com/trust-center/security-advisories/cve-2021-44228 + notes: 'For more information, please see the following KB article for the latest + details specific to the SAM hotfix: [link](https://support.solarwinds.com/SuccessCenter/s/article/Server-Application-Monitor-SAM-and-the-Apache-Log4j-Vulnerability-CVE-2021-44228?language=en_US)' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: SBT - product: SBT + last_updated: '2021-12-23T00:00:00' + - vendor: SonarSource + product: '' cves: cve-2021-4104: investigated: false @@ -80905,9 +86831,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - <1.5.6 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -80921,13 +86846,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://github.com/sbt/sbt/releases/tag/v1.5.7 + - https://community.sonarsource.com/t/sonarqube-and-the-log4j-vulnerability/54721 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: ScaleComputing - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Sonatype + product: All Products cves: cve-2021-4104: investigated: false @@ -80935,10 +86860,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Versions cve-2021-45046: investigated: false affected_versions: [] @@ -80950,14 +86876,17 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.scalecomputing.com/s/article/Apache-Log4j-Vulnerability - notes: This advisory is available to customers only and has not been reviewed - by CISA + - https://help.sonatype.com/docs/important-announcements/sonatype-product-log4j-vulnerability-status + notes: Sonatype uses logback as the default logging solution as opposed to log4j. + This means our software including Nexus Lifecycle, Nexus Firewall, Nexus Repository + OSS and Nexus Repository Pro in versions 2.x and 3.x are NOT affected by the + reported log4j vulnerabilities. We still advise keeping your software upgraded + at the latest version. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: ScaleFusion MobileLock Pro - product: '' + last_updated: '2021-12-29T00:00:00' + - vendor: SonicWall + product: Access Points cves: cve-2021-4104: investigated: false @@ -80980,13 +86909,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.mobilock.in/article/t9sx43yg44-scalefusion-security-advisory-for-apache-log-4-j-vulnerability-cve-2021-44228 - notes: '' + - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 + notes: Log4j2 not used in the SonicWall Access Points references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Schneider Electric - product: EASYFIT + last_updated: '2021-12-12T00:00:00' + - vendor: SonicWall + product: Analytics cves: cve-2021-4104: investigated: false @@ -80994,9 +86923,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Current software and earlier + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -81010,13 +86938,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.se.com/us/en/download/document/7EN52-0390/ - notes: '' + - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 + notes: Under Review references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schneider Electric - product: Ecoreal XL + last_updated: '2021-12-12T00:00:00' + - vendor: SonicWall + product: Analyzer cves: cve-2021-4104: investigated: false @@ -81024,9 +86952,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Current software and earlier + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -81040,13 +86967,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.se.com/us/en/download/document/7EN52-0390/ - notes: '' + - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 + notes: Under Review references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schneider Electric - product: EcoStruxure IT Expert + last_updated: '2021-12-12T00:00:00' + - vendor: SonicWall + product: Capture Client & Capture Client Portal cves: cve-2021-4104: investigated: false @@ -81054,10 +86981,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - Cloud + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -81069,13 +86995,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] - notes: '' + vendor_links: + - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 + notes: Log4j2 not used in the Capture Client. references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schneider Electric - product: EcoStruxure IT Gateway + last_updated: '2021-12-12T00:00:00' + - vendor: SonicWall + product: Capture Security Appliance cves: cve-2021-4104: investigated: false @@ -81083,10 +87010,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - V1.5.0 to V1.13.0 + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -81099,13 +87025,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://ecostruxureit.com/download-and-set-upecostruxureit-gateway/ - notes: '' + - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 + notes: Log4j2 not used in the Capture Security appliance. references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schneider Electric - product: Eurotherm Data Reviewer + last_updated: '2021-12-12T00:00:00' + - vendor: SonicWall + product: CAS cves: cve-2021-4104: investigated: false @@ -81113,9 +87039,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - V3.0.2 and prior + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -81129,13 +87054,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.se.com/us/en/download/document/7EN52-0390/ - notes: '' + - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 + notes: Under Review references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schneider Electric - product: Facility Expert Small Business + last_updated: '2021-12-12T00:00:00' + - vendor: SonicWall + product: Email Security cves: cve-2021-4104: investigated: false @@ -81143,10 +87068,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - Cloud + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -81159,13 +87083,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.se.com/us/en/download/document/7EN52-0390/ - notes: '' + - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 + notes: ES 10.0.11 and earlier versions are impacted references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schneider Electric - product: MSE + last_updated: '2021-12-17T00:00:00' + - vendor: SonicWall + product: Gen5 Firewalls (EOS) cves: cve-2021-4104: investigated: false @@ -81173,9 +87097,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Current software and earlier + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -81189,13 +87112,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.se.com/us/en/download/document/7EN52-0390/ - notes: '' + - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 + notes: Log4j2 not used in the appliance. references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schneider Electric - product: NetBotz750/755 + last_updated: '2021-12-12T00:00:00' + - vendor: SonicWall + product: Gen6 Firewalls cves: cve-2021-4104: investigated: false @@ -81203,9 +87126,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Software versions 5.0 through 5.3.0 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -81219,13 +87141,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.se.com/us/en/download/document/7EN52-0390/ - notes: '' + - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 + notes: Log4j2 not used in the appliance. references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schneider Electric - product: NEW630 + last_updated: '2021-12-12T00:00:00' + - vendor: SonicWall + product: Gen7 Firewalls cves: cve-2021-4104: investigated: false @@ -81233,9 +87155,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Current software and earlier + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -81249,13 +87170,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.se.com/us/en/download/document/7EN52-0390/ - notes: '' + - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 + notes: Log4j2 not used in the appliance. references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schneider Electric - product: SDK BOM + last_updated: '2021-12-12T00:00:00' + - vendor: SonicWall + product: GMS cves: cve-2021-4104: investigated: false @@ -81263,9 +87184,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Current software and earlier + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -81279,13 +87199,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.se.com/us/en/download/document/7EN52-0390/ - notes: '' + - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 + notes: Under Review references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schneider Electric - product: SDK-Docgen + last_updated: '2021-12-12T00:00:00' + - vendor: SonicWall + product: MSW cves: cve-2021-4104: investigated: false @@ -81293,9 +87213,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Current software and earlier + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -81309,13 +87228,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.se.com/us/en/download/document/7EN52-0390/ - notes: '' + - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 + notes: Mysonicwall service doesn't use Log4j references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schneider Electric - product: SDK-TNC + last_updated: '2021-12-12T00:00:00' + - vendor: SonicWall + product: NSM cves: cve-2021-4104: investigated: false @@ -81323,9 +87242,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Current software and earlier + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -81339,13 +87257,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.se.com/us/en/download/document/7EN52-0390/ - notes: '' + - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 + notes: NSM On-Prem and SaaS doesn't use a vulnerable version references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schneider Electric - product: SDK-UMS + last_updated: '2021-12-12T00:00:00' + - vendor: SonicWall + product: SMA 100 cves: cve-2021-4104: investigated: false @@ -81353,9 +87271,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Current software and earlier + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -81369,13 +87286,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.se.com/us/en/download/document/7EN52-0390/ - notes: '' + - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 + notes: Log4j2 not used in the SMA100 appliance. references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schneider Electric - product: SDK3D2DRenderer + last_updated: '2021-12-12T00:00:00' + - vendor: SonicWall + product: SMA 1000 cves: cve-2021-4104: investigated: false @@ -81383,9 +87300,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Current software and earlier + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -81399,13 +87315,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.se.com/us/en/download/document/7EN52-0390/ - notes: '' + - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 + notes: Version 12.1.0 and 12.4.1 doesn't use a vulnerable version references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schneider Electric - product: SDK3D360Widget + last_updated: '2021-12-12T00:00:00' + - vendor: SonicWall + product: SonicCore cves: cve-2021-4104: investigated: false @@ -81413,9 +87329,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Current software and earlier + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -81429,13 +87344,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.se.com/us/en/download/document/7EN52-0390/ - notes: '' + - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 + notes: SonicCore doesn't use a Log4j2 references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schneider Electric - product: Select and Config DATA + last_updated: '2021-12-12T00:00:00' + - vendor: SonicWall + product: SonicWall Switch cves: cve-2021-4104: investigated: false @@ -81443,9 +87358,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Current software and earlier + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -81459,13 +87373,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.se.com/us/en/download/document/7EN52-0390/ - notes: '' + - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 + notes: Log4j2 not used in the SonicWall Switch. references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schneider Electric - product: SNC-API + last_updated: '2021-12-12T00:00:00' + - vendor: SonicWall + product: WAF cves: cve-2021-4104: investigated: false @@ -81473,9 +87387,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Current software and earlier + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -81489,13 +87402,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.se.com/us/en/download/document/7EN52-0390/ - notes: '' + - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 + notes: Under Review references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schneider Electric - product: SNC-CMM + last_updated: '2021-12-12T00:00:00' + - vendor: SonicWall + product: WNM cves: cve-2021-4104: investigated: false @@ -81503,9 +87416,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Current software and earlier + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -81519,13 +87431,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.se.com/us/en/download/document/7EN52-0390/ - notes: '' + - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 + notes: Log4j2 not used in the WNM. references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schneider Electric - product: SNCSEMTECH + last_updated: '2021-12-12T00:00:00' + - vendor: SonicWall + product: WXA cves: cve-2021-4104: investigated: false @@ -81533,9 +87445,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Current software and earlier + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -81549,13 +87460,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.se.com/us/en/download/document/7EN52-0390/ - notes: '' + - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 + notes: WXA doesn't use a vulnerable version references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schneider Electric - product: SPIMV3 + last_updated: '2021-12-12T00:00:00' + - vendor: Sophos + product: Cloud Optix cves: cve-2021-4104: investigated: false @@ -81563,9 +87474,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Current software and earlier + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -81579,13 +87489,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.se.com/us/en/download/document/7EN52-0390/ - notes: '' + - https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce + notes: Users may have noticed a brief outage around 12:30 GMT as updates were + deployed. There was no evidence that the vulnerability was exploited and to + our knowledge no customers are impacted. references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schneider Electric - product: SWBEditor + last_updated: '2021-12-12T00:00:00' + - vendor: Sophos + product: Reflexion cves: cve-2021-4104: investigated: false @@ -81593,9 +87505,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Current software and earlier + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -81609,13 +87520,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.se.com/us/en/download/document/7EN52-0390/ - notes: '' + - https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce + notes: Reflexion does not run an exploitable configuration. references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schneider Electric - product: SWBEngine + last_updated: '2021-12-12T00:00:00' + - vendor: Sophos + product: SG UTM (all versions) cves: cve-2021-4104: investigated: false @@ -81623,9 +87534,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Current software and earlier + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -81639,13 +87549,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.se.com/us/en/download/document/7EN52-0390/ - notes: '' + - https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce + notes: Sophos SG UTM does not use Log4j. references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schneider Electric - product: Wiser by SE platform + last_updated: '2021-12-12T00:00:00' + - vendor: Sophos + product: SG UTM Manager (SUM) (all versions) cves: cve-2021-4104: investigated: false @@ -81655,9 +87565,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - Cloud - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - All versions cve-2021-45046: investigated: false affected_versions: [] @@ -81668,13 +87578,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] - notes: '' + vendor_links: + - https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce + notes: SUM does not use Log4j. references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schweitzer Engineering Laboratories - product: '' + last_updated: '2021-12-12T00:00:00' + - vendor: Sophos + product: Sophos Central cves: cve-2021-4104: investigated: false @@ -81697,13 +87608,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://selinc.com/support/security-notifications/ - notes: '' + - https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce + notes: Sophos Central does not run an exploitable configuration. references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: SCM Manager - product: '' + last_updated: '2021-12-12T00:00:00' + - vendor: Sophos + product: Sophos Firewall (all versions) cves: cve-2021-4104: investigated: false @@ -81726,13 +87637,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://scm-manager.org/blog/posts/2021-12-13-log4shell/ - notes: '' + - https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce + notes: Sophos Firewall does not use Log4j. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: ScreenBeam - product: '' + last_updated: '2021-12-12T00:00:00' + - vendor: Sophos + product: Sophos Home cves: cve-2021-4104: investigated: false @@ -81755,13 +87666,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://customersupport.screenbeam.com/hc/en-us/articles/4416468085389-December-2021-Security-Alert-Log4j-CVE-2021-44228 - notes: '' + - https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce + notes: Sophos Home does not use Log4j. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: SDL worldServer - product: '' + last_updated: '2021-12-12T00:00:00' + - vendor: Sophos + product: Sophos Mobile cves: cve-2021-4104: investigated: false @@ -81784,13 +87695,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://gateway.sdl.com/apex/communityknowledge?articleName=000017707 - notes: '' + - https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce + notes: Sophos Mobile (in Central, SaaS, and on-premises) does not run an exploitable + configuration. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Seagull Scientific - product: '' + last_updated: '2021-12-12T00:00:00' + - vendor: Sophos + product: Sophos Mobile EAS Proxy cves: cve-2021-4104: investigated: false @@ -81798,8 +87710,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - < 9.7.2 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -81813,13 +87726,17 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.seagullscientific.com/hc/en-us/articles/4415794235543-Apache-Log4Shell-Vulnerability - notes: '' + - https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce + notes: The Sophos Mobile EAS Proxy, running in Traffic Mode, is affected. Customers + will need to download and install version 9.7.2, available from Monday December + 13, 2021, on the same machine where it is currently running. PowerShell mode + is not affected. Customers can download the Standalone EAS Proxy Installer version + 9.7.2 from the Sophos website. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: SecurePoint - product: '' + last_updated: '2021-12-12T00:00:00' + - vendor: Sophos + product: Sophos ZTNA cves: cve-2021-4104: investigated: false @@ -81842,12 +87759,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.securepoint.de/news/details/sicherheitsluecke-log4j-securepoint-loesungen-nicht-betroffen.html - notes: '' + - https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce + notes: Sophos ZTNA does not use Log4j. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Security Onion + last_updated: '2021-12-12T00:00:00' + - vendor: SOS Berlin product: '' cves: cve-2021-4104: @@ -81871,13 +87788,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.securityonion.net/2021/12/security-onion-2390-20211210-hotfix-now.html + - https://www.sos-berlin.com/en/news-mitigation-log4j-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Securonix - product: Extended Detection and Response (XDR) + - vendor: Spacelabs Healthcare + product: ABP cves: cve-2021-4104: investigated: false @@ -81886,10 +87803,12 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - All + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - OnTrak + - 90217A + - and 90207 cve-2021-45046: investigated: false affected_versions: [] @@ -81901,13 +87820,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.securonix.com/wp-content/uploads/2021/12/CVE-2021-44228-Securonix-Cloud-Customer-Update.pdf - notes: Patching ongoing as of 12/10/2021 + - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + notes: '' references: - '' - last_updated: '2021-12-10T00:00:00' - - vendor: Securonix - product: Next Gen SIEM + last_updated: '2022-01-05T00:00:00' + - vendor: Spacelabs Healthcare + product: CardioExpress cves: cve-2021-4104: investigated: false @@ -81916,10 +87835,12 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - All + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - SL6A + - SL12A + - and SL18A cve-2021-45046: investigated: false affected_versions: [] @@ -81931,13 +87852,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.securonix.com/wp-content/uploads/2021/12/CVE-2021-44228-Securonix-Cloud-Customer-Update.pdf - notes: Patching ongoing as of 12/10/2021 + - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + notes: '' references: - '' - last_updated: '2021-12-10T00:00:00' - - vendor: Securonix - product: Security Analytics and Operations Platform (SOAR) + last_updated: '2022-01-05T00:00:00' + - vendor: Spacelabs Healthcare + product: DM3 and DM4 Monitors cves: cve-2021-4104: investigated: false @@ -81945,9 +87866,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - All + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -81961,13 +87881,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.securonix.com/wp-content/uploads/2021/12/CVE-2021-44228-Securonix-Cloud-Customer-Update.pdf - notes: Patching ongoing as of 12/10/2021 + - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + notes: '' references: - '' - last_updated: '2021-12-10T00:00:00' - - vendor: Securonix - product: SNYPR Application + last_updated: '2022-01-05T00:00:00' + - vendor: Spacelabs Healthcare + product: Eclipse Pro cves: cve-2021-4104: investigated: false @@ -81990,13 +87910,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.securonix.com/wp-content/uploads/2021/12/CVE-2021-44228-Securonix-OnPrem-Customer-Update.pdf + - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ notes: '' references: - '' - last_updated: '2021-12-10T00:00:00' - - vendor: Securonix - product: User and Entity Behavior Analytics(UEBA) + last_updated: '2022-01-05T00:00:00' + - vendor: Spacelabs Healthcare + product: EVO cves: cve-2021-4104: investigated: false @@ -82004,9 +87924,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - All + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -82020,13 +87939,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.securonix.com/wp-content/uploads/2021/12/CVE-2021-44228-Securonix-Cloud-Customer-Update.pdf - notes: Patching ongoing as of 12/10/2021 + - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + notes: '' references: - '' - last_updated: '2021-12-10T00:00:00' - - vendor: Seeburger - product: '' + last_updated: '2022-01-05T00:00:00' + - vendor: Spacelabs Healthcare + product: Intesys Clinical Suite (ICS) cves: cve-2021-4104: investigated: false @@ -82049,14 +87968,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://servicedesk.seeburger.de/portal/en-US/Knowledge/Article/?defId=101040&id=25486312&COMMAND=Open - notes: This advisory is available to customers only and has not been reviewed - by CISA. + - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: SentinelOne - product: '' + last_updated: '2022-01-05T00:00:00' + - vendor: Spacelabs Healthcare + product: Intesys Clinical Suite (ICS) Clinical Access Workstations cves: cve-2021-4104: investigated: false @@ -82079,13 +87997,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.sentinelone.com/blog/cve-2021-44228-staying-secure-apache-log4j-vulnerability/ + - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Sentry - product: '' + last_updated: '2022-01-05T00:00:00' + - vendor: Spacelabs Healthcare + product: Lifescreen Pro cves: cve-2021-4104: investigated: false @@ -82108,13 +88026,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.sentry.io/2021/12/15/sentrys-response-to-log4j-vulnerability-cve-2021-44228 + - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: SEP - product: '' + last_updated: '2022-01-05T00:00:00' + - vendor: Spacelabs Healthcare + product: Pathfinder SL cves: cve-2021-4104: investigated: false @@ -82137,13 +88055,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.sep.de/otrs/public.pl?Action=PublicFAQZoom;ItemID=132 + - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Server Eye - product: '' + last_updated: '2022-01-05T00:00:00' + - vendor: Spacelabs Healthcare + product: Qube cves: cve-2021-4104: investigated: false @@ -82151,10 +88069,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '91390' cve-2021-45046: investigated: false affected_versions: [] @@ -82166,13 +88085,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.server-eye.de/blog/sicherheitsluecke-log4j-server-eye-systeme-sind-nicht-betroffen/ + - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: ServiceNow - product: '' + last_updated: '2022-01-05T00:00:00' + - vendor: Spacelabs Healthcare + product: Qube Mini cves: cve-2021-4104: investigated: false @@ -82180,10 +88099,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '91389' cve-2021-45046: investigated: false affected_versions: [] @@ -82195,13 +88115,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1000959 + - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Shibboleth - product: '' + last_updated: '2022-01-05T00:00:00' + - vendor: Spacelabs Healthcare + product: SafeNSound cves: cve-2021-4104: investigated: false @@ -82209,9 +88129,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 4.3.1 unaffected_versions: [] cve-2021-45046: investigated: false @@ -82224,13 +88145,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - http://shibboleth.net/pipermail/announce/2021-December/000253.html - notes: '' + - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + notes: Version >4.3.1 - Not Affected references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Shibboleth - product: All Products + last_updated: '2022-01-05T00:00:00' + - vendor: Spacelabs Healthcare + product: Sentinel cves: cve-2021-4104: investigated: false @@ -82238,12 +88159,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - Identity Provider>=3.0 - - All other software versions + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -82255,13 +88174,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://shibboleth.net/pipermail/announce/2021-December/000253.html + - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ notes: '' references: - '' - last_updated: '2021-12-10T00:00:00' - - vendor: Shopify - product: '' + last_updated: '2022-01-05T00:00:00' + - vendor: Spacelabs Healthcare + product: Spacelabs Cloud cves: cve-2021-4104: investigated: false @@ -82284,13 +88203,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.shopify.com/c/technical-q-a/is-shopify-affected-by-the-log4j-vulnerability/td-p/1417625 + - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Siebel - product: '' + last_updated: '2022-01-05T00:00:00' + - vendor: Spacelabs Healthcare + product: Ultraview SL cves: cve-2021-4104: investigated: false @@ -82298,10 +88217,14 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '91367' + - '91369' + - '91370' + - and 91387 cve-2021-45046: investigated: false affected_versions: [] @@ -82313,13 +88236,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siebelhub.com/main/2021/12/log4j-vulnerability-cve-2021-44228-and-siebel-crm.html + - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Siemens - product: Affected Products + last_updated: '2022-01-05T00:00:00' + - vendor: Spacelabs Healthcare + product: Xhibit Telemetry Receiver (XTR) cves: cve-2021-4104: investigated: false @@ -82327,10 +88250,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '96280' cve-2021-45046: investigated: false affected_versions: [] @@ -82342,14 +88266,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf - notes: 'Siemens requests: See pdf for the complete list of affected products, - CSAF for automated parsing of data' + - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Siemens - product: Affected Products + last_updated: '2022-01-05T00:00:00' + - vendor: Spacelabs Healthcare + product: Xhibit, XC4 cves: cve-2021-4104: investigated: false @@ -82357,10 +88280,12 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - Xhibit 96102 + - XC4 96501 cve-2021-45046: investigated: false affected_versions: [] @@ -82372,14 +88297,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf - notes: 'Siemens requests: See pdf for the complete list of affected products, - CSAF for automated parsing of data' + - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + notes: '' references: - '' - last_updated: '2021-12-19T00:00:00' - - vendor: Siemens Energy - product: Affected Products + last_updated: '2022-01-05T00:00:00' + - vendor: Spacelabs Healthcare + product: XprezzNet cves: cve-2021-4104: investigated: false @@ -82387,10 +88311,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '96190' cve-2021-45046: investigated: false affected_versions: [] @@ -82402,14 +88327,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf - notes: 'Siemens requests: See pdf for the complete list of affected products, - CSAF for automated parsing of data' + - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Siemens Energy - product: Affected Products + last_updated: '2022-01-05T00:00:00' + - vendor: Spacelabs Healthcare + product: Xprezzon cves: cve-2021-4104: investigated: false @@ -82417,10 +88341,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '91393' cve-2021-45046: investigated: false affected_versions: [] @@ -82432,14 +88357,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf - notes: 'Siemens requests: See pdf for the complete list of affected products, - CSAF for automated parsing of data' + - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Siemens Energy - product: Affected Products + last_updated: '2022-01-05T00:00:00' + - vendor: Spambrella + product: '' cves: cve-2021-4104: investigated: false @@ -82462,14 +88386,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf - notes: 'Siemens requests: See pdf for the complete list of affected products, - CSAF for automated parsing of data' + - https://www.spambrella.com/faq/status-of-spambrella-products-with-cve-2021-44228/ + notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Siemens Healthineers - product: ATELLICA DATA MANAGER v1.1.1 / v1.2.1 / v1.3.1 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Spigot + product: '' cves: cve-2021-4104: investigated: false @@ -82492,15 +88415,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: If you have determined that your Atellica Data Manager has a “Java communication - engine” service, and you require an immediate mitigation, then please contact - your Siemens Customer Care Center or your local Siemens technical support representative. + - https://www.spigotmc.org/threads/spigot-security-releases-%E2%80%94-1-8-8%E2%80%931-18.537204/ + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: CENTRALINK v16.0.2 / v16.0.3 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Splunk + product: Data Stream Processor cves: cve-2021-4104: investigated: false @@ -82508,8 +88429,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - DSP 1.0.x + - DSP 1.1.x + - DSP 1.2.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -82523,15 +88447,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: If you have determined that your CentraLink has a “Java communication engine” - service, and you require a mitigation, then please contact your Siemens Customer - Care Center or your local Siemens technical support representative. + - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: Cios Flow S1 / Alpha / Spin VA30 + last_updated: '2021-12-30T08:20:00-08:00' + - vendor: Splunk + product: IT Essentials Work [App ID 5403](https://splunkbase.splunk.com/app/5403/) cves: cve-2021-4104: investigated: false @@ -82539,8 +88461,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '4.11' + - 4.10.x (Cloud only) + - 4.9.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -82554,13 +88479,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: evaluation ongoing + - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: Cios Select FD/I.I. VA21 / VA21-S3P + last_updated: '2021-12-30T08:20:00-08:00' + - vendor: Splunk + product: IT Service Intelligence (ITSI) [App ID 1841](https://splunkbase.splunk.com/app/1841/) cves: cve-2021-4104: investigated: false @@ -82568,8 +88493,15 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 4.11.0 + - 4.10.x (Cloud only) + - 4.9.x + - 4.8.x (Cloud only) + - 4.7.x + - 4.6.x + - 4.5.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -82583,13 +88515,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: evaluation ongoing + - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: DICOM Proxy VB10A + last_updated: '2021-12-30T08:20:00-08:00' + - vendor: Splunk + product: Splunk Add-On for Java Management Extensions [App ID 2647](https://splunkbase.splunk.com/app/2647) cves: cve-2021-4104: investigated: false @@ -82597,8 +88529,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 5.2.0 and older fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -82612,13 +88545,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'Workaround: remove the vulnerable class from the .jar file' + - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: go.All, Som10 VA20 / VA30 / VA40 + last_updated: '2021-12-30T08:20:00-08:00' + - vendor: Splunk + product: Splunk Add-On for Tomcat [App ID 2911](https://splunkbase.splunk.com/app/2911/) cves: cve-2021-4104: investigated: false @@ -82626,8 +88559,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 3.0.0 and older fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -82641,14 +88575,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'Workaround: In the meantime, we recommend preventing access to port 8090 - from other devices by configuration of the hospital network.' + - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: go.Fit, Som10 VA30 + last_updated: '2021-12-30T08:20:00-08:00' + - vendor: Splunk + product: Splunk Application Performance Monitoring cves: cve-2021-4104: investigated: false @@ -82656,8 +88589,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - Current fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -82671,14 +88605,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'Workaround: In the meantime, we recommend preventing access to port 8090 - from other devices by configuration of the hospital network.' + - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: go.Now, Som10 VA10 / VA20 / VA30 / VA40 + last_updated: '2021-12-30T08:20:00-08:00' + - vendor: Splunk + product: Splunk Connect for Kafka cves: cve-2021-4104: investigated: false @@ -82686,8 +88619,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - All versions prior to 2.0.4 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -82701,14 +88635,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'Workaround: In the meantime, we recommend preventing access to port 8090 - from other devices by configuration of the hospital network.' + - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: go.Open Pro, Som10 VA30 / VA40 + last_updated: '2021-12-30T08:20:00-08:00' + - vendor: Splunk + product: Splunk Enterprise (including instance types like Heavy Forwarders) cves: cve-2021-4104: investigated: false @@ -82716,8 +88649,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - All supported non-Windows versions of 8.1.x and 8.2.x only if DFS is used. + See Removing Log4j from Splunk Enterprise below for guidance on unsupported + versions. fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -82731,14 +88667,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'Workaround: In the meantime, we recommend preventing access to port 8090 - from other devices by configuration of the hospital network.' + - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: go.Sim, Som10 VA30 / VA40 + last_updated: '2021-12-30T08:20:00-08:00' + - vendor: Splunk + product: Splunk Enterprise Amazon Machine Image (AMI) cves: cve-2021-4104: investigated: false @@ -82746,8 +88681,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - See Splunk Enterprise fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -82761,14 +88697,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'Workaround: In the meantime, we recommend preventing access to port 8090 - from other devices by configuration of the hospital network.' + - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: go.Top, Som10 VA20 / VA20A_SP5 / VA30 / VA40 + last_updated: '2021-12-30T08:20:00-08:00' + - vendor: Splunk + product: Splunk Enterprise Docker Container cves: cve-2021-4104: investigated: false @@ -82776,8 +88711,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - See Splunk Enterprise fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -82791,14 +88727,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'Workaround: In the meantime, we recommend preventing access to port 8090 - from other devices by configuration of the hospital network.' + - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: go.Up, Som10 VA10 / VA20 / VA30 / VA40 + last_updated: '2021-12-30T08:20:00-08:00' + - vendor: Splunk + product: Splunk Infrastructure Monitoring cves: cve-2021-4104: investigated: false @@ -82806,8 +88741,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - Current fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -82821,15 +88757,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'Workaround: In the meantime, we recommend preventing access to port 8090 - from other devices by configuration of the hospital network.' + - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: MAGNETOM AERA 1,5T, MAGNETOM PRISMA, MAGNETOM PRISMA FIT, MAGNETOM SKYRA - 3T NUMARIS/X VA30A + last_updated: '2021-12-30T08:20:00-08:00' + - vendor: Splunk + product: Splunk Log Observer cves: cve-2021-4104: investigated: false @@ -82837,8 +88771,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - Current fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -82852,15 +88787,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'LOG4J is used in the context of the help system. Workaround: close port - 8090 for standalone systems. Setup IP whitelisting for "need to access" systems - to network port 8090 in case a second console is connected.' + - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: MAGNETOM Altea NUMARIS/X VA20A + last_updated: '2021-12-30T08:20:00-08:00' + - vendor: Splunk + product: Splunk Logging Library for Java cves: cve-2021-4104: investigated: false @@ -82868,8 +88801,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 1.11.0 and older fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -82883,16 +88817,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'LOG4J is used in the context of the help system. Workaround: close port - 8090 for standalone systems. Setup IP whitelisting for "need to access" systems - to network port 8090 in case a second console is connected.' + - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: MAGNETOM ALTEA, MAGNETOM LUMINA, MAGNETOM SOLA, MAGNETOM VIDA NUMARIS/X - VA31A + last_updated: '2021-12-30T08:20:00-08:00' + - vendor: Splunk + product: Splunk On-call / VictorOps cves: cve-2021-4104: investigated: false @@ -82900,8 +88831,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - Current fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -82915,15 +88847,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'LOG4J is used in the context of the help system. Workaround: close port - 8090 for standalone systems. Setup IP whitelisting for "need to access" systems - to network port 8090 in case a second console is connected.' + - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: MAGNETOM Amira NUMARIS/X VA12M + last_updated: '2021-12-30T08:20:00-08:00' + - vendor: Splunk + product: Splunk OVA for VMWare [App ID 3216](https://splunkbase.splunk.com/app/3216/) cves: cve-2021-4104: investigated: false @@ -82931,8 +88861,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 4.0.3 and older fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -82946,15 +88877,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'LOG4J is used in the context of the help system. Workaround: close port - 8090 for standalone systems. Setup IP whitelisting for "need to access" systems - to network port 8090 in case a second console is connected.' + - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: MAGNETOM Free.Max NUMARIS/X VA40 + last_updated: '2021-12-30T08:20:00-08:00' + - vendor: Splunk + product: Splunk OVA for VMWare Metrics [App ID 5096](https://splunkbase.splunk.com/app/5096/) cves: cve-2021-4104: investigated: false @@ -82962,8 +88891,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 4.2.1 and older fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -82977,15 +88907,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'LOG4J is used in the context of the help system. Workaround: close port - 8090 for standalone systems. Setup IP whitelisting for "need to access" systems - to network port 8090 in case a second console is connected.' + - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: MAGNETOM Lumina NUMARIS/X VA20A + last_updated: '2021-12-30T08:20:00-08:00' + - vendor: Splunk + product: Splunk Real User Monitoring cves: cve-2021-4104: investigated: false @@ -82993,8 +88921,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - Current fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -83008,15 +88937,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'LOG4J is used in the context of the help system. Workaround: close port - 8090 for standalone systems. Setup IP whitelisting for "need to access" systems - to network port 8090 in case a second console is connected.' + - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: MAGNETOM Sempra NUMARIS/X VA12M + last_updated: '2021-12-30T08:20:00-08:00' + - vendor: Splunk + product: Splunk Splunk Add-On for JBoss [App ID 2954](https://splunkbase.splunk.com/app/2954/) cves: cve-2021-4104: investigated: false @@ -83024,8 +88951,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 3.0.0 and older fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -83039,15 +88967,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'LOG4J is used in the context of the help system. Workaround: close port - 8090 for standalone systems. Setup IP whitelisting for "need to access" systems - to network port 8090 in case a second console is connected.' + - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: MAGNETOM Sola fit NUMARIS/X VA20A + last_updated: '2021-12-30T08:20:00-08:00' + - vendor: Splunk + product: Splunk Synthetics cves: cve-2021-4104: investigated: false @@ -83055,8 +88981,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - Current fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -83070,15 +88997,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'LOG4J is used in the context of the help system. Workaround: close port - 8090 for standalone systems. Setup IP whitelisting for "need to access" systems - to network port 8090 in case a second console is connected.' + - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: MAGNETOM Sola NUMARIS/X VA20A + last_updated: '2021-12-30T08:20:00-08:00' + - vendor: Splunk + product: Splunk UBA OVA Software cves: cve-2021-4104: investigated: false @@ -83086,8 +89011,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 5.0.3a + - 5.0.0 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -83101,15 +89028,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'LOG4J is used in the context of the help system. Workaround: close port - 8090 for standalone systems. Setup IP whitelisting for "need to access" systems - to network port 8090 in case a second console is connected.' + - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: MAGNETOM Vida fit NUMARIS/X VA20A + last_updated: '2021-12-30T08:20:00-08:00' + - vendor: Splunk + product: Splunk VMWare OVA for ITSI [App ID 4760](https://splunkbase.splunk.com/app/4760/) cves: cve-2021-4104: investigated: false @@ -83117,8 +89042,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 1.1.1 and older fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -83132,15 +89058,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'LOG4J is used in the context of the help system. Workaround: close port - 8090 for standalone systems. Setup IP whitelisting for "need to access" systems - to network port 8090 in case a second console is connected.' + - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: MAGNETOM Vida NUMARIS/X VA10A* / VA20A + last_updated: '2021-12-30T08:20:00-08:00' + - vendor: Sprecher Automation + product: '' cves: cve-2021-4104: investigated: false @@ -83163,15 +89087,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'LOG4J is used in the context of the help system. Workaround: close port - 8090 for standalone systems. Setup IP whitelisting for "need to access" systems - to network port 8090 in case a second console is connected.' + - https://www.sprecher-automation.com/en/it-security/security-alerts + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: SENSIS DMCC / DMCM / TS / VM / PPWS / DS VD12A + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Spring + product: Spring Boot cves: cve-2021-4104: investigated: false @@ -83194,13 +89116,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: evaluation ongoing + - https://spring.io/blog/2021/12/10/log4j2-vulnerability-and-spring-boot + notes: Spring Boot users are only affected by this vulnerability if they have + switched the default logging system to Log4J2 references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: Somatom Emotion Som5 VC50 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Spring Boot + product: '' cves: cve-2021-4104: investigated: false @@ -83223,13 +89146,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: evaluation ongoing + - https://spring.io/blog/2021/12/10/log4j2-vulnerability-and-spring-boot + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: Somatom Scope Som5 VC50 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: StarDog + product: '' cves: cve-2021-4104: investigated: false @@ -83252,13 +89175,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: evaluation ongoing + - https://community.stardog.com/t/stardog-7-8-1-available/3411 + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: Syngo Carbon Space VA10A / VA10A-CUT2 / VA20A + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: STERIS + product: Advantage cves: cve-2021-4104: investigated: false @@ -83281,13 +89204,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'Workaround: remove the vulnerable class from the .jar file' + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: Syngo MobileViewer VA10A + - vendor: STERIS + product: Advantage Plus cves: cve-2021-4104: investigated: false @@ -83310,14 +89233,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: The vulnerability will be patch/mitigated in upcoming releases\patches. + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: syngo Plaza VB20A / VB20A_HF01 - HF07 / VB30A / VB30A_HF01 / VB30A_HF02 - / VB30B / VB30C / VB30C_HF01 - HF06 / VB30C_HF91 + - vendor: STERIS + product: AMSCO 2000 SERIES WASHER DISINFECTORS cves: cve-2021-4104: investigated: false @@ -83340,14 +89262,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'Workaround: remove the vulnerable class from the .jar file' + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: syngo Workflow MLR VB37A / VB37A_HF01 / VB37A_HF02 / VB37B / VB37B_HF01 - - HF07 / VB37B_HF93 / VB37B_HF94 / VB37B_HF96 + - vendor: STERIS + product: AMSCO 3000 SERIES WASHER DISINFECTORS cves: cve-2021-4104: investigated: false @@ -83370,16 +89291,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: Please contact your Customer Service to get support on mitigating the vulnerability. + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: syngo.via VB20A / VB20A_HF01 - HF08 / VB20A_HF91 / VB20B / VB30A / VB30A_HF01 - - VB30A_HF08 / VB30A_HF91VB30B / VB30B_HF01 / VB40A / VB40A_HF01 - HF02 /VB40B - / VB40B_HF01 - HF05 / VB50A / VB50A_CUT / VB50A_D4VB50B / VB50B_HF01 - HF03 - / VB60A / VB60A_CUT / VB60A_D4 / VB60A_HF01 + - vendor: STERIS + product: AMSCO 400 MEDIUM STEAM STERILIZER cves: cve-2021-4104: investigated: false @@ -83402,13 +89320,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'Workaround: remove the vulnerable class from the .jar file' + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: syngo.via WebViewer VA13B / VA20A / VA20B + - vendor: STERIS + product: AMSCO 400 SMALL STEAM STERILIZERS cves: cve-2021-4104: investigated: false @@ -83431,13 +89349,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'Workaround: remove the vulnerable class from the .jar file' + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: X.Ceed Somaris 10 VA40* + - vendor: STERIS + product: AMSCO 5000 SERIES WASHER DISINFECTORS cves: cve-2021-4104: investigated: false @@ -83460,14 +89378,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'Workaround: In the meantime, we recommend preventing access to port 8090 - from other devices by configuration of the hospital network.' + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: X.Cite Somaris 10 VA30*/VA40* + - vendor: STERIS + product: AMSCO 600 MEDIUM STEAM STERILIZER cves: cve-2021-4104: investigated: false @@ -83490,14 +89407,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'Workaround: In the meantime, we recommend preventing access to port 8090 - from other devices by configuration of the hospital network.' + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Sierra Wireless - product: '' + - vendor: STERIS + product: AMSCO 7000 SERIES WASHER DISINFECTORS cves: cve-2021-4104: investigated: false @@ -83520,13 +89436,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2021-007/ + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Sierra Wireless - product: AirVantage and Octave cloud platforms + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: AMSCO CENTURY MEDIUM STEAM STERILIZER cves: cve-2021-4104: investigated: false @@ -83549,14 +89465,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2021-007/#sthash.iT98k4HP.dpbs - notes: These systems do not operate with the specific non-standard configuration - required for CVE-2021-25046 and hence were not vulnerable to it. + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Sierra Wireless - product: AM/AMM servers + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: AMSCO CENTURY SMALL STEAM STERILIZER cves: cve-2021-4104: investigated: false @@ -83579,13 +89494,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2021-007/#sthash.iT98k4HP.dpbs + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Signald - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: AMSCO EAGLE 3000 SERIES STAGE 3 STEAM STERILIZERS cves: cve-2021-4104: investigated: false @@ -83608,13 +89523,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://gitlab.com/signald/signald/-/issues/259 + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Silver Peak - product: Orchestrator, Silver Peak GMS + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: AMSCO EVOLUTION FLOOR LOADER STEAM STERILIZER cves: cve-2021-4104: investigated: false @@ -83637,16 +89552,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.arubanetworks.com/website/techdocs/sdwan/docs/advisories/media/security_advisory_notice_apache_log4j2_cve_2021_44228.pdf - notes: Customer managed Orchestrator and legacy GMS products are affected by this - vulnerability. This includes on-premise and customer managed instances running - in public cloud services such as AWS, Azure, Google, or Oracle Cloud. See Corrective - Action Required for details about how to mitigate this exploit. + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: SingleWire - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: AMSCO EVOLUTION MEDIUM STEAM STERILIZER cves: cve-2021-4104: investigated: false @@ -83669,14 +89581,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.singlewire.com/s/article/Apache-Log4j2-vulnerability-CVE-2021-44228 - notes: This advisory is available to customers only and has not been reviewed - by CISA + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: SISCO - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: Canexis 1.0 cves: cve-2021-4104: investigated: false @@ -83699,13 +89610,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://sisconet.com/sisco-news/log4j/ + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Sitecore - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: CELERITY HP INCUBATOR cves: cve-2021-4104: investigated: false @@ -83728,13 +89639,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1001391 + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Skillable - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: CELERITY STEAM INCUBATOR cves: cve-2021-4104: investigated: false @@ -83757,13 +89668,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://skillable.com/log4shell/ + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: SLF4J - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: CER Optima cves: cve-2021-4104: investigated: false @@ -83786,43 +89697,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - http://slf4j.org/log4shell.html - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Slurm - product: Slurm - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - 20.11.8 - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://slurm.schedmd.com/documentation.html + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: SMA Solar Technology AG - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: Clarity Software cves: cve-2021-4104: investigated: false @@ -83845,13 +89726,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://files.sma.de/downloads/HK_Log4j-en-10.pdf?_ga=2.237963714.352491368.1640298543-2015796445.1640298540 + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: SmartBear - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: Connect Software cves: cve-2021-4104: investigated: false @@ -83874,13 +89755,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://smartbear.com/security/cve-2021-44228/ + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: SmileCDR - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: ConnectAssure Technology cves: cve-2021-4104: investigated: false @@ -83903,13 +89784,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.smilecdr.com/our-blog/a-statement-on-log4shell-cve-2021-44228 + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Sn0m - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: ConnectoHIS cves: cve-2021-4104: investigated: false @@ -83932,13 +89813,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.snom.com/en/press/log4j-poses-no-threat-snom-phones/ + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Snakemake - product: Snakemake + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: CS-iQ Sterile Processing Workflow cves: cve-2021-4104: investigated: false @@ -83946,11 +89827,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - 6.12.1 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -83962,13 +89842,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://snakemake.readthedocs.io/en/stable/ + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Snow Software - product: Snow Commander + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: DSD Edge cves: cve-2021-4104: investigated: false @@ -83976,10 +89856,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - 8.1 to 8.10.2 + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -83992,13 +89871,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.snowsoftware.com/s/feed/0D5690000B4U6hUCQS + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Snow Software - product: VM Access Proxy + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: DSD-201, cves: cve-2021-4104: investigated: false @@ -84006,10 +89885,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - v3.1 to v3.6 + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -84022,13 +89900,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.snowsoftware.com/s/feed/0D5690000B4U6hUCQS + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Snowflake - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: EndoDry cves: cve-2021-4104: investigated: false @@ -84051,13 +89929,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.snowflake.com/s/article/No-Snowflake-exposure-to-Apache-Log4j-vulnerability-CVE-2021-44228 + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Snyk - product: Cloud Platform + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: Endora cves: cve-2021-4104: investigated: false @@ -84080,13 +89958,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://updates.snyk.io/snyk%27s-cloud-platform-all-clear-from-log4j-exploits-216499 + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Software AG - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: Harmony iQ Integration Systems cves: cve-2021-4104: investigated: false @@ -84109,13 +89987,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tech.forums.softwareag.com/t/log4j-zero-day-vulnerability/253849 + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: SolarWinds - product: Database Performance Analyzer (DPA) + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: Harmony iQ Perspectives Image Management System cves: cve-2021-4104: investigated: false @@ -84123,11 +90001,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 2021.1.x - - 2021.3.x - - 2022.1.x + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -84141,13 +90016,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.solarwinds.com/trust-center/security-advisories/cve-2021-44228 - notes: 'For more information, please see the following KB article: [link](https://support.solarwinds.com/SuccessCenter/s/article/Database-Performance-Analyzer-DPA-and-the-Apache-Log4j-Vulnerability-CVE-2021-44228?language=en_US)' + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + notes: '' references: - '' - last_updated: '2021-12-23T00:00:00' - - vendor: SolarWinds - product: Orion Platform + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: HexaVue cves: cve-2021-4104: investigated: false @@ -84170,13 +90045,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.solarwinds.com/trust-center/security-advisories/cve-2021-44228 + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf notes: '' references: - '' - last_updated: '2021-12-23T00:00:00' - - vendor: SolarWinds - product: Server & Application Monitor (SAM) + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: HexaVue Integration System cves: cve-2021-4104: investigated: false @@ -84184,9 +90059,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - SAM 2020.2.6 and later + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -84200,14 +90074,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.solarwinds.com/trust-center/security-advisories/cve-2021-44228 - notes: 'For more information, please see the following KB article for the latest - details specific to the SAM hotfix: [link](https://support.solarwinds.com/SuccessCenter/s/article/Server-Application-Monitor-SAM-and-the-Apache-Log4j-Vulnerability-CVE-2021-44228?language=en_US)' + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + notes: '' references: - '' - last_updated: '2021-12-23T00:00:00' - - vendor: SonarSource - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: IDSS Integration System cves: cve-2021-4104: investigated: false @@ -84230,13 +90103,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.sonarsource.com/t/sonarqube-and-the-log4j-vulnerability/54721 + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Sonatype - product: All Products + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: RapidAER cves: cve-2021-4104: investigated: false @@ -84244,11 +90117,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All Versions + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -84260,17 +90132,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.sonatype.com/docs/important-announcements/sonatype-product-log4j-vulnerability-status - notes: Sonatype uses logback as the default logging solution as opposed to log4j. - This means our software including Nexus Lifecycle, Nexus Firewall, Nexus Repository - OSS and Nexus Repository Pro in versions 2.x and 3.x are NOT affected by the - reported log4j vulnerabilities. We still advise keeping your software upgraded - at the latest version. + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + notes: '' references: - '' - last_updated: '2021-12-29T00:00:00' - - vendor: SonicWall - product: Access Points + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: ReadyTracker cves: cve-2021-4104: investigated: false @@ -84293,13 +90161,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - notes: Log4j2 not used in the SonicWall Access Points + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: SonicWall - product: Analytics + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: RealView Visual Workflow Management System cves: cve-2021-4104: investigated: false @@ -84322,13 +90190,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - notes: Under Review + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: SonicWall - product: Analyzer + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: RELIANCE 444 WASHER DISINFECTOR cves: cve-2021-4104: investigated: false @@ -84351,13 +90219,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - notes: Under Review + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: SonicWall - product: Capture Client & Capture Client Portal + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: RELIANCE SYNERGY WASHER DISINFECTOR cves: cve-2021-4104: investigated: false @@ -84380,13 +90248,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - notes: Log4j2 not used in the Capture Client. + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: SonicWall - product: Capture Security Appliance + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: RELIANCE VISION 1300 SERIES CART AND UTENSIL WASHER DISINFECTORS cves: cve-2021-4104: investigated: false @@ -84409,13 +90277,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - notes: Log4j2 not used in the Capture Security appliance. + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: SonicWall - product: CAS + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: RELIANCE VISION MULTI- CHAMBER WASHER DISINFECTOR cves: cve-2021-4104: investigated: false @@ -84438,13 +90306,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - notes: Under Review + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: SonicWall - product: Email Security + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: RELIANCE VISION SINGLE CHAMBER WASHER DISINFECTOR cves: cve-2021-4104: investigated: false @@ -84467,13 +90335,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - notes: ES 10.0.11 and earlier versions are impacted + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: SonicWall - product: Gen5 Firewalls (EOS) + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: Renatron cves: cve-2021-4104: investigated: false @@ -84496,13 +90364,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - notes: Log4j2 not used in the appliance. + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: SonicWall - product: Gen6 Firewalls + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: ScopeBuddy+ cves: cve-2021-4104: investigated: false @@ -84525,13 +90393,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - notes: Log4j2 not used in the appliance. + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: SonicWall - product: Gen7 Firewalls + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: SecureCare ProConnect Technical Support Services cves: cve-2021-4104: investigated: false @@ -84554,13 +90422,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - notes: Log4j2 not used in the appliance. + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: SonicWall - product: GMS + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: Situational Awareness for Everyone Display (S.A.F.E.) cves: cve-2021-4104: investigated: false @@ -84583,13 +90451,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - notes: Under Review + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: SonicWall - product: MSW + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: SPM Surgical Asset Tracking Software cves: cve-2021-4104: investigated: false @@ -84612,13 +90480,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - notes: Mysonicwall service doesn't use Log4j + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: SonicWall - product: NSM + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: SYSTEM 1 endo LIQUID CHEMICAL STERILANT PROCESSING SYSTEM cves: cve-2021-4104: investigated: false @@ -84641,13 +90509,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - notes: NSM On-Prem and SaaS doesn't use a vulnerable version + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: SonicWall - product: SMA 100 + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: V-PRO 1 LOW TEMPERATURE STERILIZATION SYSTEM cves: cve-2021-4104: investigated: false @@ -84670,13 +90538,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - notes: Log4j2 not used in the SMA100 appliance. + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: SonicWall - product: SMA 1000 + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: V-PRO 1 PLUS LOW TEMPERATURE STERILIZATION SYSTEM cves: cve-2021-4104: investigated: false @@ -84699,13 +90567,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - notes: Version 12.1.0 and 12.4.1 doesn't use a vulnerable version + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: SonicWall - product: SonicCore + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: V-PRO MAX 2 LOW TEMPERATURE STERILIZATION SYSTEM cves: cve-2021-4104: investigated: false @@ -84728,13 +90596,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - notes: SonicCore doesn't use a Log4j2 + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: SonicWall - product: SonicWall Switch + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: V-PRO MAX LOW TEMPERATURE STERILIZATION SYSTEM cves: cve-2021-4104: investigated: false @@ -84757,13 +90625,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - notes: Log4j2 not used in the SonicWall Switch. + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: SonicWall - product: WAF + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: V-PRO S2 LOW TEMPERATURE STERILIZATION SYSTEM cves: cve-2021-4104: investigated: false @@ -84786,13 +90654,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - notes: Under Review + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: SonicWall - product: WNM + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: VERIFY INCUBATOR FOR ASSERT SELF-CONTAINED BIOLOGICAL INDICATORS cves: cve-2021-4104: investigated: false @@ -84815,13 +90683,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - notes: Log4j2 not used in the WNM. + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: SonicWall - product: WXA + last_updated: '2021-12-22T00:00:00' + - vendor: Sterling Order IBM + product: '' cves: cve-2021-4104: investigated: false @@ -84844,13 +90712,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - notes: WXA doesn't use a vulnerable version + - https://www.ibm.com/support/pages/node/6525544 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: Sophos - product: Cloud Optix + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Storagement + product: '' cves: cve-2021-4104: investigated: false @@ -84873,15 +90741,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce - notes: Users may have noticed a brief outage around 12:30 GMT as updates were - deployed. There was no evidence that the vulnerability was exploited and to - our knowledge no customers are impacted. + - https://www.storagement.de/index.php?action=topicofthemonth&site=log4j + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: Sophos - product: Reflexion + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: StormShield + product: '' cves: cve-2021-4104: investigated: false @@ -84904,13 +90770,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce - notes: Reflexion does not run an exploitable configuration. + - https://www.stormshield.com/news/log4shell-security-alert-stormshield-product-response/ + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: Sophos - product: SG UTM (all versions) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: StrangeBee TheHive & Cortex + product: '' cves: cve-2021-4104: investigated: false @@ -84933,43 +90799,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce - notes: Sophos SG UTM does not use Log4j. - references: - - '' - last_updated: '2021-12-12T00:00:00' - - vendor: Sophos - product: SG UTM Manager (SUM) (all versions) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All versions - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce - notes: SUM does not use Log4j. + - https://blog.strangebee.com/apache-log4j-cve-2021-44228/ + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: Sophos - product: Sophos Central + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Stratodesk + product: '' cves: cve-2021-4104: investigated: false @@ -84992,13 +90828,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce - notes: Sophos Central does not run an exploitable configuration. + - http://cdn.stratodesk.com/repository/notouch-center/10/4.5.231/0/ReleaseNotes-Stratodesk-NoTouch_Center-4.5.231.html + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: Sophos - product: Sophos Firewall (all versions) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Strimzi + product: '' cves: cve-2021-4104: investigated: false @@ -85021,13 +90857,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce - notes: Sophos Firewall does not use Log4j. + - https://strimzi.io/blog/2021/12/14/strimzi-and-log4shell/ + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: Sophos - product: Sophos Home + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Stripe + product: '' cves: cve-2021-4104: investigated: false @@ -85050,13 +90886,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce - notes: Sophos Home does not use Log4j. + - https://support.stripe.com/questions/update-for-apache-log4j-vulnerability-(cve-2021-44228) + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: Sophos - product: Sophos Mobile + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Styra + product: '' cves: cve-2021-4104: investigated: false @@ -85079,14 +90915,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce - notes: Sophos Mobile (in Central, SaaS, and on-premises) does not run an exploitable - configuration. + - https://blog.styra.com/blog/newest-log4j-security-vulnerability-cve-2021-44228-log4shell + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: Sophos - product: Sophos Mobile EAS Proxy + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Sumologic + product: '' cves: cve-2021-4104: investigated: false @@ -85094,9 +90929,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - < 9.7.2 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -85110,17 +90944,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce - notes: The Sophos Mobile EAS Proxy, running in Traffic Mode, is affected. Customers - will need to download and install version 9.7.2, available from Monday December - 13, 2021, on the same machine where it is currently running. PowerShell mode - is not affected. Customers can download the Standalone EAS Proxy Installer version - 9.7.2 from the Sophos website. + - https://docs.google.com/document/d/e/2PACX-1vSdeODZ2E5k0aZgHm06OJWhDQWgtxxB0ZIrTsuQjg5xaoxlogmTVGdOWoSFtDlZBdHzY6ET6k6Sk-g1/pub + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: Sophos - product: Sophos ZTNA + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: SumoLogic + product: '' cves: cve-2021-4104: investigated: false @@ -85143,12 +90973,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce - notes: Sophos ZTNA does not use Log4j. + - https://help.sumologic.com/Release-Notes/Collector-Release-Notes#december-11-2021-19-361-12 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: SOS Berlin + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Superna EYEGLASS product: '' cves: cve-2021-4104: @@ -85172,13 +91002,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.sos-berlin.com/en/news-mitigation-log4j-vulnerability + - https://manuals.supernaeyeglass.com/project-technical-advisories-all-products/HTML/technical-advisories.html#h2__1912345025 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Spacelabs Healthcare - product: ABP + - vendor: Suprema Inc + product: '' cves: cve-2021-4104: investigated: false @@ -85186,45 +91016,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - OnTrak - - 90217A - - and 90207 - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ - notes: '' - references: - - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Spacelabs Healthcare - product: CardioExpress - cves: - cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - SL6A - - SL12A - - and SL18A cve-2021-45046: investigated: false affected_versions: [] @@ -85236,13 +91031,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + - https://www.supremainc.com/en/ notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Spacelabs Healthcare - product: DM3 and DM4 Monitors + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: SUSE + product: '' cves: cve-2021-4104: investigated: false @@ -85265,13 +91060,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + - https://www.suse.com/c/suse-statement-on-log4j-log4shell-cve-2021-44228-vulnerability/ notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Spacelabs Healthcare - product: Eclipse Pro + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Sweepwidget + product: '' cves: cve-2021-4104: investigated: false @@ -85294,13 +91089,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + - https://sweepwidget.com/view/23032-v9f40ns1/4zow83-23032 notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Spacelabs Healthcare - product: EVO + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Swyx + product: '' cves: cve-2021-4104: investigated: false @@ -85323,13 +91118,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + - https://service.swyx.net/hc/de/articles/4412323539474 notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Spacelabs Healthcare - product: Intesys Clinical Suite (ICS) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Synchro MSP + product: '' cves: cve-2021-4104: investigated: false @@ -85352,13 +91147,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + - https://community.syncromsp.com/t/log4j-rce-cve-2021-4428/1350 notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Spacelabs Healthcare - product: Intesys Clinical Suite (ICS) Clinical Access Workstations + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Syncplify + product: '' cves: cve-2021-4104: investigated: false @@ -85381,13 +91176,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + - https://blog.syncplify.com/no-we-are-not-affected-by-log4j-vulnerability/ notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Spacelabs Healthcare - product: Lifescreen Pro + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Synology + product: '' cves: cve-2021-4104: investigated: false @@ -85410,13 +91205,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + - https://www.synology.com/en-global/security/advisory/Synology_SA_21_30 notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Spacelabs Healthcare - product: Pathfinder SL + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Synopsys + product: '' cves: cve-2021-4104: investigated: false @@ -85439,13 +91234,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + - https://community.synopsys.com/s/article/SIG-Security-Advisory-for-Apache-Log4J2-CVE-2021-44228 notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Spacelabs Healthcare - product: Qube + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Syntevo + product: '' cves: cve-2021-4104: investigated: false @@ -85453,11 +91248,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '91390' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -85469,13 +91263,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + - https://www.syntevo.com/blog/?p=5240 notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Spacelabs Healthcare - product: Qube Mini + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: SysAid + product: '' cves: cve-2021-4104: investigated: false @@ -85483,11 +91277,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '91389' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -85499,13 +91292,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + - https://www.sysaid.com/lp/important-update-regarding-apache-log4j notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Spacelabs Healthcare - product: SafeNSound + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Sysdig + product: '' cves: cve-2021-4104: investigated: false @@ -85513,10 +91306,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - 4.3.1 + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -85529,13 +91321,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ - notes: Version >4.3.1 - Not Affected + - https://sysdig.com/blog/cve-critical-vulnerability-log4j/ + notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Spacelabs Healthcare - product: Sentinel + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Tableau + product: Tableau Bridge cves: cve-2021-4104: investigated: false @@ -85543,8 +91335,21 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 'The following versions and lower: 20214.21.1109.1748' + - 20213.21.1112.1434 + - 20212.21.0818.1843 + - 20211.21.0617.1133 + - 20204.21.0217.1203 + - 20203.20.0913.2112 + - 20202.20.0721.1350 + - 20201.20.0614.2321 + - 20194.20.0614.2307 + - 20193.20.0614.2306 + - 20192.19.0917.1648 + - 20191.19.0402.1911 + - 20183.19.0115.1143 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -85558,13 +91363,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + - https://kb.tableau.com/articles/issue/Apache-Log4j2-vulnerability-Log4shell notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Spacelabs Healthcare - product: Spacelabs Cloud + last_updated: '2021-12-22T00:00:00' + - vendor: Tableau + product: Tableau Desktop cves: cve-2021-4104: investigated: false @@ -85572,8 +91377,21 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 'The following versions and lower: 2021.4' + - 2021.3.4 + - 2021.2.5 + - 2021.1.8 + - 2020.4.11 + - 2020.3.14 + - 2020.2.19 + - 2020.1.22 + - 2019.4.25 + - 2019.3.26 + - 2019.2.29 + - 2019.1.29 + - 2018.3.29 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -85587,13 +91405,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + - https://kb.tableau.com/articles/issue/Apache-Log4j2-vulnerability-Log4shell notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Spacelabs Healthcare - product: Ultraview SL + last_updated: '2021-12-22T00:00:00' + - vendor: Tableau + product: Tableau Prep Builder cves: cve-2021-4104: investigated: false @@ -85602,13 +91420,22 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 'The following versions and lower: 22021.4.1' + - 2021.3.2 + - 2021.2.2 + - 2021.1.4 + - 2020.4.1 + - 2020.3.3 + - 2020.2.3 + - 2020.1.5 + - 2019.4.2 + - 2019.3.2 + - 2019.2.3 + - 2019.1.4 + - 2018.3.3 fixed_versions: [] - unaffected_versions: - - '91367' - - '91369' - - '91370' - - and 91387 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -85620,13 +91447,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + - https://kb.tableau.com/articles/issue/Apache-Log4j2-vulnerability-Log4shell notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Spacelabs Healthcare - product: Xhibit Telemetry Receiver (XTR) + last_updated: '2021-12-22T00:00:00' + - vendor: Tableau + product: Tableau Public Desktop Client cves: cve-2021-4104: investigated: false @@ -85635,10 +91462,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 'The following versions and lower: 2021.4' fixed_versions: [] - unaffected_versions: - - '96280' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -85650,13 +91477,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + - https://kb.tableau.com/articles/issue/Apache-Log4j2-vulnerability-Log4shell notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Spacelabs Healthcare - product: Xhibit, XC4 + last_updated: '2021-12-22T00:00:00' + - vendor: Tableau + product: Tableau Reader cves: cve-2021-4104: investigated: false @@ -85665,11 +91492,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 'The following versions and lower: 2021.4' fixed_versions: [] - unaffected_versions: - - Xhibit 96102 - - XC4 96501 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -85681,13 +91507,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + - https://kb.tableau.com/articles/issue/Apache-Log4j2-vulnerability-Log4shell notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Spacelabs Healthcare - product: XprezzNet + last_updated: '2021-12-22T00:00:00' + - vendor: Tableau + product: Tableau Server cves: cve-2021-4104: investigated: false @@ -85696,10 +91522,22 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 'The following versions and lower: 2021.4' + - 2021.3.4 + - 2021.2.5 + - 2021.1.8 + - 2020.4.11 + - 2020.3.14 + - 2020.2.19 + - 2020.1.22 + - 2019.4.25 + - 2019.3.26 + - 2019.2.29 + - 2019.1.29 + - 2018.3.29 fixed_versions: [] - unaffected_versions: - - '96190' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -85711,13 +91549,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + - https://kb.tableau.com/articles/issue/Apache-Log4j2-vulnerability-Log4shell notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Spacelabs Healthcare - product: Xprezzon + last_updated: '2021-12-22T00:00:00' + - vendor: Talend + product: '' cves: cve-2021-4104: investigated: false @@ -85725,11 +91563,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '91393' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -85741,13 +91578,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + - https://jira.talendforge.org/browse/TCOMP-2054 notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Spambrella - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Tanium + product: All cves: cve-2021-4104: investigated: false @@ -85755,10 +91592,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All versions cve-2021-45046: investigated: false affected_versions: [] @@ -85770,12 +91608,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.spambrella.com/faq/status-of-spambrella-products-with-cve-2021-44228/ - notes: '' + - https://tanium.my.salesforce.com/sfc/p/#60000000IYkG/a/7V000000PeT8/8C98AHl7wP5_lpUwp3qmY5sSdwXx6wG6LE4gPYlxO8c + notes: Tanium does not use Log4j. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Spigot + last_updated: '2021-12-21T00:00:00' + - vendor: TealiumIQ product: '' cves: cve-2021-4104: @@ -85799,13 +91637,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.spigotmc.org/threads/spigot-security-releases-%E2%80%94-1-8-8%E2%80%931-18.537204/ + - https://community.tealiumiq.com/t5/Announcements-Blog/Update-on-Log4j-Security-Vulnerability/ba-p/36824 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Splunk - product: Data Stream Processor + - vendor: TeamPasswordManager + product: '' cves: cve-2021-4104: investigated: false @@ -85813,11 +91651,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - DSP 1.0.x - - DSP 1.1.x - - DSP 1.2.x + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -85831,13 +91666,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html + - https://teampasswordmanager.com/blog/log4j-vulnerability/ notes: '' references: - '' - last_updated: '2021-12-30T08:20:00-08:00' - - vendor: Splunk - product: IT Essentials Work [App ID 5403](https://splunkbase.splunk.com/app/5403/) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Teamviewer + product: '' cves: cve-2021-4104: investigated: false @@ -85845,11 +91680,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - '4.11' - - 4.10.x (Cloud only) - - 4.9.x + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -85863,13 +91695,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html + - https://www.teamviewer.com/en/trust-center/security-bulletins/hotfix-log4j2-issue/ notes: '' references: - '' - last_updated: '2021-12-30T08:20:00-08:00' - - vendor: Splunk - product: IT Service Intelligence (ITSI) [App ID 1841](https://splunkbase.splunk.com/app/1841/) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Tech Software + product: OneAegis (f/k/a IRBManager) cves: cve-2021-4104: investigated: false @@ -85878,16 +91710,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 4.11.0 - - 4.10.x (Cloud only) - - 4.9.x - - 4.8.x (Cloud only) - - 4.7.x - - 4.6.x - - 4.5.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All versions cve-2021-45046: investigated: false affected_versions: [] @@ -85899,13 +91725,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html - notes: '' + - https://support.techsoftware.com/hc/en-us/articles/4412825948179 + notes: OneAegis does not use Log4j. references: - '' - last_updated: '2021-12-30T08:20:00-08:00' - - vendor: Splunk - product: Splunk Add-On for Java Management Extensions [App ID 2647](https://splunkbase.splunk.com/app/2647) + last_updated: '2021-12-15T00:00:00' + - vendor: Tech Software + product: SMART cves: cve-2021-4104: investigated: false @@ -85914,10 +91740,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 5.2.0 and older + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All versions cve-2021-45046: investigated: false affected_versions: [] @@ -85929,13 +91755,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html - notes: '' + - https://support.techsoftware.com/hc/en-us/articles/4412825948179 + notes: SMART does not use Log4j. references: - '' - last_updated: '2021-12-30T08:20:00-08:00' - - vendor: Splunk - product: Splunk Add-On for Tomcat [App ID 2911](https://splunkbase.splunk.com/app/2911/) + last_updated: '2021-12-15T00:00:00' + - vendor: Tech Software + product: Study Binders cves: cve-2021-4104: investigated: false @@ -85944,10 +91770,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 3.0.0 and older + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All versions cve-2021-45046: investigated: false affected_versions: [] @@ -85959,13 +91785,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html - notes: '' + - https://support.techsoftware.com/hc/en-us/articles/4412825948179 + notes: Study Binders does not use Log4j. references: - '' - last_updated: '2021-12-30T08:20:00-08:00' - - vendor: Splunk - product: Splunk Application Performance Monitoring + last_updated: '2021-12-15T00:00:00' + - vendor: TechSmith + product: '' cves: cve-2021-4104: investigated: false @@ -85973,9 +91799,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Current + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -85989,13 +91814,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html + - https://support.techsmith.com/hc/en-us/articles/4416620527885?input_string=log4j notes: '' references: - '' - last_updated: '2021-12-30T08:20:00-08:00' - - vendor: Splunk - product: Splunk Connect for Kafka + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Telestream + product: '' cves: cve-2021-4104: investigated: false @@ -86003,9 +91828,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - All versions prior to 2.0.4 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -86019,13 +91843,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html + - http://www.telestream.net/telestream-support/Apache-Log4j2-Bulletin.htm notes: '' references: - '' - last_updated: '2021-12-30T08:20:00-08:00' - - vendor: Splunk - product: Splunk Enterprise (including instance types like Heavy Forwarders) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Tenable + product: Tenable.io / Nessus cves: cve-2021-4104: investigated: false @@ -86033,11 +91857,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - All supported non-Windows versions of 8.1.x and 8.2.x only if DFS is used. - See Removing Log4j from Splunk Enterprise below for guidance on unsupported - versions. + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -86051,13 +91872,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html - notes: '' + - https://www.tenable.com/log4j + notes: None of Tenable’s products are running the version of Log4j vulnerable + to CVE-2021-44228 or CVE-2021-45046 at this time references: - '' - last_updated: '2021-12-30T08:20:00-08:00' - - vendor: Splunk - product: Splunk Enterprise Amazon Machine Image (AMI) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Thales + product: CADP/SafeNet Protect App (PA) - JCE cves: cve-2021-4104: investigated: false @@ -86065,9 +91887,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - See Splunk Enterprise + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -86081,13 +91902,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2021-12-30T08:20:00-08:00' - - vendor: Splunk - product: Splunk Enterprise Docker Container + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: CipherTrust Application Data Protection (CADP) – CAPI.net & Net Core cves: cve-2021-4104: investigated: false @@ -86095,9 +91916,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - See Splunk Enterprise + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -86111,13 +91931,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2021-12-30T08:20:00-08:00' - - vendor: Splunk - product: Splunk Infrastructure Monitoring + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: CipherTrust Batch Data Transformation (BDT) 2.3 cves: cve-2021-4104: investigated: false @@ -86125,9 +91945,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Current + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -86141,13 +91960,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2021-12-30T08:20:00-08:00' - - vendor: Splunk - product: Splunk Log Observer + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: CipherTrust Cloud Key Manager (CCKM) Appliance cves: cve-2021-4104: investigated: false @@ -86155,9 +91974,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Current + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -86171,13 +91989,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2021-12-30T08:20:00-08:00' - - vendor: Splunk - product: Splunk Logging Library for Java + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: CipherTrust Cloud Key Manager (CCKM) Embedded cves: cve-2021-4104: investigated: false @@ -86185,9 +92003,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 1.11.0 and older + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -86201,13 +92018,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2021-12-30T08:20:00-08:00' - - vendor: Splunk - product: Splunk On-call / VictorOps + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: CipherTrust Database Protection cves: cve-2021-4104: investigated: false @@ -86215,9 +92032,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Current + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -86231,13 +92047,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2021-12-30T08:20:00-08:00' - - vendor: Splunk - product: Splunk OVA for VMWare [App ID 3216](https://splunkbase.splunk.com/app/3216/) + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: CipherTrust Manager cves: cve-2021-4104: investigated: false @@ -86245,9 +92061,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 4.0.3 and older + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -86261,13 +92076,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2021-12-30T08:20:00-08:00' - - vendor: Splunk - product: Splunk OVA for VMWare Metrics [App ID 5096](https://splunkbase.splunk.com/app/5096/) + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: CipherTrust Transparent Encryption (CTE/VTE/CTE-U) cves: cve-2021-4104: investigated: false @@ -86275,9 +92090,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 4.2.1 and older + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -86291,13 +92105,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2021-12-30T08:20:00-08:00' - - vendor: Splunk - product: Splunk Real User Monitoring + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: CipherTrust Vaulted Tokenization (CT-V) / SafeNet Tokenization Manager cves: cve-2021-4104: investigated: false @@ -86305,9 +92119,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Current + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -86321,13 +92134,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2021-12-30T08:20:00-08:00' - - vendor: Splunk - product: Splunk Splunk Add-On for JBoss [App ID 2954](https://splunkbase.splunk.com/app/2954/) + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: CipherTrust Vaultless Tokenization (CTS, CT-VL) cves: cve-2021-4104: investigated: false @@ -86335,9 +92148,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 3.0.0 and older + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -86351,13 +92163,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2021-12-30T08:20:00-08:00' - - vendor: Splunk - product: Splunk Synthetics + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: CipherTrust/SafeNet PDBCTL cves: cve-2021-4104: investigated: false @@ -86365,9 +92177,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Current + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -86381,13 +92192,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2021-12-30T08:20:00-08:00' - - vendor: Splunk - product: Splunk UBA OVA Software + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: Crypto Command Center (CCC) cves: cve-2021-4104: investigated: false @@ -86395,10 +92206,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 5.0.3a - - 5.0.0 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -86412,13 +92221,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2021-12-30T08:20:00-08:00' - - vendor: Splunk - product: Splunk VMWare OVA for ITSI [App ID 4760](https://splunkbase.splunk.com/app/4760/) + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: Data Protection on Demand cves: cve-2021-4104: investigated: false @@ -86426,9 +92235,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 1.1.1 and older + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -86442,13 +92250,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2021-12-30T08:20:00-08:00' - - vendor: Sprecher Automation - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: Data Security Manager (DSM) cves: cve-2021-4104: investigated: false @@ -86471,13 +92279,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.sprecher-automation.com/en/it-security/security-alerts + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Spring - product: Spring Boot + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: KeySecure cves: cve-2021-4104: investigated: false @@ -86500,14 +92308,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://spring.io/blog/2021/12/10/log4j2-vulnerability-and-spring-boot - notes: Spring Boot users are only affected by this vulnerability if they have - switched the default logging system to Log4J2 + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Spring Boot - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: Luna EFT cves: cve-2021-4104: investigated: false @@ -86530,13 +92337,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://spring.io/blog/2021/12/10/log4j2-vulnerability-and-spring-boot + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: StarDog - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: Luna Network, PCIe, Luna USB HSM and backup devices cves: cve-2021-4104: investigated: false @@ -86559,13 +92366,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.stardog.com/t/stardog-7-8-1-available/3411 + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: STERIS - product: Advantage + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: Luna SP cves: cve-2021-4104: investigated: false @@ -86588,13 +92395,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: Advantage Plus + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: payShield Monitor cves: cve-2021-4104: investigated: false @@ -86617,13 +92424,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: AMSCO 2000 SERIES WASHER DISINFECTORS + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: ProtectServer HSMs cves: cve-2021-4104: investigated: false @@ -86646,13 +92453,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: AMSCO 3000 SERIES WASHER DISINFECTORS + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: SafeNet Authentication Client cves: cve-2021-4104: investigated: false @@ -86675,13 +92482,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: AMSCO 400 MEDIUM STEAM STERILIZER + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: SafeNet eToken (all products) cves: cve-2021-4104: investigated: false @@ -86704,13 +92511,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: AMSCO 400 SMALL STEAM STERILIZERS + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: SafeNet IDPrime Virtual cves: cve-2021-4104: investigated: false @@ -86733,13 +92540,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: AMSCO 5000 SERIES WASHER DISINFECTORS + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: SafeNet IDPrime(all products) cves: cve-2021-4104: investigated: false @@ -86762,13 +92569,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: AMSCO 600 MEDIUM STEAM STERILIZER + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: SafeNet LUKS cves: cve-2021-4104: investigated: false @@ -86791,13 +92598,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: AMSCO 7000 SERIES WASHER DISINFECTORS + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: SafeNet PKCS#11 and TDE cves: cve-2021-4104: investigated: false @@ -86820,13 +92627,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: AMSCO CENTURY MEDIUM STEAM STERILIZER + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: SafeNet ProtectApp (PA) CAPI, .Net & Net Core cves: cve-2021-4104: investigated: false @@ -86849,13 +92656,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: AMSCO CENTURY SMALL STEAM STERILIZER + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: SafeNet ProtectDB (PDB) cves: cve-2021-4104: investigated: false @@ -86878,13 +92685,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: AMSCO EAGLE 3000 SERIES STAGE 3 STEAM STERILIZERS + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: Safenet ProtectFile and ProtectFile- Fuse cves: cve-2021-4104: investigated: false @@ -86907,13 +92714,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: AMSCO EVOLUTION FLOOR LOADER STEAM STERILIZER + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: SafeNet ProtectV cves: cve-2021-4104: investigated: false @@ -86936,13 +92743,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: AMSCO EVOLUTION MEDIUM STEAM STERILIZER + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: SafeNet SQL EKM cves: cve-2021-4104: investigated: false @@ -86965,13 +92772,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: Canexis 1.0 + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: SafeNet Transform Utility (TU) cves: cve-2021-4104: investigated: false @@ -86994,13 +92801,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: CELERITY HP INCUBATOR + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: SafeNet Trusted Access (STA) cves: cve-2021-4104: investigated: false @@ -87023,13 +92830,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: CELERITY STEAM INCUBATOR + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: SafeNet Vaultless Tokenization cves: cve-2021-4104: investigated: false @@ -87052,13 +92859,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: CER Optima + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: SAS on Prem (SPE/PCE) cves: cve-2021-4104: investigated: false @@ -87081,13 +92888,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: Clarity Software + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: Sentinel Connect cves: cve-2021-4104: investigated: false @@ -87110,13 +92917,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: Connect Software + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: Sentinel EMS Enterprise aaS cves: cve-2021-4104: investigated: false @@ -87139,13 +92946,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: ConnectAssure Technology + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: Sentinel EMS Enterprise OnPremise cves: cve-2021-4104: investigated: false @@ -87168,13 +92975,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: ConnectoHIS + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: Sentinel Envelope cves: cve-2021-4104: investigated: false @@ -87197,13 +93004,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: CS-iQ Sterile Processing Workflow + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: Sentinel ESDaaS cves: cve-2021-4104: investigated: false @@ -87226,13 +93033,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: DSD Edge + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: Sentinel HASP, Legacy dog, Maze, Hardlock cves: cve-2021-4104: investigated: false @@ -87255,13 +93062,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: DSD-201, + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: Sentinel LDK EMS (LDK-EMS) cves: cve-2021-4104: investigated: false @@ -87284,13 +93091,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: EndoDry + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: Sentinel LDKaas (LDK-EMS) cves: cve-2021-4104: investigated: false @@ -87313,13 +93120,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: Endora + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: Sentinel Professional Services components (both Thales hosted & hosted + on-premises by customers) cves: cve-2021-4104: investigated: false @@ -87342,13 +93150,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: Harmony iQ Integration Systems + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: Sentinel RMS cves: cve-2021-4104: investigated: false @@ -87371,13 +93179,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: Harmony iQ Perspectives Image Management System + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: Sentinel SCL cves: cve-2021-4104: investigated: false @@ -87400,13 +93208,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: HexaVue + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: Sentinel Superdog, SuperPro, UltraPro, SHK cves: cve-2021-4104: investigated: false @@ -87429,13 +93237,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: HexaVue Integration System + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: Sentinel Up cves: cve-2021-4104: investigated: false @@ -87458,13 +93266,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: IDSS Integration System + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: Thales Data Platform (TDP)(DDC) cves: cve-2021-4104: investigated: false @@ -87487,13 +93295,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: RapidAER + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: Thales payShield 10k cves: cve-2021-4104: investigated: false @@ -87516,13 +93324,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: ReadyTracker + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: Thales payShield 9000 cves: cve-2021-4104: investigated: false @@ -87545,13 +93353,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: RealView Visual Workflow Management System + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: Thales payShield Manager cves: cve-2021-4104: investigated: false @@ -87574,13 +93382,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: RELIANCE 444 WASHER DISINFECTOR + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: Vormetirc Key Manager (VKM) cves: cve-2021-4104: investigated: false @@ -87603,13 +93411,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: RELIANCE SYNERGY WASHER DISINFECTOR + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: Vormetric Application Encryption (VAE) cves: cve-2021-4104: investigated: false @@ -87632,13 +93440,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: RELIANCE VISION 1300 SERIES CART AND UTENSIL WASHER DISINFECTORS + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: Vormetric Protection for Terradata Database (VPTD) cves: cve-2021-4104: investigated: false @@ -87661,13 +93469,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: RELIANCE VISION MULTI- CHAMBER WASHER DISINFECTOR + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: Vormetric Tokenization Server (VTS) cves: cve-2021-4104: investigated: false @@ -87690,13 +93498,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: RELIANCE VISION SINGLE CHAMBER WASHER DISINFECTOR + last_updated: '2021-12-17T00:00:00' + - vendor: Thermo Fisher Scientific + product: '' cves: cve-2021-4104: investigated: false @@ -87719,13 +93527,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://corporate.thermofisher.com/us/en/index/about/information-security/Protecting-Our-Products.html notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: Renatron + - vendor: Thermo-Calc + product: Thermo-Calc cves: cve-2021-4104: investigated: false @@ -87733,10 +93541,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 2022a cve-2021-45046: investigated: false affected_versions: [] @@ -87748,13 +93557,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf - notes: '' + - https://thermocalc.com/blog/thermo-calc-response-to-apache-log4j-2-vulnerability/ + notes: Use the program as normal, Install the 2022a patch when available references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: ScopeBuddy+ + - vendor: Thermo-Calc + product: Thermo-Calc cves: cve-2021-4104: investigated: false @@ -87762,10 +93571,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 2021b cve-2021-45046: investigated: false affected_versions: [] @@ -87777,13 +93587,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf - notes: '' + - https://thermocalc.com/blog/thermo-calc-response-to-apache-log4j-2-vulnerability/ + notes: Use the program as normal references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: SecureCare ProConnect Technical Support Services + - vendor: Thermo-Calc + product: Thermo-Calc cves: cve-2021-4104: investigated: false @@ -87791,10 +93601,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 2018b to 2021a cve-2021-45046: investigated: false affected_versions: [] @@ -87806,13 +93617,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf - notes: '' + - https://thermocalc.com/blog/thermo-calc-response-to-apache-log4j-2-vulnerability/ + notes: Use the program as normal, delete the Log4j 2 files in the program installation + if required, see advisory for instructions. references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: Situational Awareness for Everyone Display (S.A.F.E.) + - vendor: Thermo-Calc + product: Thermo-Calc cves: cve-2021-4104: investigated: false @@ -87820,10 +93632,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 2018a and earlier + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + vendor_links: + - https://thermocalc.com/blog/thermo-calc-response-to-apache-log4j-2-vulnerability/ + notes: Use the program as normal + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: Thomson Reuters + product: HighQ Appliance + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - <3.5 + fixed_versions: [] + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -87835,13 +93678,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf - notes: '' + - https://highqsolutions.zendesk.com + notes: Reported by vendor - Documentation is in vendor's client portal (login + required). This advisory is available to customer only and has not been reviewed + by CISA. references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: SPM Surgical Asset Tracking Software + last_updated: '2021-12-20T00:00:00' + - vendor: ThreatLocker + product: '' cves: cve-2021-4104: investigated: false @@ -87864,13 +93709,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://threatlocker.kb.help/log4j-vulnerability/ notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: SYSTEM 1 endo LIQUID CHEMICAL STERILANT PROCESSING SYSTEM + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: ThycoticCentrify + product: Account Lifecycle Manager cves: cve-2021-4104: investigated: false @@ -87878,10 +93723,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -87893,13 +93739,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://docs.thycotic.com/bulletins/current/2021/cve-2021-44228-exploit.md notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: V-PRO 1 LOW TEMPERATURE STERILIZATION SYSTEM + last_updated: '2021-12-10T00:00:00' + - vendor: ThycoticCentrify + product: Cloud Suite cves: cve-2021-4104: investigated: false @@ -87907,10 +93753,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -87922,13 +93769,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://docs.thycotic.com/bulletins/current/2021/cve-2021-44228-exploit.md notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: V-PRO 1 PLUS LOW TEMPERATURE STERILIZATION SYSTEM + last_updated: '2021-12-10T00:00:00' + - vendor: ThycoticCentrify + product: Connection Manager cves: cve-2021-4104: investigated: false @@ -87936,10 +93783,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -87951,13 +93799,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://docs.thycotic.com/bulletins/current/2021/cve-2021-44228-exploit.md notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: V-PRO MAX 2 LOW TEMPERATURE STERILIZATION SYSTEM + last_updated: '2021-12-10T00:00:00' + - vendor: ThycoticCentrify + product: DevOps Secrets Vault cves: cve-2021-4104: investigated: false @@ -87965,10 +93813,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -87980,13 +93829,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://docs.thycotic.com/bulletins/current/2021/cve-2021-44228-exploit.md notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: V-PRO MAX LOW TEMPERATURE STERILIZATION SYSTEM + last_updated: '2021-12-10T00:00:00' + - vendor: ThycoticCentrify + product: Password Reset Server cves: cve-2021-4104: investigated: false @@ -87994,10 +93843,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -88009,13 +93859,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://docs.thycotic.com/bulletins/current/2021/cve-2021-44228-exploit.md notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: V-PRO S2 LOW TEMPERATURE STERILIZATION SYSTEM + last_updated: '2021-12-10T00:00:00' + - vendor: ThycoticCentrify + product: Privilege Manager cves: cve-2021-4104: investigated: false @@ -88023,10 +93873,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -88038,13 +93889,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://docs.thycotic.com/bulletins/current/2021/cve-2021-44228-exploit.md notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: VERIFY INCUBATOR FOR ASSERT SELF-CONTAINED BIOLOGICAL INDICATORS + last_updated: '2021-12-10T00:00:00' + - vendor: ThycoticCentrify + product: Privileged Behavior Analytics cves: cve-2021-4104: investigated: false @@ -88052,10 +93903,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -88067,13 +93919,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://docs.thycotic.com/bulletins/current/2021/cve-2021-44228-exploit.md notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Sterling Order IBM - product: '' + last_updated: '2021-12-10T00:00:00' + - vendor: ThycoticCentrify + product: Secret Server cves: cve-2021-4104: investigated: false @@ -88081,10 +93933,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -88096,13 +93949,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/support/pages/node/6525544 + - https://docs.thycotic.com/bulletins/current/2021/cve-2021-44228-exploit.md notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Storagement - product: '' + last_updated: '2021-12-10T00:00:00' + - vendor: ThycoticCentrify + product: Server Suite cves: cve-2021-4104: investigated: false @@ -88110,10 +93963,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -88125,12 +93979,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.storagement.de/index.php?action=topicofthemonth&site=log4j + - https://docs.thycotic.com/bulletins/current/2021/cve-2021-44228-exploit.md notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: StormShield + last_updated: '2021-12-10T00:00:00' + - vendor: Tibco product: '' cves: cve-2021-4104: @@ -88154,12 +94008,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.stormshield.com/news/log4shell-security-alert-stormshield-product-response/ + - https://www.tibco.com/support/notices/2021/12/apache-log4j-vulnerability-update notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: StrangeBee TheHive & Cortex + - vendor: Top Gun Technology (TGT) product: '' cves: cve-2021-4104: @@ -88183,12 +94037,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.strangebee.com/apache-log4j-cve-2021-44228/ + - https://www.topgun-tech.com/technical-bulletin-apache-software-log4j-security-vulnerability-cve-2021-44228/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Stratodesk + - vendor: TopDesk product: '' cves: cve-2021-4104: @@ -88212,13 +94066,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - http://cdn.stratodesk.com/repository/notouch-center/10/4.5.231/0/ReleaseNotes-Stratodesk-NoTouch_Center-4.5.231.html + - https://my.topdesk.com/tas/public/ssp/content/detail/knowledgeitem?unid=74952771dfab4b0794292e63b0409314 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Strimzi - product: '' + - vendor: Topicus Security + product: Topicus KeyHub cves: cve-2021-4104: investigated: false @@ -88226,10 +94080,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -88241,12 +94096,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://strimzi.io/blog/2021/12/14/strimzi-and-log4shell/ + - https://blog.topicus-keyhub.com/topicus-keyhub-is-not-vulnerable-to-cve-2021-44228/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Stripe + last_updated: '2021-12-20T00:00:00' + - vendor: Topix product: '' cves: cve-2021-4104: @@ -88270,12 +94125,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.stripe.com/questions/update-for-apache-log4j-vulnerability-(cve-2021-44228) + - https://www.topix.de/de/technik/systemfreigaben.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Styra + - vendor: Tosibox product: '' cves: cve-2021-4104: @@ -88299,13 +94154,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.styra.com/blog/newest-log4j-security-vulnerability-cve-2021-44228-log4shell + - https://helpdesk.tosibox.com/support/solutions/articles/2100050946-security-advisory-on-vulnerability-in-apache-log4j-library-cve-2021-44228 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Sumologic - product: '' + - vendor: TPLink + product: Omega Controller cves: cve-2021-4104: investigated: false @@ -88313,8 +94168,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - Linux/Windows(all) fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -88328,13 +94184,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.google.com/document/d/e/2PACX-1vSdeODZ2E5k0aZgHm06OJWhDQWgtxxB0ZIrTsuQjg5xaoxlogmTVGdOWoSFtDlZBdHzY6ET6k6Sk-g1/pub - notes: '' + - https://www.tp-link.com/us/support/faq/3255 + notes: 'Update is Beta. Reddit: overwritten vulnerable log4j with 2.15 files as + potential workaround. Though that should now be done with 2.16' references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: SumoLogic - product: '' + - '[Tp Community Link](https://community.tp-link.com/en/business/forum/topic/514452),[Reddit + Link](https://www.reddit.com/r/TPLink_Omada/comments/rdzvlp/updating_the_sdn_to_protect_against_the_log4j)' + last_updated: '2021-12-15T00:00:00' + - vendor: TrendMicro + product: All cves: cve-2021-4104: investigated: false @@ -88357,12 +94215,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.sumologic.com/Release-Notes/Collector-Release-Notes#december-11-2021-19-361-12 + - https://success.trendmicro.com/solution/000289940 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Superna EYEGLASS + - vendor: Tricentis Tosca product: '' cves: cve-2021-4104: @@ -88386,42 +94244,43 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://manuals.supernaeyeglass.com/project-technical-advisories-all-products/HTML/technical-advisories.html#h2__1912345025 + - https://support-hub.tricentis.com/open?number=NEW0001148&id=post notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Suprema Inc + - vendor: Tridium product: '' cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.supremainc.com/en/ - notes: '' + - https://docs.niagara-community.com/bundle/TechBulletin2021/resource/Dec_13_2021_NiagaraNotExposed_Apache_log4j.pdf + notes: Document access requires authentication. CISA is not able to validate vulnerability + status. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: SUSE - product: '' + last_updated: '2022-01-19T00:00:00' + - vendor: Trimble + product: eCognition cves: cve-2021-4104: investigated: false @@ -88429,8 +94288,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 10.2.0 Build 4618 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -88443,14 +94303,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.suse.com/c/suse-statement-on-log4j-log4shell-cve-2021-44228-vulnerability/ - notes: '' + vendor_links: [] + notes: Remediation steps provided by Trimble references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Sweepwidget - product: '' + last_updated: '2021-12-23T00:00:00' + - vendor: Tripp Lite + product: LX Platform devices (includes WEBCARDLX, WEBCARDLXMINI, SRCOOLNETLX, + SRCOOLNET2LX and devices with pre-installed or embedded WEBCARDLX interfaces) cves: cve-2021-4104: investigated: false @@ -88473,13 +94333,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://sweepwidget.com/view/23032-v9f40ns1/4zow83-23032 + - https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Swyx - product: '' + last_updated: '2022-01-04T00:00:00' + - vendor: Tripp Lite + product: PowerAlert Local (PAL) cves: cve-2021-4104: investigated: false @@ -88502,13 +94362,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://service.swyx.net/hc/de/articles/4412323539474 - notes: '' + - https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf + notes: Some versions of PAL use log4j v1 which is NOT AFFECTED by the CVE-2021-44228 + vulnerability. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Synchro MSP - product: '' + last_updated: '2022-01-04T00:00:00' + - vendor: Tripp Lite + product: PowerAlert Network Management System (PANMS) cves: cve-2021-4104: investigated: false @@ -88531,13 +94392,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.syncromsp.com/t/log4j-rce-cve-2021-4428/1350 - notes: '' + - https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf + notes: Some versions of PAL use log4j v1 which is NOT AFFECTED by the CVE-2021-44228 + vulnerability. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Syncplify - product: '' + last_updated: '2022-01-04T00:00:00' + - vendor: Tripp Lite + product: PowerAlert Network Shutdown Agent (PANSA) cves: cve-2021-4104: investigated: false @@ -88560,13 +94422,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.syncplify.com/no-we-are-not-affected-by-log4j-vulnerability/ - notes: '' + - https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf + notes: Some versions of PANSA use log4j v1 which is NOT AFFECTED by the CVE-2021-44228 + vulnerability. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Synology - product: '' + last_updated: '2022-01-04T00:00:00' + - vendor: Tripp Lite + product: PowerAlertElement Manager (PAEM) cves: cve-2021-4104: investigated: false @@ -88574,8 +94437,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 1.0.0 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -88589,13 +94453,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.synology.com/en-global/security/advisory/Synology_SA_21_30 - notes: '' + - https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf + notes: Tripp Lite will soon be issuing a patch in the form of PAEM 1.0.1 which + will contain a patched version of Log4j2 references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Synopsys - product: '' + last_updated: '2022-01-04T00:00:00' + - vendor: Tripp Lite + product: SNMPWEBCARD, SRCOOLNET, SRCOOLNET2 and devices with pre-installed or + embedded SNMPWEBCARD cves: cve-2021-4104: investigated: false @@ -88618,13 +94484,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.synopsys.com/s/article/SIG-Security-Advisory-for-Apache-Log4J2-CVE-2021-44228 + - https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Syntevo - product: '' + last_updated: '2022-01-04T00:00:00' + - vendor: Tripp Lite + product: TLNETCARD and associated software cves: cve-2021-4104: investigated: false @@ -88647,12 +94513,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.syntevo.com/blog/?p=5240 + - https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: SysAid + last_updated: '2022-01-04T00:00:00' + - vendor: Tripwire product: '' cves: cve-2021-4104: @@ -88676,12 +94542,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.sysaid.com/lp/important-update-regarding-apache-log4j + - https://www.tripwire.com/log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Sysdig + - vendor: TrueNAS product: '' cves: cve-2021-4104: @@ -88705,13 +94571,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://sysdig.com/blog/cve-critical-vulnerability-log4j/ + - https://www.truenas.com/community/threads/log4j-vulnerability.97359/post-672559 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Tableau - product: Tableau Bridge + - vendor: Tufin + product: '' cves: cve-2021-4104: investigated: false @@ -88719,21 +94585,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 'The following versions and lower: 20214.21.1109.1748' - - 20213.21.1112.1434 - - 20212.21.0818.1843 - - 20211.21.0617.1133 - - 20204.21.0217.1203 - - 20203.20.0913.2112 - - 20202.20.0721.1350 - - 20201.20.0614.2321 - - 20194.20.0614.2307 - - 20193.20.0614.2306 - - 20192.19.0917.1648 - - 20191.19.0402.1911 - - 20183.19.0115.1143 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -88747,13 +94600,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.tableau.com/articles/issue/Apache-Log4j2-vulnerability-Log4shell + - https://portal.tufin.com/articles/SecurityAdvisories/Apache-Log4Shell-Vulnerability-12-12-2021 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Tableau - product: Tableau Desktop + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: TYPO3 + product: '' cves: cve-2021-4104: investigated: false @@ -88761,21 +94614,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 'The following versions and lower: 2021.4' - - 2021.3.4 - - 2021.2.5 - - 2021.1.8 - - 2020.4.11 - - 2020.3.14 - - 2020.2.19 - - 2020.1.22 - - 2019.4.25 - - 2019.3.26 - - 2019.2.29 - - 2019.1.29 - - 2018.3.29 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -88789,13 +94629,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.tableau.com/articles/issue/Apache-Log4j2-vulnerability-Log4shell + - https://typo3.org/article/typo3-psa-2021-004 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Tableau - product: Tableau Prep Builder + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Ubiquiti + product: UniFi Network Application cves: cve-2021-4104: investigated: false @@ -88805,19 +94645,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 'The following versions and lower: 22021.4.1' - - 2021.3.2 - - 2021.2.2 - - 2021.1.4 - - 2020.4.1 - - 2020.3.3 - - 2020.2.3 - - 2020.1.5 - - 2019.4.2 - - 2019.3.2 - - 2019.2.3 - - 2019.1.4 - - 2018.3.3 + - 6.5.53 & lower versions fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -88831,13 +94659,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.tableau.com/articles/issue/Apache-Log4j2-vulnerability-Log4shell + - https://community.ui.com/releases/UniFi-Network-Application-6-5-54/d717f241-48bb-4979-8b10-99db36ddabe1 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Tableau - product: Tableau Public Desktop Client + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Ubiquiti + product: UniFi Network Controller cves: cve-2021-4104: investigated: false @@ -88847,7 +94675,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 'The following versions and lower: 2021.4' + - 6.5.54 & lower versions fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -88861,13 +94689,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.tableau.com/articles/issue/Apache-Log4j2-vulnerability-Log4shell + - https://community.ui.com/releases/UniFi-Network-Application-6-5-55/48c64137-4a4a-41f7-b7e4-3bee505ae16e notes: '' references: - - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Tableau - product: Tableau Reader + - 6.5.54 is reported to still be vulnerable. 6.5.55 is the new recommendation + for mitigatin log4j vulnerabilities by updating to log4j 2.16.0 + last_updated: '2021-12-15T00:00:00' + - vendor: Ubuntu + product: '' cves: cve-2021-4104: investigated: false @@ -88875,9 +94704,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 'The following versions and lower: 2021.4' + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -88891,13 +94719,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.tableau.com/articles/issue/Apache-Log4j2-vulnerability-Log4shell + - https://ubuntu.com/security/CVE-2021-44228 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Tableau - product: Tableau Server + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: UiPath + product: InSights cves: cve-2021-4104: investigated: false @@ -88907,19 +94735,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 'The following versions and lower: 2021.4' - - 2021.3.4 - - 2021.2.5 - - 2021.1.8 - - 2020.4.11 - - 2020.3.14 - - 2020.2.19 - - 2020.1.22 - - 2019.4.25 - - 2019.3.26 - - 2019.2.29 - - 2019.1.29 - - 2018.3.29 + - '20.10' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -88933,12 +94749,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.tableau.com/articles/issue/Apache-Log4j2-vulnerability-Log4shell + - https://www.uipath.com/legal/trust-and-security/cve-2021-44228 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Talend + last_updated: '2021-12-15T00:00:00' + - vendor: Umbraco product: '' cves: cve-2021-4104: @@ -88962,13 +94778,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://jira.talendforge.org/browse/TCOMP-2054 + - https://umbraco.com/blog/security-advisory-december-15-2021-umbraco-cms-and-cloud-not-affected-by-cve-2021-44228-log4j-rce-0-day-mitigation/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Tanium - product: All + - vendor: UniFlow + product: '' cves: cve-2021-4104: investigated: false @@ -88976,11 +94792,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All versions + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -88992,12 +94807,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tanium.my.salesforce.com/sfc/p/#60000000IYkG/a/7V000000PeT8/8C98AHl7wP5_lpUwp3qmY5sSdwXx6wG6LE4gPYlxO8c - notes: Tanium does not use Log4j. + - https://www.uniflow.global/en/security/security-and-maintenance/ + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: TealiumIQ + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Unify ATOS product: '' cves: cve-2021-4104: @@ -89021,12 +94836,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.tealiumiq.com/t5/Announcements-Blog/Update-on-Log4j-Security-Vulnerability/ba-p/36824 + - https://networks.unify.com/security/advisories/OBSO-2112-01.pdf notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: TeamPasswordManager + - vendor: Unimus product: '' cves: cve-2021-4104: @@ -89050,12 +94865,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://teampasswordmanager.com/blog/log4j-vulnerability/ + - https://forum.unimus.net/viewtopic.php?f=7&t=1390#top notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Teamviewer + - vendor: USSIGNAL MSP product: '' cves: cve-2021-4104: @@ -89079,13 +94894,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.teamviewer.com/en/trust-center/security-bulletins/hotfix-log4j2-issue/ + - https://ussignal.com/blog/apache-log4j-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Tech Software - product: OneAegis (f/k/a IRBManager) + - vendor: Varian + product: Acuity cves: cve-2021-4104: investigated: false @@ -89093,41 +94908,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All versions - cve-2021-45046: investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://support.techsoftware.com/hc/en-us/articles/4412825948179 - notes: OneAegis does not use Log4j. - references: - - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Tech Software - product: SMART - cves: - cve-2021-4104: - investigated: false - affected_versions: [] + affected_versions: + - All fixed_versions: [] unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All versions cve-2021-45046: investigated: false affected_versions: [] @@ -89139,13 +94924,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.techsoftware.com/hc/en-us/articles/4412825948179 - notes: SMART does not use Log4j. + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Tech Software - product: Study Binders + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: ARIA Connect (Cloverleaf) cves: cve-2021-4104: investigated: false @@ -89157,7 +94942,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - All cve-2021-45046: investigated: false affected_versions: [] @@ -89169,13 +94954,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.techsoftware.com/hc/en-us/articles/4412825948179 - notes: Study Binders does not use Log4j. + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: TechSmith - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: ARIA eDOC cves: cve-2021-4104: investigated: false @@ -89183,10 +94968,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -89198,13 +94984,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.techsmith.com/hc/en-us/articles/4416620527885?input_string=log4j + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Telestream - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: ARIA oncology information system for Medical Oncology cves: cve-2021-4104: investigated: false @@ -89212,10 +94998,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -89227,13 +95014,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - http://www.telestream.net/telestream-support/Apache-Log4j2-Bulletin.htm + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Tenable - product: Tenable.io / Nessus + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: ARIA oncology information system for Radiation Oncology cves: cve-2021-4104: investigated: false @@ -89241,10 +95028,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -89256,14 +95044,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.tenable.com/log4j - notes: None of Tenable’s products are running the version of Log4j vulnerable - to CVE-2021-44228 or CVE-2021-45046 at this time + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Thales - product: CADP/SafeNet Protect App (PA) - JCE + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: ARIA Radiation Therapy Management System (RTM) cves: cve-2021-4104: investigated: false @@ -89271,10 +95058,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -89286,13 +95074,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: CipherTrust Application Data Protection (CADP) – CAPI.net & Net Core + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: Bravos Console cves: cve-2021-4104: investigated: false @@ -89300,10 +95088,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -89315,13 +95104,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: CipherTrust Batch Data Transformation (BDT) 2.3 + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: Clinac cves: cve-2021-4104: investigated: false @@ -89330,7 +95119,8 @@ software: unaffected_versions: [] cve-2021-44228: investigated: false - affected_versions: [] + affected_versions: + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -89344,13 +95134,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: CipherTrust Cloud Key Manager (CCKM) Appliance + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: Cloud Planner cves: cve-2021-4104: investigated: false @@ -89358,10 +95148,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -89373,13 +95164,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: CipherTrust Cloud Key Manager (CCKM) Embedded + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: DITC cves: cve-2021-4104: investigated: false @@ -89388,7 +95179,8 @@ software: unaffected_versions: [] cve-2021-44228: investigated: false - affected_versions: [] + affected_versions: + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -89402,13 +95194,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: CipherTrust Database Protection + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: DoseLab cves: cve-2021-4104: investigated: false @@ -89416,10 +95208,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -89431,13 +95224,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: CipherTrust Manager + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: Eclipse treatment planning software cves: cve-2021-4104: investigated: false @@ -89445,10 +95238,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -89460,13 +95254,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: CipherTrust Transparent Encryption (CTE/VTE/CTE-U) + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: ePeerReview cves: cve-2021-4104: investigated: false @@ -89475,7 +95269,8 @@ software: unaffected_versions: [] cve-2021-44228: investigated: false - affected_versions: [] + affected_versions: + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -89489,13 +95284,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: CipherTrust Vaulted Tokenization (CT-V) / SafeNet Tokenization Manager + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: Ethos cves: cve-2021-4104: investigated: false @@ -89503,10 +95298,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -89518,13 +95314,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: CipherTrust Vaultless Tokenization (CTS, CT-VL) + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: FullScale oncology IT solutions cves: cve-2021-4104: investigated: false @@ -89533,7 +95329,8 @@ software: unaffected_versions: [] cve-2021-44228: investigated: false - affected_versions: [] + affected_versions: + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -89547,13 +95344,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: CipherTrust/SafeNet PDBCTL + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: Halcyon system cves: cve-2021-4104: investigated: false @@ -89562,7 +95359,8 @@ software: unaffected_versions: [] cve-2021-44228: investigated: false - affected_versions: [] + affected_versions: + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -89576,13 +95374,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: Crypto Command Center (CCC) + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: ICAP cves: cve-2021-4104: investigated: false @@ -89590,10 +95388,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -89605,13 +95404,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: Data Protection on Demand + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: Identify cves: cve-2021-4104: investigated: false @@ -89619,10 +95418,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -89634,13 +95434,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: Data Security Manager (DSM) + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: Information Exchange Manager (IEM) cves: cve-2021-4104: investigated: false @@ -89648,10 +95448,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -89663,13 +95464,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: KeySecure + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: InSightive Analytics cves: cve-2021-4104: investigated: false @@ -89678,7 +95479,8 @@ software: unaffected_versions: [] cve-2021-44228: investigated: false - affected_versions: [] + affected_versions: + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -89692,13 +95494,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: Luna EFT + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: Large Integrated Oncology Network (LION) cves: cve-2021-4104: investigated: false @@ -89706,10 +95508,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -89721,13 +95524,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: Luna Network, PCIe, Luna USB HSM and backup devices + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: Mobius3D platform cves: cve-2021-4104: investigated: false @@ -89735,10 +95538,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -89750,13 +95554,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: Luna SP + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: PaaS cves: cve-2021-4104: investigated: false @@ -89764,10 +95568,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -89779,13 +95584,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: payShield Monitor + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: ProBeam cves: cve-2021-4104: investigated: false @@ -89793,10 +95598,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -89808,13 +95614,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: ProtectServer HSMs + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: Qumulate cves: cve-2021-4104: investigated: false @@ -89822,10 +95628,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -89837,13 +95644,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: SafeNet Authentication Client + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: Real-time Position Management (RPM) cves: cve-2021-4104: investigated: false @@ -89851,10 +95658,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -89866,13 +95674,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: SafeNet eToken (all products) + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: Respiratory Gating for Scanners (RGSC) cves: cve-2021-4104: investigated: false @@ -89880,10 +95688,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -89895,13 +95704,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: SafeNet IDPrime Virtual + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: SmartConnect solution cves: cve-2021-4104: investigated: false @@ -89909,8 +95718,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -89924,13 +95734,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 - notes: '' + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + notes: 'See Knowledge Article: 000038850 on MyVarian' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: SafeNet IDPrime(all products) + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: SmartConnect solution Policy Server cves: cve-2021-4104: investigated: false @@ -89938,8 +95748,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -89953,13 +95764,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 - notes: '' + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + notes: 'See Knowledge Articles: 000038831 and 000038832 on MyVarian' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: SafeNet LUKS + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: TrueBeam radiotherapy system cves: cve-2021-4104: investigated: false @@ -89967,10 +95778,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -89982,13 +95794,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: SafeNet PKCS#11 and TDE + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: UNIQUE system cves: cve-2021-4104: investigated: false @@ -89997,7 +95809,8 @@ software: unaffected_versions: [] cve-2021-44228: investigated: false - affected_versions: [] + affected_versions: + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -90011,13 +95824,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: SafeNet ProtectApp (PA) CAPI, .Net & Net Core + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: Varian Authentication and Identity Server (VAIS) cves: cve-2021-4104: investigated: false @@ -90025,10 +95838,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -90040,13 +95854,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: SafeNet ProtectDB (PDB) + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: Varian Managed Services Cloud cves: cve-2021-4104: investigated: false @@ -90055,7 +95869,8 @@ software: unaffected_versions: [] cve-2021-44228: investigated: false - affected_versions: [] + affected_versions: + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -90069,13 +95884,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: Safenet ProtectFile and ProtectFile- Fuse + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: Varian Mobile App cves: cve-2021-4104: investigated: false @@ -90083,10 +95898,12 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '2.0' + - '2.5' cve-2021-45046: investigated: false affected_versions: [] @@ -90098,13 +95915,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: SafeNet ProtectV + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: VariSeed cves: cve-2021-4104: investigated: false @@ -90112,10 +95929,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -90127,13 +95945,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: SafeNet SQL EKM + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: Velocity cves: cve-2021-4104: investigated: false @@ -90141,10 +95959,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -90156,13 +95975,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: SafeNet Transform Utility (TU) + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: VitalBeam radiotherapy system cves: cve-2021-4104: investigated: false @@ -90170,10 +95989,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -90185,13 +96005,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: SafeNet Trusted Access (STA) + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: Vitesse cves: cve-2021-4104: investigated: false @@ -90199,10 +96019,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -90214,13 +96035,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: SafeNet Vaultless Tokenization + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: XMediusFax for ARIA oncology information system for Medical Oncology cves: cve-2021-4104: investigated: false @@ -90229,7 +96050,8 @@ software: unaffected_versions: [] cve-2021-44228: investigated: false - affected_versions: [] + affected_versions: + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -90243,13 +96065,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: SAS on Prem (SPE/PCE) + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: XMediusFax for ARIA oncology information system for Radiation Oncology cves: cve-2021-4104: investigated: false @@ -90258,7 +96080,8 @@ software: unaffected_versions: [] cve-2021-44228: investigated: false - affected_versions: [] + affected_versions: + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -90272,13 +96095,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: Sentinel Connect + last_updated: '2021-12-22T00:00:00' + - vendor: VArmour + product: '' cves: cve-2021-4104: investigated: false @@ -90301,13 +96124,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://support.varmour.com/hc/en-us/articles/4416396248717-Log4j2-Emergency-Configuration-Change-for-Critical-Auth-Free-Code-Execution-in-Logging-Utility notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: Sentinel EMS Enterprise aaS + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Varnish Software + product: '' cves: cve-2021-4104: investigated: false @@ -90330,13 +96153,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://docs.varnish-software.com/security/CVE-2021-44228-45046/ notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: Sentinel EMS Enterprise OnPremise + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Varonis + product: '' cves: cve-2021-4104: investigated: false @@ -90359,13 +96182,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://help.varonis.com/s/article/Apache-Log4j-Zero-Day-Vulnerability-CVE-2021-44228 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: Sentinel Envelope + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Veeam + product: '' cves: cve-2021-4104: investigated: false @@ -90388,13 +96211,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.veeam.com/kb4254 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: Sentinel ESDaaS + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Venafi + product: '' cves: cve-2021-4104: investigated: false @@ -90417,13 +96240,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://support.venafi.com/hc/en-us/articles/4416213022733-Log4j-Zero-Day-Vulnerability-notice notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: Sentinel HASP, Legacy dog, Maze, Hardlock + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Veritas NetBackup + product: '' cves: cve-2021-4104: investigated: false @@ -90446,13 +96269,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.veritas.com/content/support/en_US/article.100052070 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: Sentinel LDK EMS (LDK-EMS) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Vertica + product: '' cves: cve-2021-4104: investigated: false @@ -90475,43 +96298,43 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://forum.vertica.com/discussion/242512/vertica-security-bulletin-a-potential-vulnerability-has-been-identified-apache-log4j-library-used notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: Sentinel LDKaas (LDK-EMS) + last_updated: '2022-01-12T07:18:56+00:00' + - vendor: Video Insight Inc. + product: Video Insight cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 - notes: '' + - https://i-pro.com/eu/en/surveillance/news/i-pro-products-and-log4j-2x-vulnerability + notes: Video Insight is a part of Panasonic I-Pro. references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: Sentinel Professional Services components (both Thales hosted & hosted - on-premises by customers) + last_updated: '2022-01-19T00:00:00' + - vendor: Viso Trust + product: '' cves: cve-2021-4104: investigated: false @@ -90534,13 +96357,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://blog.visotrust.com/viso-trust-statement-re-cve-2021-44228-log4j-a4b9b5767492 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: Sentinel RMS + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: VMware + product: API Portal for VMware Tanzu cves: cve-2021-4104: investigated: false @@ -90548,8 +96371,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 1.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -90563,13 +96387,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: Sentinel SCL + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: App Metrics cves: cve-2021-4104: investigated: false @@ -90577,8 +96401,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 2.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -90592,13 +96417,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: Sentinel Superdog, SuperPro, UltraPro, SHK + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: Healthwatch for Tanzu Application Service cves: cve-2021-4104: investigated: false @@ -90606,8 +96431,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 2.x + - 1.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -90621,13 +96448,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: Sentinel Up + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: Single Sign-On for VMware Tanzu Application Service cves: cve-2021-4104: investigated: false @@ -90635,8 +96462,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 1.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -90650,13 +96478,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: Thales Data Platform (TDP)(DDC) + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: Spring Cloud Gateway for Kubernetes cves: cve-2021-4104: investigated: false @@ -90664,8 +96492,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 1.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -90679,13 +96508,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: Thales payShield 10k + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: Spring Cloud Gateway for VMware Tanzu cves: cve-2021-4104: investigated: false @@ -90693,8 +96522,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 1.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -90708,13 +96538,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: Thales payShield 9000 + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: Spring Cloud Services for VMware Tanzu cves: cve-2021-4104: investigated: false @@ -90722,8 +96552,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 3.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -90737,13 +96568,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: Thales payShield Manager + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: vCenter Server - OVA cves: cve-2021-4104: investigated: false @@ -90751,8 +96582,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 7.x + - 6.7.x + - 6.5.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -90766,13 +96600,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 - notes: '' + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + notes: '[Workaround @ KB87081 (vmware.com)](https://kb.vmware.com/s/article/87081 + )' references: - '' last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: Vormetirc Key Manager (VKM) + - vendor: VMware + product: vCenter Server - Windows cves: cve-2021-4104: investigated: false @@ -90780,8 +96615,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 6.7.x + - 6.5.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -90795,13 +96632,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 - notes: '' + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + notes: '[Workaround @ KB87096 (vmware.com)](https://kb.vmware.com/s/article/87096 + )' references: - '' last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: Vormetric Application Encryption (VAE) + - vendor: VMware + product: VMware Carbon Black Cloud Workload Appliance cves: cve-2021-4104: investigated: false @@ -90809,8 +96647,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 1.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -90824,13 +96663,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: Vormetric Protection for Terradata Database (VPTD) + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: VMware Carbon Black EDR Server cves: cve-2021-4104: investigated: false @@ -90838,8 +96677,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 7.x + - 6.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -90853,13 +96694,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: Vormetric Tokenization Server (VTS) + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: VMware Cloud Foundation cves: cve-2021-4104: investigated: false @@ -90867,8 +96708,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 4.x + - 3.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -90882,13 +96725,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thermo Fisher Scientific - product: '' + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: VMware HCX cves: cve-2021-4104: investigated: false @@ -90896,8 +96739,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 4.x + - 3.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -90911,13 +96756,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://corporate.thermofisher.com/us/en/index/about/information-security/Protecting-Our-Products.html + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Thermo-Calc - product: Thermo-Calc + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: VMware Horizon cves: cve-2021-4104: investigated: false @@ -90926,10 +96771,11 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 8.x + - 7.x fixed_versions: [] - unaffected_versions: - - 2022a + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -90941,13 +96787,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://thermocalc.com/blog/thermo-calc-response-to-apache-log4j-2-vulnerability/ - notes: Use the program as normal, Install the 2022a patch when available + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + notes: '' references: - - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Thermo-Calc - product: Thermo-Calc + - '[VMware KB 87073 (vmware.com)](https://kb.vmware.com/s/article/87073)' + last_updated: '2021-12-17T00:00:00' + - vendor: VMware + product: VMware Horizon Cloud Connector cves: cve-2021-4104: investigated: false @@ -90956,10 +96802,11 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 1.x + - 2.x fixed_versions: [] - unaffected_versions: - - 2021b + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -90971,13 +96818,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://thermocalc.com/blog/thermo-calc-response-to-apache-log4j-2-vulnerability/ - notes: Use the program as normal + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Thermo-Calc - product: Thermo-Calc + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: VMware Horizon DaaS cves: cve-2021-4104: investigated: false @@ -90986,10 +96833,11 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 9.1.x + - 9.0.x fixed_versions: [] - unaffected_versions: - - 2018b to 2021a + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -91001,14 +96849,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://thermocalc.com/blog/thermo-calc-response-to-apache-log4j-2-vulnerability/ - notes: Use the program as normal, delete the Log4j 2 files in the program installation - if required, see advisory for instructions. + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Thermo-Calc - product: Thermo-Calc + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: VMware Identity Manager cves: cve-2021-4104: investigated: false @@ -91017,10 +96864,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 3.3.x fixed_versions: [] - unaffected_versions: - - 2018a and earlier + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -91032,13 +96879,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://thermocalc.com/blog/thermo-calc-response-to-apache-log4j-2-vulnerability/ - notes: Use the program as normal + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Thomson Reuters - product: HighQ Appliance + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: VMware NSX-T Data Centern cves: cve-2021-4104: investigated: false @@ -91048,7 +96895,8 @@ software: cve-2021-44228: investigated: true affected_versions: - - <3.5 + - 3.x + - 2.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -91062,15 +96910,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://highqsolutions.zendesk.com - notes: Reported by vendor - Documentation is in vendor's client portal (login - required). This advisory is available to customer only and has not been reviewed - by CISA. + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: ThreatLocker - product: '' + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: VMware Site Recovery Manager cves: cve-2021-4104: investigated: false @@ -91078,8 +96924,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 8.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -91093,13 +96940,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://threatlocker.kb.help/log4j-vulnerability/ + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: ThycoticCentrify - product: Account Lifecycle Manager + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: VMware Tanzu Application Service for VMs cves: cve-2021-4104: investigated: false @@ -91108,10 +96955,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 2.x fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -91123,13 +96970,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.thycotic.com/bulletins/current/2021/cve-2021-44228-exploit.md + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2021-12-10T00:00:00' - - vendor: ThycoticCentrify - product: Cloud Suite + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: VMware Tanzu GemFire cves: cve-2021-4104: investigated: false @@ -91138,10 +96985,11 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 9.x + - 8.x fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -91153,13 +97001,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.thycotic.com/bulletins/current/2021/cve-2021-44228-exploit.md + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2021-12-10T00:00:00' - - vendor: ThycoticCentrify - product: Connection Manager + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: VMware Tanzu Greenplum cves: cve-2021-4104: investigated: false @@ -91168,10 +97016,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 6.x fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -91183,13 +97031,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.thycotic.com/bulletins/current/2021/cve-2021-44228-exploit.md + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2021-12-10T00:00:00' - - vendor: ThycoticCentrify - product: DevOps Secrets Vault + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: VMware Tanzu Kubernetes Grid Integrated Edition cves: cve-2021-4104: investigated: false @@ -91198,10 +97046,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 1.x fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -91213,13 +97061,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.thycotic.com/bulletins/current/2021/cve-2021-44228-exploit.md + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2021-12-10T00:00:00' - - vendor: ThycoticCentrify - product: Password Reset Server + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: VMware Tanzu Observability by Wavefront Nozzle cves: cve-2021-4104: investigated: false @@ -91228,10 +97076,11 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 3.x + - 2.x fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -91243,13 +97092,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.thycotic.com/bulletins/current/2021/cve-2021-44228-exploit.md + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2021-12-10T00:00:00' - - vendor: ThycoticCentrify - product: Privilege Manager + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: VMware Tanzu Operations Manager cves: cve-2021-4104: investigated: false @@ -91258,10 +97107,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 2.x fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -91273,13 +97122,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.thycotic.com/bulletins/current/2021/cve-2021-44228-exploit.md + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2021-12-10T00:00:00' - - vendor: ThycoticCentrify - product: Privileged Behavior Analytics + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: VMware Tanzu SQL with MySQL for VMs cves: cve-2021-4104: investigated: false @@ -91288,10 +97137,11 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 2.x + - 1.x fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -91303,13 +97153,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.thycotic.com/bulletins/current/2021/cve-2021-44228-exploit.md + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2021-12-10T00:00:00' - - vendor: ThycoticCentrify - product: Secret Server + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: VMware Telco Cloud Automation cves: cve-2021-4104: investigated: false @@ -91318,10 +97168,11 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 2.x + - 1.x fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -91333,13 +97184,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.thycotic.com/bulletins/current/2021/cve-2021-44228-exploit.md + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2021-12-10T00:00:00' - - vendor: ThycoticCentrify - product: Server Suite + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: VMware Unified Access Gateway cves: cve-2021-4104: investigated: false @@ -91348,10 +97199,12 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 21.x + - 20.x + - 3.x fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -91363,13 +97216,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.thycotic.com/bulletins/current/2021/cve-2021-44228-exploit.md + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2021-12-10T00:00:00' - - vendor: Tibco - product: '' + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: VMware vCenter Cloud Gateway cves: cve-2021-4104: investigated: false @@ -91377,8 +97230,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 1.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -91392,13 +97246,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.tibco.com/support/notices/2021/12/apache-log4j-vulnerability-update + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Top Gun Technology (TGT) - product: '' + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: VMware vRealize Automation cves: cve-2021-4104: investigated: false @@ -91406,8 +97260,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 8.x + - 7.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -91421,13 +97277,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.topgun-tech.com/technical-bulletin-apache-software-log4j-security-vulnerability-cve-2021-44228/ + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: TopDesk - product: '' + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: VMware vRealize Lifecycle Manager cves: cve-2021-4104: investigated: false @@ -91435,8 +97291,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 8.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -91450,13 +97307,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.topdesk.com/tas/public/ssp/content/detail/knowledgeitem?unid=74952771dfab4b0794292e63b0409314 + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Topicus Security - product: Topicus KeyHub + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: VMware vRealize Log Insight cves: cve-2021-4104: investigated: false @@ -91465,10 +97322,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 8.x fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -91480,13 +97337,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.topicus-keyhub.com/topicus-keyhub-is-not-vulnerable-to-cve-2021-44228/ + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Topix - product: '' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: VMware vRealize Operations cves: cve-2021-4104: investigated: false @@ -91494,8 +97351,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 8.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -91509,13 +97367,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.topix.de/de/technik/systemfreigaben.html + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Tosibox - product: '' + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: VMware vRealize Operations Cloud Proxy cves: cve-2021-4104: investigated: false @@ -91523,8 +97381,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - Any fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -91538,13 +97397,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://helpdesk.tosibox.com/support/solutions/articles/2100050946-security-advisory-on-vulnerability-in-apache-log4j-library-cve-2021-44228 + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: TPLink - product: Omega Controller + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: VMware vRealize Orchestrator cves: cve-2021-4104: investigated: false @@ -91554,7 +97413,8 @@ software: cve-2021-44228: investigated: true affected_versions: - - Linux/Windows(all) + - 8.x + - 7.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -91568,15 +97428,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.tp-link.com/us/support/faq/3255 - notes: 'Update is Beta. Reddit: overwritten vulnerable log4j with 2.15 files as - potential workaround. Though that should now be done with 2.16' + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + notes: '' references: - - '[Tp Community Link](https://community.tp-link.com/en/business/forum/topic/514452),[Reddit - Link](https://www.reddit.com/r/TPLink_Omada/comments/rdzvlp/updating_the_sdn_to_protect_against_the_log4j)' - last_updated: '2021-12-15T00:00:00' - - vendor: TrendMicro - product: All + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: VMware Workspace ONE Access cves: cve-2021-4104: investigated: false @@ -91584,8 +97442,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 21.x + - 20.10.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -91599,13 +97459,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://success.trendmicro.com/solution/000289940 + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Tricentis Tosca - product: '' + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: VMware Workspace ONE Access Connector (VMware Identity Manager Connector) cves: cve-2021-4104: investigated: false @@ -91613,8 +97473,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 21.x + - 20.10.x + - 19.03.0.1 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -91628,13 +97491,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support-hub.tricentis.com/open?number=NEW0001148&id=post + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Tridium - product: '' + last_updated: '2021-12-12T00:00:00' + - vendor: VTScada + product: All cves: cve-2021-4104: investigated: '' @@ -91642,10 +97505,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: '' + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -91657,14 +97521,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.niagara-community.com/bundle/TechBulletin2021/resource/Dec_13_2021_NiagaraNotExposed_Apache_log4j.pdf - notes: Document access requires authentication. CISA is not able to validate vulnerability - status. + - https://www.vtscada.com/vtscada-unaffected-by-log4j/ + notes: Java is not utilized within VTScada software, and thus our users are unaffected. references: - '' - last_updated: '2022-01-19T00:00:00' - - vendor: Trimble - product: eCognition + last_updated: '2022-01-17T00:00:00' + - vendor: Vyaire + product: '' cves: cve-2021-4104: investigated: false @@ -91672,9 +97535,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 10.2.0 Build 4618 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -91687,14 +97549,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] - notes: Remediation steps provided by Trimble + vendor_links: + - https://www.vyaire.com/sites/us/files/2021-12/2021-12-15-product-security-bulletin-for-log4shell-vulnerability.pdf + notes: '' references: - '' - last_updated: '2021-12-23T00:00:00' - - vendor: Tripp Lite - product: LX Platform devices (includes WEBCARDLX, WEBCARDLXMINI, SRCOOLNETLX, - SRCOOLNET2LX and devices with pre-installed or embedded WEBCARDLX interfaces) + last_updated: '2021-12-22T00:00:00' + - vendor: WAGO + product: WAGO Smart Script cves: cve-2021-4104: investigated: false @@ -91702,9 +97564,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 4.2.x < 4.8.1.3 unaffected_versions: [] cve-2021-45046: investigated: false @@ -91717,13 +97580,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf + - https://www.wago.com/de/automatisierungstechnik/psirt#log4j notes: '' references: - '' - last_updated: '2022-01-04T00:00:00' - - vendor: Tripp Lite - product: PowerAlert Local (PAL) + last_updated: '2021-12-17T00:00:00' + - vendor: Wallarm + product: All cves: cve-2021-4104: investigated: false @@ -91746,14 +97609,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf - notes: Some versions of PAL use log4j v1 which is NOT AFFECTED by the CVE-2021-44228 - vulnerability. + - https://lab.wallarm.com/cve-2021-44228-mitigation-update/ + notes: '' references: - '' - last_updated: '2022-01-04T00:00:00' - - vendor: Tripp Lite - product: PowerAlert Network Management System (PANMS) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Wallix + product: Access Manager cves: cve-2021-4104: investigated: false @@ -91761,9 +97623,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -91776,14 +97639,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf - notes: Some versions of PAL use log4j v1 which is NOT AFFECTED by the CVE-2021-44228 - vulnerability. + - https://www.wallix.com/fr/support/alerts/ + notes: Customer Portal for patch found in advisory. This patch is available to + customer only and has not been reviewed by CISA. references: - '' - last_updated: '2022-01-04T00:00:00' - - vendor: Tripp Lite - product: PowerAlert Network Shutdown Agent (PANSA) + - vendor: Wasp Barcode technologies + product: All cves: cve-2021-4104: investigated: false @@ -91806,14 +97668,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf - notes: Some versions of PANSA use log4j v1 which is NOT AFFECTED by the CVE-2021-44228 - vulnerability. + - https://support.waspbarcode.com/kb/articles/assetcloud-inventorycloud-are-they-affected-by-the-java-exploit-log4j-no + notes: '' references: - '' - last_updated: '2022-01-04T00:00:00' - - vendor: Tripp Lite - product: PowerAlertElement Manager (PAEM) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Watcher + product: All cves: cve-2021-4104: investigated: false @@ -91822,10 +97683,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 1.0.0 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -91837,15 +97698,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf - notes: Tripp Lite will soon be issuing a patch in the form of PAEM 1.0.1 which - will contain a patched version of Log4j2 + - https://twitter.com/felix_hrn/status/1470387338001977344 + notes: '' references: - '' - last_updated: '2022-01-04T00:00:00' - - vendor: Tripp Lite - product: SNMPWEBCARD, SRCOOLNET, SRCOOLNET2 and devices with pre-installed or - embedded SNMPWEBCARD + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: WatchGuard + product: AuthPoint cves: cve-2021-4104: investigated: false @@ -91853,9 +97712,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - Cloud unaffected_versions: [] cve-2021-45046: investigated: false @@ -91868,13 +97728,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf + - https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US notes: '' references: - '' - last_updated: '2022-01-04T00:00:00' - - vendor: Tripp Lite - product: TLNETCARD and associated software + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: WatchGuard + product: Dimension cves: cve-2021-4104: investigated: false @@ -91882,10 +97742,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -91897,13 +97758,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf + - https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US notes: '' references: - '' - last_updated: '2022-01-04T00:00:00' - - vendor: Tripwire - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: WatchGuard + product: EDPR and Panda AD360 cves: cve-2021-4104: investigated: false @@ -91911,10 +97772,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -91926,13 +97788,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.tripwire.com/log4j + - https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: TrueNAS - product: '' + - vendor: WatchGuard + product: Firebox cves: cve-2021-4104: investigated: false @@ -91940,10 +97802,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -91955,13 +97818,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.truenas.com/community/threads/log4j-vulnerability.97359/post-672559 + - https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Tufin - product: '' + - vendor: WatchGuard + product: System Manager, Dimension, and Panda AD360 cves: cve-2021-4104: investigated: false @@ -91969,10 +97832,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -91984,13 +97848,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://portal.tufin.com/articles/SecurityAdvisories/Apache-Log4Shell-Vulnerability-12-12-2021 + - https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: TYPO3 - product: '' + - vendor: WatchGuard + product: Threat Detection and Response cves: cve-2021-4104: investigated: false @@ -91998,9 +97862,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - Cloud unaffected_versions: [] cve-2021-45046: investigated: false @@ -92013,13 +97878,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://typo3.org/article/typo3-psa-2021-004 + - https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Ubiquiti - product: UniFi Network Application + - vendor: WatchGuard + product: Wi-Fi Cloud cves: cve-2021-4104: investigated: false @@ -92028,9 +97893,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 6.5.53 & lower versions - fixed_versions: [] + affected_versions: [] + fixed_versions: + - Cloud unaffected_versions: [] cve-2021-45046: investigated: false @@ -92043,13 +97908,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.ui.com/releases/UniFi-Network-Application-6-5-54/d717f241-48bb-4979-8b10-99db36ddabe1 + - https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Ubiquiti - product: UniFi Network Controller + - vendor: Western Digital + product: '' cves: cve-2021-4104: investigated: false @@ -92057,9 +97922,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 6.5.54 & lower versions + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -92073,14 +97937,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.ui.com/releases/UniFi-Network-Application-6-5-55/48c64137-4a4a-41f7-b7e4-3bee505ae16e + - https://www.westerndigital.com/support/product-security/wdc-21016-apache-log4j-2-remote-code-execution-vulnerability-analysis notes: '' references: - - 6.5.54 is reported to still be vulnerable. 6.5.55 is the new recommendation - for mitigatin log4j vulnerabilities by updating to log4j 2.16.0 - last_updated: '2021-12-15T00:00:00' - - vendor: Ubuntu - product: '' + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: WIBU Systems + product: CodeMeter Cloud Lite cves: cve-2021-4104: investigated: false @@ -92088,9 +97951,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 2.2 and prior unaffected_versions: [] cve-2021-45046: investigated: false @@ -92103,13 +97967,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://ubuntu.com/security/CVE-2021-44228 + - https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-211213-01.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: UiPath - product: InSights + last_updated: '2021-12-22T00:00:00' + - vendor: WIBU Systems + product: CodeMeter Keyring for TIA Portal cves: cve-2021-4104: investigated: false @@ -92118,9 +97982,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '20.10' - fixed_versions: [] + affected_versions: [] + fixed_versions: + - 1.30 and prior unaffected_versions: [] cve-2021-45046: investigated: false @@ -92133,194 +97997,224 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.uipath.com/legal/trust-and-security/cve-2021-44228 - notes: '' + - https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-211213-01.pdf + notes: Only the Password Manager is affected references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Umbraco - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: WildFly + product: All cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - < 22 + - '> 26.0.0.Final' + - '>= 22' + - <= 26.0.0.Beta1 cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All vendor_links: - - https://umbraco.com/blog/security-advisory-december-15-2021-umbraco-cms-and-cloud-not-affected-by-cve-2021-44228-log4j-rce-0-day-mitigation/ + - https://www.wildfly.org/news/2021/12/13/Log4j-CVEs/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: UniFlow - product: '' + last_updated: '2022-01-21T00:00:00' + - vendor: Wind River + product: LTS17 cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All vendor_links: - - https://www.uniflow.global/en/security/security-and-maintenance/ + - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Unify ATOS - product: '' + last_updated: '2022-01-21T00:00:00' + - vendor: Wind River + product: LTS18 cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All vendor_links: - - https://networks.unify.com/security/advisories/OBSO-2112-01.pdf + - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Unimus - product: '' + last_updated: '2022-01-21T00:00:00' + - vendor: Wind River + product: LTS19 cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All vendor_links: - - https://forum.unimus.net/viewtopic.php?f=7&t=1390#top + - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: USSIGNAL MSP - product: '' + last_updated: '2022-01-21T00:00:00' + - vendor: Wind River + product: LTS21 cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All vendor_links: - - https://ussignal.com/blog/apache-log4j-vulnerability + - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Varian - product: Acuity + - vendor: Wind River + product: WRL-6 cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: + unaffected_versions: - All + cve-2021-44228: + investigated: true + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities - notes: '' + - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 + notes: The Wind River Linux Product Versions 8.0 and prior contains the log4j1.2 + and JMSAppender components, however, JMSAppender is deactivated in the release + package and not affected by CVE-2021-4104 customers are advised to NOT manually + activate the JMSAppender component. references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: ARIA Connect (Cloverleaf) + last_updated: '2022-01-21T00:00:00' + - vendor: Wind River + product: WRL-7 cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-44228: investigated: true affected_versions: [] @@ -92328,29 +98222,35 @@ software: unaffected_versions: - All cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities - notes: '' + - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 + notes: The Wind River Linux Product Versions 8.0 and prior contains the log4j1.2 + and JMSAppender components, however, JMSAppender is deactivated in the release + package and not affected by CVE-2021-4104 customers are advised to NOT manually + activate the JMSAppender component. references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: ARIA eDOC + last_updated: '2022-01-21T00:00:00' + - vendor: Wind River + product: WRL-8 cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-44228: investigated: true affected_versions: [] @@ -92358,29 +98258,35 @@ software: unaffected_versions: - All cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities - notes: '' + - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 + notes: The Wind River Linux Product Versions 8.0 and prior contains the log4j1.2 + and JMSAppender components, however, JMSAppender is deactivated in the release + package and not affected by CVE-2021-4104 customers are advised to NOT manually + activate the JMSAppender component. references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: ARIA oncology information system for Medical Oncology + last_updated: '2022-01-21T00:00:00' + - vendor: Wind River + product: WRL-9 cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-44228: investigated: true affected_versions: [] @@ -92388,23 +98294,25 @@ software: unaffected_versions: - All cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: ARIA oncology information system for Radiation Oncology + last_updated: '2022-01-21T00:00:00' + - vendor: WireShark + product: All cves: cve-2021-4104: investigated: false @@ -92416,7 +98324,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -92428,13 +98336,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://www.wireshark.org/news/20211215.html notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: ARIA Radiation Therapy Management System (RTM) + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Wistia + product: All cves: cve-2021-4104: investigated: false @@ -92442,11 +98350,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -92458,13 +98365,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://status.wistia.com/incidents/jtg0dfl5l224 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: Bravos Console + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: WitFoo + product: Precinct cves: cve-2021-4104: investigated: false @@ -92472,11 +98379,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All + fixed_versions: + - 6.x + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -92488,13 +98395,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities - notes: '' + - https://www.witfoo.com/blog/emergency-update-for-cve-2021-44228-log4j/ + notes: WitFoo Streamer & Apache Kafka Docker containers are/were vulnerable. See + advisory. references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: Clinac + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: WordPress + product: All cves: cve-2021-4104: investigated: false @@ -92502,11 +98410,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: - - All + investigated: true + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -92518,13 +98426,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://wordpress.org/support/topic/is-the-log4j-vulnerability-an-issue/ notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: Cloud Planner + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Worksphere + product: All cves: cve-2021-4104: investigated: false @@ -92532,11 +98440,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -92548,13 +98455,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://www.worksphere.com/product/security-update-on-log4j-cve-2021-44228 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: DITC + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Wowza + product: Streaming Engine cves: cve-2021-4104: investigated: false @@ -92562,10 +98469,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: - - All - fixed_versions: [] + investigated: true + affected_versions: [] + fixed_versions: + - 4.7.8 + - 4.8.x unaffected_versions: [] cve-2021-45046: investigated: false @@ -92578,13 +98486,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://www.wowza.com/docs/known-issues-with-wowza-streaming-engine#log4j2-cve notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: DoseLab + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: WSO2 + product: API Manager cves: cve-2021-4104: investigated: false @@ -92594,9 +98502,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All + fixed_versions: + - '>= 3.0.0' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -92608,13 +98516,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities - notes: '' + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: Eclipse treatment planning software + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: API Manager Analytics cves: cve-2021-4104: investigated: false @@ -92624,9 +98532,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All + fixed_versions: + - '>= 2.6.0' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -92638,13 +98546,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities - notes: '' + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: ePeerReview + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Enterprise Integrator cves: cve-2021-4104: investigated: false @@ -92652,10 +98560,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: - - All - fixed_versions: [] + investigated: true + affected_versions: [] + fixed_versions: + - '>= 6.1.0' unaffected_versions: [] cve-2021-45046: investigated: false @@ -92668,13 +98576,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities - notes: '' + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: Ethos + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Enterprise Integrator Analytics cves: cve-2021-4104: investigated: false @@ -92684,9 +98592,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All + fixed_versions: + - '>= 6.6.0' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -92698,13 +98606,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities - notes: '' + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: FullScale oncology IT solutions + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Identity Server cves: cve-2021-4104: investigated: false @@ -92712,10 +98620,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: - - All - fixed_versions: [] + investigated: true + affected_versions: [] + fixed_versions: + - '>= 5.9.0' unaffected_versions: [] cve-2021-45046: investigated: false @@ -92728,13 +98636,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities - notes: '' + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: Halcyon system + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Identity Server Analytics cves: cve-2021-4104: investigated: false @@ -92742,10 +98650,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: - - All - fixed_versions: [] + investigated: true + affected_versions: [] + fixed_versions: + - '>= 5.7.0' unaffected_versions: [] cve-2021-45046: investigated: false @@ -92758,13 +98666,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities - notes: '' + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: ICAP + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Identity Server as Key Manager cves: cve-2021-4104: investigated: false @@ -92774,9 +98682,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All + fixed_versions: + - '>= 5.9.0' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -92788,13 +98696,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities - notes: '' + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: Identify + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Micro Gateway cves: cve-2021-4104: investigated: false @@ -92804,9 +98712,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All + fixed_versions: + - '>= 3.2.0' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -92818,13 +98726,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities - notes: '' + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: Information Exchange Manager (IEM) + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Micro Integrator cves: cve-2021-4104: investigated: false @@ -92834,9 +98742,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All + fixed_versions: + - '>= 1.1.0' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -92848,13 +98756,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities - notes: '' + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: InSightive Analytics + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Micro Integrator Dashboard cves: cve-2021-4104: investigated: false @@ -92862,10 +98770,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: - - All - fixed_versions: [] + investigated: true + affected_versions: [] + fixed_versions: + - '>= 4.0.0' unaffected_versions: [] cve-2021-45046: investigated: false @@ -92878,13 +98786,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities - notes: '' + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: Large Integrated Oncology Network (LION) + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Micro Integrator Monitoring Dashboard cves: cve-2021-4104: investigated: false @@ -92894,9 +98802,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All + fixed_versions: + - '>= 1.0.0' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -92908,13 +98816,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities - notes: '' + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: Mobius3D platform + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Open Banking AM cves: cve-2021-4104: investigated: false @@ -92924,9 +98832,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All + fixed_versions: + - '>= 2.0.0' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -92938,13 +98846,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities - notes: '' + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: PaaS + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Open Banking BI cves: cve-2021-4104: investigated: false @@ -92954,9 +98862,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All + fixed_versions: + - '>= 1.3.0' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -92968,13 +98876,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities - notes: '' + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: ProBeam + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Open Banking KM cves: cve-2021-4104: investigated: false @@ -92984,9 +98892,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All + fixed_versions: + - '>= 2.0.0' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -92998,13 +98906,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities - notes: '' + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: Qumulate + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Stream Integrator cves: cve-2021-4104: investigated: false @@ -93014,9 +98922,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All + fixed_versions: + - '>= 1.0.0' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -93028,13 +98936,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities - notes: '' + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: Real-time Position Management (RPM) + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Stream Integrator Tooling cves: cve-2021-4104: investigated: false @@ -93044,9 +98952,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All + fixed_versions: + - '>= 1.0.0' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -93058,13 +98966,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities - notes: '' + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: Respiratory Gating for Scanners (RGSC) + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Stream Processor cves: cve-2021-4104: investigated: false @@ -93074,9 +98982,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All + fixed_versions: + - '>= 4.0.0' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -93088,13 +98996,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities - notes: '' + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: SmartConnect solution + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: XCP-ng + product: All cves: cve-2021-4104: investigated: false @@ -93103,10 +99011,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - All + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -93118,13 +99026,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities - notes: 'See Knowledge Article: 000038850 on MyVarian' + - https://xcp-ng.org/forum/topic/5315/log4j-vulnerability-impact + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: SmartConnect solution Policy Server + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: XenForo + product: '' cves: cve-2021-4104: investigated: false @@ -93132,9 +99040,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - All + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -93148,13 +99055,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities - notes: 'See Knowledge Articles: 000038831 and 000038832 on MyVarian' + - https://xenforo.com/community/threads/psa-potential-security-vulnerability-in-elasticsearch-5-via-apache-log4j-log4shell.201145/ + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: TrueBeam radiotherapy system + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: AltaLink Products cves: cve-2021-4104: investigated: false @@ -93166,7 +99073,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -93178,13 +99085,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: UNIQUE system + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: CareAR cves: cve-2021-4104: investigated: false @@ -93192,11 +99099,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: - - All + investigated: true + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -93208,13 +99115,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: Varian Authentication and Identity Server (VAIS) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: ColorQube 8700 cves: cve-2021-4104: investigated: false @@ -93226,7 +99133,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -93238,13 +99145,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: Varian Managed Services Cloud + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: ColorQube 8870 cves: cve-2021-4104: investigated: false @@ -93252,11 +99159,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: - - All + investigated: true + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -93268,13 +99175,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: Varian Mobile App + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: ColorQube 8880 cves: cve-2021-4104: investigated: false @@ -93286,8 +99193,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '2.0' - - '2.5' + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -93299,13 +99205,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: VariSeed + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: ColorQube 9201 cves: cve-2021-4104: investigated: false @@ -93317,7 +99223,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -93329,13 +99235,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: Velocity + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: ColorQube 9301 cves: cve-2021-4104: investigated: false @@ -93347,7 +99253,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -93359,13 +99265,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: VitalBeam radiotherapy system + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: DocuCentre SC2020 cves: cve-2021-4104: investigated: false @@ -93377,7 +99283,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -93389,13 +99295,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: Vitesse + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: ElemX cves: cve-2021-4104: investigated: false @@ -93407,7 +99313,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -93419,13 +99325,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: XMediusFax for ARIA oncology information system for Medical Oncology + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: FreeFlow Core cves: cve-2021-4104: investigated: false @@ -93433,11 +99339,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: - - All + investigated: true + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -93449,13 +99355,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: XMediusFax for ARIA oncology information system for Radiation Oncology + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: FreeFlow Express to Print cves: cve-2021-4104: investigated: false @@ -93463,11 +99369,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: - - All + investigated: true + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -93479,13 +99385,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: VArmour - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: FreeFlow Makeready cves: cve-2021-4104: investigated: false @@ -93493,10 +99399,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -93508,13 +99415,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.varmour.com/hc/en-us/articles/4416396248717-Log4j2-Emergency-Configuration-Change-for-Critical-Auth-Free-Code-Execution-in-Logging-Utility + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Varnish Software - product: '' + - vendor: Xerox + product: FreeFlow Output Manager cves: cve-2021-4104: investigated: false @@ -93522,10 +99429,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -93537,13 +99445,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.varnish-software.com/security/CVE-2021-44228-45046/ + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Varonis - product: '' + - vendor: Xerox + product: FreeFlow Print Manager - APP cves: cve-2021-4104: investigated: false @@ -93551,10 +99459,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -93566,13 +99475,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.varonis.com/s/article/Apache-Log4j-Zero-Day-Vulnerability-CVE-2021-44228 + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Veeam - product: '' + - vendor: Xerox + product: FreeFlow Variable Information Suite cves: cve-2021-4104: investigated: false @@ -93580,10 +99489,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -93595,13 +99505,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.veeam.com/kb4254 + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Venafi - product: '' + - vendor: Xerox + product: Nuvera EA Perfecting Production Systems cves: cve-2021-4104: investigated: false @@ -93609,10 +99519,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -93624,13 +99535,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.venafi.com/hc/en-us/articles/4416213022733-Log4j-Zero-Day-Vulnerability-notice + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Veritas NetBackup - product: '' + - vendor: Xerox + product: Nuvera EA Production Systems cves: cve-2021-4104: investigated: false @@ -93638,10 +99549,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -93653,13 +99565,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.veritas.com/content/support/en_US/article.100052070 + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Vertica - product: '' + - vendor: Xerox + product: Phaser 3300 cves: cve-2021-4104: investigated: false @@ -93667,10 +99579,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -93682,16 +99595,16 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forum.vertica.com/discussion/242512/vertica-security-bulletin-a-potential-vulnerability-has-been-identified-apache-log4j-library-used + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' - - vendor: Video Insight Inc. - product: Video Insight + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 3320 cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -93700,25 +99613,25 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://i-pro.com/eu/en/surveillance/news/i-pro-products-and-log4j-2x-vulnerability - notes: Video Insight is a part of Panasonic I-Pro. + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' references: - '' - last_updated: '2022-01-19T00:00:00' - - vendor: Viso Trust - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 3330 cves: cve-2021-4104: investigated: false @@ -93726,10 +99639,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -93741,13 +99655,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.visotrust.com/viso-trust-statement-re-cve-2021-44228-log4j-a4b9b5767492 + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: VMware - product: API Portal for VMware Tanzu + - vendor: Xerox + product: Phaser 3435 cves: cve-2021-4104: investigated: false @@ -93756,10 +99670,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 1.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -93771,13 +99685,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: App Metrics + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 3600 cves: cve-2021-4104: investigated: false @@ -93786,10 +99700,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 2.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -93801,13 +99715,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: Healthwatch for Tanzu Application Service + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 3610 cves: cve-2021-4104: investigated: false @@ -93816,11 +99730,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 2.x - - 1.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -93832,13 +99745,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: Single Sign-On for VMware Tanzu Application Service + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 3635 cves: cve-2021-4104: investigated: false @@ -93847,10 +99760,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 1.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -93862,13 +99775,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: Spring Cloud Gateway for Kubernetes + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 4510 cves: cve-2021-4104: investigated: false @@ -93877,10 +99790,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 1.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -93892,13 +99805,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: Spring Cloud Gateway for VMware Tanzu + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 4622 cves: cve-2021-4104: investigated: false @@ -93907,10 +99820,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 1.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -93922,13 +99835,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: Spring Cloud Services for VMware Tanzu + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 6000 cves: cve-2021-4104: investigated: false @@ -93937,10 +99850,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 3.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -93952,13 +99865,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: vCenter Server - OVA + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 6020 cves: cve-2021-4104: investigated: false @@ -93967,12 +99880,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 7.x - - 6.7.x - - 6.5.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -93984,14 +99895,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html - notes: '[Workaround @ KB87081 (vmware.com)](https://kb.vmware.com/s/article/87081 - )' + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: VMware - product: vCenter Server - Windows + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 6022 cves: cve-2021-4104: investigated: false @@ -94000,11 +99910,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 6.7.x - - 6.5.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -94016,14 +99925,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html - notes: '[Workaround @ KB87096 (vmware.com)](https://kb.vmware.com/s/article/87096 - )' + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: VMware - product: VMware Carbon Black Cloud Workload Appliance + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 6280 cves: cve-2021-4104: investigated: false @@ -94032,10 +99940,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 1.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -94047,13 +99955,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: VMware Carbon Black EDR Server + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 6510 cves: cve-2021-4104: investigated: false @@ -94062,11 +99970,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 7.x - - 6.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -94078,13 +99985,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: VMware Cloud Foundation + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 6600 cves: cve-2021-4104: investigated: false @@ -94093,11 +100000,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 4.x - - 3.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -94109,13 +100015,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: VMware HCX + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 6700 cves: cve-2021-4104: investigated: false @@ -94124,11 +100030,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 4.x - - 3.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -94140,13 +100045,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: VMware Horizon + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 7800 cves: cve-2021-4104: investigated: false @@ -94155,11 +100060,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 8.x - - 7.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -94171,13 +100075,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - - '[VMware KB 87073 (vmware.com)](https://kb.vmware.com/s/article/87073)' - last_updated: '2021-12-17T00:00:00' - - vendor: VMware - product: VMware Horizon Cloud Connector + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 8860 cves: cve-2021-4104: investigated: false @@ -94186,11 +100090,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 1.x - - 2.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -94202,13 +100105,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: VMware Horizon DaaS + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: PrimeLink Products cves: cve-2021-4104: investigated: false @@ -94217,11 +100120,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 9.1.x - - 9.0.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -94233,13 +100135,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: VMware Identity Manager + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Versalink Products cves: cve-2021-4104: investigated: false @@ -94248,10 +100150,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 3.3.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -94263,13 +100165,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: VMware NSX-T Data Centern + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 33xx cves: cve-2021-4104: investigated: false @@ -94278,11 +100180,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 3.x - - 2.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -94294,13 +100195,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: VMware Site Recovery Manager + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 3615 cves: cve-2021-4104: investigated: false @@ -94309,10 +100210,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 8.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -94324,13 +100225,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: VMware Tanzu Application Service for VMs + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 4260 cves: cve-2021-4104: investigated: false @@ -94339,10 +100240,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 2.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -94354,13 +100255,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: VMware Tanzu GemFire + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 4265 cves: cve-2021-4104: investigated: false @@ -94369,11 +100270,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 9.x - - 8.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -94385,13 +100285,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: VMware Tanzu Greenplum + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 5135 cves: cve-2021-4104: investigated: false @@ -94400,10 +100300,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 6.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -94415,13 +100315,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: VMware Tanzu Kubernetes Grid Integrated Edition + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 5150 cves: cve-2021-4104: investigated: false @@ -94430,10 +100330,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 1.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -94445,13 +100345,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: VMware Tanzu Observability by Wavefront Nozzle + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 5225 cves: cve-2021-4104: investigated: false @@ -94460,11 +100360,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 3.x - - 2.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -94476,13 +100375,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: VMware Tanzu Operations Manager + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 5230 cves: cve-2021-4104: investigated: false @@ -94491,10 +100390,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 2.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -94506,13 +100405,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: VMware Tanzu SQL with MySQL for VMs + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 53XX cves: cve-2021-4104: investigated: false @@ -94521,11 +100420,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 2.x - - 1.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -94537,13 +100435,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: VMware Telco Cloud Automation + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 5645 cves: cve-2021-4104: investigated: false @@ -94552,11 +100450,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 2.x - - 1.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -94568,13 +100465,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: VMware Unified Access Gateway + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 5655 cves: cve-2021-4104: investigated: false @@ -94583,12 +100480,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 21.x - - 20.x - - 3.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -94600,13 +100495,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: VMware vCenter Cloud Gateway + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 5740 cves: cve-2021-4104: investigated: false @@ -94615,10 +100510,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 1.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -94630,13 +100525,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' - references: - - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: VMware vRealize Automation + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 5745 cves: cve-2021-4104: investigated: false @@ -94645,11 +100540,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 8.x - - 7.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -94661,13 +100555,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: VMware vRealize Lifecycle Manager + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 5755 cves: cve-2021-4104: investigated: false @@ -94676,10 +100570,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 8.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -94691,13 +100585,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: VMware vRealize Log Insight + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 5765 cves: cve-2021-4104: investigated: false @@ -94706,10 +100600,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 8.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -94721,13 +100615,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: VMware vRealize Operations + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 58XX cves: cve-2021-4104: investigated: false @@ -94736,10 +100630,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 8.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -94751,13 +100645,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: VMware vRealize Operations Cloud Proxy + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 5945 cves: cve-2021-4104: investigated: false @@ -94766,10 +100660,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Any + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -94781,13 +100675,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: VMware vRealize Orchestrator + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 5955 cves: cve-2021-4104: investigated: false @@ -94796,11 +100690,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 8.x - - 7.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -94812,13 +100705,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: VMware Workspace ONE Access + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 6025 cves: cve-2021-4104: investigated: false @@ -94827,11 +100720,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 21.x - - 20.10.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -94843,13 +100735,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: VMware Workspace ONE Access Connector (VMware Identity Manager Connector) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 6400 cves: cve-2021-4104: investigated: false @@ -94858,12 +100750,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 21.x - - 20.10.x - - 19.03.0.1 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -94875,16 +100765,16 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VTScada - product: All + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 6515 cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -94893,25 +100783,25 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vtscada.com/vtscada-unaffected-by-log4j/ - notes: Java is not utilized within VTScada software, and thus our users are unaffected. + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' references: - '' - last_updated: '2022-01-17T00:00:00' - - vendor: Vyaire - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 6605 cves: cve-2021-4104: investigated: false @@ -94919,10 +100809,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -94934,13 +100825,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vyaire.com/sites/us/files/2021-12/2021-12-15-product-security-bulletin-for-log4shell-vulnerability.pdf + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: WAGO - product: WAGO Smart Script + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 6655 cves: cve-2021-4104: investigated: false @@ -94950,9 +100841,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - 4.2.x < 4.8.1.3 - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -94964,13 +100855,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.wago.com/de/automatisierungstechnik/psirt#log4j + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Wallarm - product: All + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 7425 cves: cve-2021-4104: investigated: false @@ -94978,10 +100869,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -94993,13 +100885,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://lab.wallarm.com/cve-2021-44228-mitigation-update/ + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Wallix - product: Access Manager + - vendor: Xerox + product: WorkCentre 7435 cves: cve-2021-4104: investigated: false @@ -95009,9 +100901,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: + fixed_versions: [] + unaffected_versions: - '' - unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -95023,13 +100915,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.wallix.com/fr/support/alerts/ - notes: Customer Portal for patch found in advisory. This patch is available to - customer only and has not been reviewed by CISA. + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' references: - '' - - vendor: Wasp Barcode technologies - product: All + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 7525 cves: cve-2021-4104: investigated: false @@ -95037,10 +100929,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -95052,13 +100945,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.waspbarcode.com/kb/articles/assetcloud-inventorycloud-are-they-affected-by-the-java-exploit-log4j-no + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Watcher - product: All + - vendor: Xerox + product: WorkCentre 7535 cves: cve-2021-4104: investigated: false @@ -95082,13 +100975,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://twitter.com/felix_hrn/status/1470387338001977344 + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: WatchGuard - product: AuthPoint + - vendor: Xerox + product: WorkCentre 7556 cves: cve-2021-4104: investigated: false @@ -95098,9 +100991,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - Cloud - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -95112,13 +101005,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: WatchGuard - product: Dimension + - vendor: Xerox + product: WorkCentre 7830 cves: cve-2021-4104: investigated: false @@ -95142,13 +101035,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: WatchGuard - product: EDPR and Panda AD360 + - vendor: Xerox + product: WorkCentre 7835 cves: cve-2021-4104: investigated: false @@ -95172,13 +101065,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: WatchGuard - product: Firebox + - vendor: Xerox + product: WorkCentre 7855 cves: cve-2021-4104: investigated: false @@ -95202,13 +101095,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: WatchGuard - product: System Manager, Dimension, and Panda AD360 + - vendor: Xerox + product: WorkCentre 7970i cves: cve-2021-4104: investigated: false @@ -95232,13 +101125,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: WatchGuard - product: Threat Detection and Response + - vendor: Xerox + product: WorkCentre ECXX cves: cve-2021-4104: investigated: false @@ -95248,9 +101141,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - Cloud - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -95262,13 +101155,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: WatchGuard - product: Wi-Fi Cloud + - vendor: Xerox + product: Xerox Account Payable Services cves: cve-2021-4104: investigated: false @@ -95278,9 +101171,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - Cloud - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -95292,13 +101185,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Western Digital - product: '' + - vendor: Xerox + product: Xerox App Gallery cves: cve-2021-4104: investigated: false @@ -95306,10 +101199,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -95321,13 +101215,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.westerndigital.com/support/product-security/wdc-21016-apache-log4j-2-remote-code-execution-vulnerability-analysis + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: WIBU Systems - product: CodeMeter Cloud Lite + - vendor: Xerox + product: Xerox B1022/25 cves: cve-2021-4104: investigated: false @@ -95337,9 +101231,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - 2.2 and prior - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -95351,13 +101245,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-211213-01.pdf + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: WIBU Systems - product: CodeMeter Keyring for TIA Portal + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox B225 cves: cve-2021-4104: investigated: false @@ -95367,9 +101261,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - 1.30 and prior - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -95381,322 +101275,283 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-211213-01.pdf - notes: Only the Password Manager is affected + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: WildFly - product: All + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox B230 cves: cve-2021-4104: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - < 22 - - '> 26.0.0.Final' - - '>= 22' - - <= 26.0.0.Beta1 + - '' cve-2021-45046: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45105: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] vendor_links: - - https://www.wildfly.org/news/2021/12/13/Log4j-CVEs/ + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2022-01-21T00:00:00' - - vendor: Wind River - product: LTS17 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox B235 cves: cve-2021-4104: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45105: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] vendor_links: - - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2022-01-21T00:00:00' - - vendor: Wind River - product: LTS18 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox B310 cves: cve-2021-4104: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45105: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] vendor_links: - - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2022-01-21T00:00:00' - - vendor: Wind River - product: LTS19 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Baltoro HF Inkjet Press cves: cve-2021-4104: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45105: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] vendor_links: - - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2022-01-21T00:00:00' - - vendor: Wind River - product: LTS21 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Branded ConnectKey Applications cves: cve-2021-4104: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45105: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] vendor_links: - - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Wind River - product: WRL-6 + - vendor: Xerox + product: Xerox C230 cves: cve-2021-4104: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45105: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] vendor_links: - - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 - notes: The Wind River Linux Product Versions 8.0 and prior contains the log4j1.2 - and JMSAppender components, however, JMSAppender is deactivated in the release - package and not affected by CVE-2021-4104 customers are advised to NOT manually - activate the JMSAppender component. + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' references: - '' - last_updated: '2022-01-21T00:00:00' - - vendor: Wind River - product: WRL-7 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox C235 cves: cve-2021-4104: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45105: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] vendor_links: - - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 - notes: The Wind River Linux Product Versions 8.0 and prior contains the log4j1.2 - and JMSAppender components, however, JMSAppender is deactivated in the release - package and not affected by CVE-2021-4104 customers are advised to NOT manually - activate the JMSAppender component. + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' references: - '' - last_updated: '2022-01-21T00:00:00' - - vendor: Wind River - product: WRL-8 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox C310 cves: cve-2021-4104: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45105: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] vendor_links: - - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 - notes: The Wind River Linux Product Versions 8.0 and prior contains the log4j1.2 - and JMSAppender components, however, JMSAppender is deactivated in the release - package and not affected by CVE-2021-4104 customers are advised to NOT manually - activate the JMSAppender component. + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' references: - '' - last_updated: '2022-01-21T00:00:00' - - vendor: Wind River - product: WRL-9 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Campaigns on Demand cves: cve-2021-4104: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45105: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] vendor_links: - - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2022-01-21T00:00:00' - - vendor: WireShark - product: All + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Color EC70 Printer cves: cve-2021-4104: investigated: false @@ -95720,13 +101575,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.wireshark.org/news/20211215.html + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-15T07:18:50+00:00' - - vendor: Wistia - product: All + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox D110 cves: cve-2021-4104: investigated: false @@ -95734,10 +101589,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -95749,13 +101605,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://status.wistia.com/incidents/jtg0dfl5l224 + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: WitFoo - product: Precinct + - vendor: Xerox + product: Xerox D125 cves: cve-2021-4104: investigated: false @@ -95763,11 +101619,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: - - 6.x - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -95779,14 +101635,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.witfoo.com/blog/emergency-update-for-cve-2021-44228-log4j/ - notes: WitFoo Streamer & Apache Kafka Docker containers are/were vulnerable. See - advisory. + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: WordPress - product: All + - vendor: Xerox + product: Xerox D95A cves: cve-2021-4104: investigated: false @@ -95810,13 +101665,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://wordpress.org/support/topic/is-the-log4j-vulnerability-an-issue/ + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Worksphere - product: All + - vendor: Xerox + product: Xerox Digital Mailroom Services cves: cve-2021-4104: investigated: false @@ -95824,10 +101679,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -95839,13 +101695,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.worksphere.com/product/security-update-on-log4j-cve-2021-44228 + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Wowza - product: Streaming Engine + - vendor: Xerox + product: Xerox ECXX cves: cve-2021-4104: investigated: false @@ -95855,10 +101711,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - 4.7.8 - - 4.8.x - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -95870,13 +101725,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.wowza.com/docs/known-issues-with-wowza-streaming-engine#log4j2-cve + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: WSO2 - product: API Manager + - vendor: Xerox + product: Xerox ED125 cves: cve-2021-4104: investigated: false @@ -95886,9 +101741,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - '>= 3.0.0' - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -95900,13 +101755,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 - notes: A temporary mitigation is available while vendor works on update. + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' references: - '' - last_updated: '2022-01-26T07:18:50+00:00' - - vendor: WSO2 - product: API Manager Analytics + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox ED95A cves: cve-2021-4104: investigated: false @@ -95916,9 +101771,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - '>= 2.6.0' - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -95930,13 +101785,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 - notes: A temporary mitigation is available while vendor works on update. + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' references: - '' - last_updated: '2022-01-26T07:18:50+00:00' - - vendor: WSO2 - product: Enterprise Integrator + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox iGen 5 cves: cve-2021-4104: investigated: false @@ -95946,9 +101801,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - '>= 6.1.0' - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -95960,13 +101815,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 - notes: A temporary mitigation is available while vendor works on update. + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' references: - '' - last_updated: '2022-01-26T07:18:50+00:00' - - vendor: WSO2 - product: Enterprise Integrator Analytics + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Instant Print Kiosk cves: cve-2021-4104: investigated: false @@ -95976,9 +101831,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - '>= 6.6.0' - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -95990,13 +101845,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 - notes: A temporary mitigation is available while vendor works on update. + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' references: - '' - last_updated: '2022-01-26T07:18:50+00:00' - - vendor: WSO2 - product: Identity Server + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Intelligent Workplace Services (All Including XDM, XDA, CWW) cves: cve-2021-4104: investigated: false @@ -96006,9 +101861,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - '>= 5.9.0' - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -96020,13 +101875,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 - notes: A temporary mitigation is available while vendor works on update. + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' references: - '' - last_updated: '2022-01-26T07:18:50+00:00' - - vendor: WSO2 - product: Identity Server Analytics + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Iridesse Production Press cves: cve-2021-4104: investigated: false @@ -96036,9 +101891,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - '>= 5.7.0' - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -96050,13 +101905,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 - notes: A temporary mitigation is available while vendor works on update. + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' references: - '' - last_updated: '2022-01-26T07:18:50+00:00' - - vendor: WSO2 - product: Identity Server as Key Manager + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox J75 cves: cve-2021-4104: investigated: false @@ -96066,9 +101921,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - '>= 5.9.0' - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -96080,13 +101935,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 - notes: A temporary mitigation is available while vendor works on update. + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' references: - '' - last_updated: '2022-01-26T07:18:50+00:00' - - vendor: WSO2 - product: Micro Gateway + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Print and Scan Experience cves: cve-2021-4104: investigated: false @@ -96096,9 +101951,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - '>= 3.2.0' - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -96110,13 +101965,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 - notes: A temporary mitigation is available while vendor works on update. + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' references: - '' - last_updated: '2022-01-26T07:18:50+00:00' - - vendor: WSO2 - product: Micro Integrator + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Team Availability Application cves: cve-2021-4104: investigated: false @@ -96126,9 +101981,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - '>= 1.1.0' - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -96140,13 +101995,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 - notes: A temporary mitigation is available while vendor works on update. + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' references: - '' - last_updated: '2022-01-26T07:18:50+00:00' - - vendor: WSO2 - product: Micro Integrator Dashboard + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Versant 180 cves: cve-2021-4104: investigated: false @@ -96156,9 +102011,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - '>= 4.0.0' - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -96170,13 +102025,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 - notes: A temporary mitigation is available while vendor works on update. + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' references: - '' - last_updated: '2022-01-26T07:18:50+00:00' - - vendor: WSO2 - product: Micro Integrator Monitoring Dashboard + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Versant 280 cves: cve-2021-4104: investigated: false @@ -96186,9 +102041,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - '>= 1.0.0' - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -96200,13 +102055,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 - notes: A temporary mitigation is available while vendor works on update. + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' references: - '' - last_updated: '2022-01-26T07:18:50+00:00' - - vendor: WSO2 - product: Open Banking AM + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Versant 3100 cves: cve-2021-4104: investigated: false @@ -96216,9 +102071,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - '>= 2.0.0' - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -96230,13 +102085,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 - notes: A temporary mitigation is available while vendor works on update. + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' references: - '' - last_updated: '2022-01-26T07:18:50+00:00' - - vendor: WSO2 - product: Open Banking BI + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Versant 4100 cves: cve-2021-4104: investigated: false @@ -96246,9 +102101,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - '>= 1.3.0' - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -96260,13 +102115,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 - notes: A temporary mitigation is available while vendor works on update. + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' references: - '' - last_updated: '2022-01-26T07:18:50+00:00' - - vendor: WSO2 - product: Open Banking KM + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Workflow Central Platform cves: cve-2021-4104: investigated: false @@ -96276,9 +102131,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - '>= 2.0.0' - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -96290,13 +102145,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 - notes: A temporary mitigation is available while vendor works on update. + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' references: - '' - last_updated: '2022-01-26T07:18:50+00:00' - - vendor: WSO2 - product: Stream Integrator + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Workplace Kiosk cves: cve-2021-4104: investigated: false @@ -96306,9 +102161,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - '>= 1.0.0' - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -96320,13 +102175,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 - notes: A temporary mitigation is available while vendor works on update. + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' references: - '' - last_updated: '2022-01-26T07:18:50+00:00' - - vendor: WSO2 - product: Stream Integrator Tooling + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Workplace Suite cves: cve-2021-4104: investigated: false @@ -96336,9 +102191,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - '>= 1.0.0' - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -96350,13 +102205,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 - notes: A temporary mitigation is available while vendor works on update. + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' references: - '' - last_updated: '2022-01-26T07:18:50+00:00' - - vendor: WSO2 - product: Stream Processor + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Workspace Cloud cves: cve-2021-4104: investigated: false @@ -96366,9 +102221,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - '>= 4.0.0' - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -96380,13 +102235,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 - notes: A temporary mitigation is available while vendor works on update. + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' references: - '' - last_updated: '2022-01-26T07:18:50+00:00' - - vendor: XCP-ng - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: XMPie Data-Driven Print and VDP cves: cve-2021-4104: investigated: false @@ -96394,10 +102249,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -96409,13 +102265,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://xcp-ng.org/forum/topic/5315/log4j-vulnerability-impact + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: XenForo - product: '' + - vendor: Xerox + product: XMPie Omnichannel Communications cves: cve-2021-4104: investigated: false @@ -96423,10 +102279,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -96438,13 +102295,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://xenforo.com/community/threads/psa-potential-security-vulnerability-in-elasticsearch-5-via-apache-log4j-log4shell.201145/ + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Xerox - product: '' + product: XMPie Web to Print cves: cve-2021-4104: investigated: false @@ -96452,10 +102309,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -96467,13 +102325,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://securitydocs.business.xerox.com/wp-content/uploads/2021/12/Xerox-Special-Bulletin-XRX21-021-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.6.pdf + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: XPertDoc - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -96502,7 +102360,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: XPLG - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -96531,7 +102389,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: XWIKI - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -96568,9 +102426,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -96597,9 +102456,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -96626,9 +102486,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -96655,9 +102516,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -96684,9 +102546,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -96713,8 +102576,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -96742,8 +102606,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -96771,9 +102636,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -96800,9 +102666,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -96862,11 +102729,11 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: + affected_versions: [] + fixed_versions: - 4.7 through 4.10 - 4.4 through 4.6 - '4.2' - fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -96893,9 +102760,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -96922,8 +102790,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -96951,9 +102820,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -96980,9 +102850,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -97009,9 +102880,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false diff --git a/data/cisagov_F.yml b/data/cisagov_F.yml index adcaaab..37e960c 100644 --- a/data/cisagov_F.yml +++ b/data/cisagov_F.yml @@ -13,9 +13,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -43,9 +44,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 13-15 - fixed_versions: [] + affected_versions: [] + fixed_versions: + - 13 through 15 unaffected_versions: [] cve-2021-45046: investigated: false @@ -72,9 +73,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -102,9 +104,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 13-15 - fixed_versions: [] + affected_versions: [] + fixed_versions: + - 13 through 15 unaffected_versions: [] cve-2021-45046: investigated: false @@ -132,9 +134,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 13-15 - fixed_versions: [] + affected_versions: [] + fixed_versions: + - 13 through 15 unaffected_versions: [] cve-2021-45046: investigated: false @@ -195,7 +197,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 7.x-8.x + - 7.x - 8.x cve-2021-45046: investigated: false affected_versions: [] @@ -493,8 +495,9 @@ software: cve-2021-44228: investigated: true affected_versions: - - 5.x (5.2.0 CF1 - - 5.1.0 CF-30 - 5.1.0 CF-33) + - 5.x + - 5.2.0 CF1 + - 5.1.0 CF-30 - 5.1.0 CF-33 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -515,7 +518,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: FAST LTA - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -544,7 +547,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fastly - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -583,7 +586,7 @@ software: cve-2021-44228: investigated: false affected_versions: - - Unknown + - 340x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -598,19 +601,19 @@ software: unaffected_versions: [] vendor_links: - https://www.fedex.com/en-us/shipping/ship-manager/software.html#tab-4 - notes: 'Note: FedEx is aware of the issue related to the Log4j Remote Code Execution + notes: Note - FedEx is aware of the issue related to the Log4j Remote Code Execution vulnerability affecting various Apache products. We are actively assessing the situation and taking necessary action as appropriate. As a result, we are temporarily unable to provide a link to download the FedEx Ship Manager software or generate product keys needed for registration of FedEx Ship Manager software. We are working to have this resolved as quickly as possible and apologize for the inconvenience. For related questions or the most updated information, customers should check - FedEx Updates for Apache Log4j Issue or contact their Customer Technology representative.' + FedEx Updates for Apache Log4j Issue or contact their Customer Technology representative. references: - '' last_updated: '2021-12-15T00:00:00' - - vendor: Fiix - product: Fiix CMMS Core + - vendor: FedEx + product: Ship Manager Software cves: cve-2021-4104: investigated: false @@ -618,10 +621,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: - - v5 + - '3509' unaffected_versions: [] cve-2021-45046: investigated: false @@ -634,14 +637,20 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605 - notes: The product has been updated to Log4j version 2.15. An additional patch - is being developed to update to 2.16. No user interaction is required. + - https://www.fedex.com/en-us/shipping/ship-manager/software.html#tab-4 + notes: Note - FedEx is aware of the issue related to the Log4j Remote Code Execution + vulnerability affecting various Apache products. We are actively assessing the + situation and taking necessary action as appropriate. As a result, we are temporarily + unable to provide a link to download the FedEx Ship Manager software or generate + product keys needed for registration of FedEx Ship Manager software. We are + working to have this resolved as quickly as possible and apologize for the inconvenience. + For related questions or the most updated information, customers should check + FedEx Updates for Apache Log4j Issue or contact their Customer Technology representative. references: - '' last_updated: '2021-12-15T00:00:00' - - vendor: FileCap - product: '' + - vendor: Fiix + product: Fiix CMMS Core cves: cve-2021-4104: investigated: false @@ -649,9 +658,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - v5 unaffected_versions: [] cve-2021-45046: investigated: false @@ -664,13 +674,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://mailchi.mp/3f82266e0717/filecap-update-version-511 - notes: '' + - https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605 + notes: The product has been updated to Log4j version 2.15. An additional patch + is being developed to update to 2.16. No user interaction is required. This + advisory is available to customer only and has not been reviewed by CISA. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: FileCatalyst - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: FileCap + product: Plugins cves: cve-2021-4104: investigated: false @@ -678,10 +690,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -693,13 +706,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.filecatalyst.com/index.php/Knowledgebase/Article/View/advisory-log4j-zero-day-security-vulnerability + - https://filecap.com/blog-posts/detecteer-log4shell-exploitatie-pogingen notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: FileCloud - product: '' + - vendor: FileCap + product: Server cves: cve-2021-4104: investigated: false @@ -707,9 +720,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 5.1.3 unaffected_versions: [] cve-2021-45046: investigated: false @@ -722,13 +736,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.getfilecloud.com/supportdocs/display/cloud/Advisory+2021-12-2+Impact+of+Apache+Log4j2+Vulnerability+on+FileCloud+Customers + - https://filecap.com/blog-posts/detecteer-log4shell-exploitatie-pogingen notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: FileWave - product: '' + - vendor: FileCatalyst + product: All cves: cve-2021-4104: investigated: false @@ -751,13 +765,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.filewave.com/display/KB/Security+Notice:+Apache+log4j+Vulnerability+CVE-2021-44228 + - https://support.filecatalyst.com/index.php/Knowledgebase/Article/View/advisory-log4j-zero-day-security-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: FINVI - product: '' + - vendor: FileCloud + product: All cves: cve-2021-4104: investigated: false @@ -780,13 +794,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://finvi.com/support/ + - https://www.getfilecloud.com/supportdocs/display/cloud/Advisory+2021-12-2+Impact+of+Apache+Log4j2+Vulnerability+on+FileCloud+Customers notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: FireDaemon - product: '' + - vendor: FileWave + product: All cves: cve-2021-4104: investigated: false @@ -809,13 +823,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.firedaemon.com/support/solutions/articles/4000178630 + - https://kb.filewave.com/display/KB/Security+Notice:+Apache+log4j+Vulnerability+CVE-2021-44228 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fisher & Paykel Healthcare - product: '' + - vendor: FileZilla + product: All cves: cve-2021-4104: investigated: false @@ -823,10 +837,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -838,13 +853,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fphcare.com/us/our-company/contact-us/product-security/ + - https://forum.filezilla-project.org/viewtopic.php?f=6&t=54338 notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Flexagon - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: FINVI + product: All cves: cve-2021-4104: investigated: false @@ -867,13 +882,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://flexagon.com/what-is-the-impact-of-log4j-vulnerability-cve-2021-44228-on-flexdeploy/ + - https://finvi.com/support/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Flexera - product: '' + - vendor: FireDaemon + product: All cves: cve-2021-4104: investigated: false @@ -896,13 +911,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.flexera.com/t5/Community-Notices/Flexera-s-response-to-Apache-Log4j-2-remote-code-execution/ba-p/216934 + - https://kb.firedaemon.com/support/solutions/articles/4000178630 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Forcepoint - product: DLP Manager + - vendor: Fisher & Paykel Healthcare + product: All cves: cve-2021-4104: investigated: false @@ -910,10 +925,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -925,13 +941,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + - https://www.fphcare.com/us/our-company/contact-us/product-security/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Forcepoint - product: Forcepoint Cloud Security Gateway (CSG) + last_updated: '2021-12-21T00:00:00' + - vendor: Flexagon + product: All cves: cve-2021-4104: investigated: false @@ -954,13 +970,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + - https://flexagon.com/what-is-the-impact-of-log4j-vulnerability-cve-2021-44228-on-flexdeploy/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Forcepoint - product: Next Generation Firewall (NGFW) + - vendor: Flexera + product: All cves: cve-2021-4104: investigated: false @@ -983,14 +999,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + - https://community.flexera.com/t5/Community-Notices/Flexera-s-response-to-Apache-Log4j-2-remote-code-execution/ba-p/216934 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Forcepoint - product: Next Generation Firewall, NGFW VPN Client, Forcepoint User ID service - and Sidewinder + product: Advanced Malware Detection cves: cve-2021-4104: investigated: false @@ -998,10 +1013,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1014,12 +1030,13 @@ software: unaffected_versions: [] vendor_links: - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F - notes: '' + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Forcepoint - product: One Endpoint + product: Behavioral Analytics cves: cve-2021-4104: investigated: false @@ -1043,12 +1060,13 @@ software: unaffected_versions: [] vendor_links: - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F - notes: '' + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Forcepoint - product: Security Manager (Web, Email and DLP) + product: Bitglass SSE cves: cve-2021-4104: investigated: false @@ -1056,10 +1074,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1072,12 +1091,13 @@ software: unaffected_versions: [] vendor_links: - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F - notes: '' + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Forescout - product: '' + - vendor: Forcepoint + product: CASB cves: cve-2021-4104: investigated: false @@ -1100,13 +1120,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forescout.force.com/support/s/article/Important-security-information-related-to-Apache-Log4j-utility-CVE-2021-44228 - notes: '' + - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: ForgeRock - product: Autonomous Identity + - vendor: Forcepoint + product: Cloud Security Gateway (CSG) cves: cve-2021-4104: investigated: false @@ -1114,10 +1135,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1129,13 +1151,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://backstage.forgerock.com/knowledge/kb/book/b21824339#1_bzBa - notes: all other ForgeRock products Not vulnerable + - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fortinet - product: FortiAIOps + - vendor: Forcepoint + product: Content Gateway cves: cve-2021-4104: investigated: false @@ -1143,10 +1166,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1158,13 +1182,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 - notes: '' + - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fortinet - product: FortiAnalyzer + - vendor: Forcepoint + product: DDP/DUP/DPS cves: cve-2021-4104: investigated: false @@ -1187,13 +1212,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 - notes: '' + - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fortinet - product: FortiAnalyzer Cloud + - vendor: Forcepoint + product: Directory Synchronization cves: cve-2021-4104: investigated: false @@ -1201,10 +1227,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1216,13 +1243,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 - notes: '' + - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fortinet - product: FortiAP + - vendor: Forcepoint + product: DLP Manager cves: cve-2021-4104: investigated: false @@ -1230,9 +1258,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -1245,13 +1274,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 - notes: '' + - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fortinet - product: FortiAuthenticator + - vendor: Forcepoint + product: Email Security cves: cve-2021-4104: investigated: false @@ -1259,10 +1289,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1274,13 +1305,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 - notes: '' + - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fortinet - product: FortiCASB + - vendor: Forcepoint + product: Insider Threat cves: cve-2021-4104: investigated: false @@ -1288,10 +1320,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1303,13 +1336,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 - notes: '' + - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fortinet - product: FortiConvertor + - vendor: Forcepoint + product: Next Generation Firewall (NGFW) cves: cve-2021-4104: investigated: false @@ -1317,10 +1351,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1332,13 +1367,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 - notes: '' + - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fortinet - product: FortiDeceptor + - vendor: Forcepoint + product: NGFW Security Management Center cves: cve-2021-4104: investigated: false @@ -1346,9 +1382,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -1361,13 +1398,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 - notes: '' + - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fortinet - product: FortiEDR Agent + - vendor: Forcepoint + product: NGFW Virtual SMC Appliances cves: cve-2021-4104: investigated: false @@ -1375,9 +1413,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -1390,13 +1429,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 - notes: '' + - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fortinet - product: FortiEDR Cloud + - vendor: Forcepoint + product: NGFW VPN Client cves: cve-2021-4104: investigated: false @@ -1404,9 +1444,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -1419,13 +1460,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 - notes: '' + - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fortinet - product: FortiGate Cloud + - vendor: Forcepoint + product: One Endpoint cves: cve-2021-4104: investigated: false @@ -1433,10 +1475,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1448,13 +1491,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 - notes: '' + - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fortinet - product: FortiGSLB Cloud + - vendor: Forcepoint + product: Security Manager (Web, Email and DLP) cves: cve-2021-4104: investigated: false @@ -1462,9 +1506,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -1477,13 +1522,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 - notes: '' + - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fortinet - product: FortiMail + - vendor: Forcepoint + product: Sidewinder cves: cve-2021-4104: investigated: false @@ -1491,9 +1537,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -1506,13 +1553,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 - notes: '' + - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fortinet - product: FortiManager + - vendor: Forcepoint + product: User ID service cves: cve-2021-4104: investigated: false @@ -1520,9 +1568,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -1535,13 +1584,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 - notes: '' + - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fortinet - product: FortiManager Cloud + - vendor: Forcepoint + product: Web Security cves: cve-2021-4104: investigated: false @@ -1564,13 +1614,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 - notes: '' + - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fortinet - product: FortiNAC + - vendor: Forescout + product: All cves: cve-2021-4104: investigated: false @@ -1593,13 +1644,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 + - https://forescout.force.com/support/s/article/Important-security-information-related-to-Apache-Log4j-utility-CVE-2021-44228 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fortinet - product: FortiNAC + - vendor: ForgeRock + product: Autonomous Identity cves: cve-2021-4104: investigated: false @@ -1607,9 +1658,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -1622,13 +1674,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 - notes: '' + - https://backstage.forgerock.com/knowledge/kb/book/b21824339#1_bzBa + notes: All other ForgeRock products not affected. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet - product: FortiOS (includes FortiGate & FortiWiFi) + product: Autonomous Identity cves: cve-2021-4104: investigated: false @@ -1636,9 +1688,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -1657,7 +1710,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet - product: FortiPhish Cloud + product: FortiADC cves: cve-2021-4104: investigated: false @@ -1665,10 +1718,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1686,7 +1740,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet - product: FortiPolicy + product: FortiAI cves: cve-2021-4104: investigated: false @@ -1694,10 +1748,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1715,7 +1770,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet - product: FortiPortal + product: FortiAIOps cves: cve-2021-4104: investigated: false @@ -1723,9 +1778,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 1.0.2 unaffected_versions: [] cve-2021-45046: investigated: false @@ -1744,7 +1800,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet - product: FortiRecorder + product: FortiAnalyzer cves: cve-2021-4104: investigated: false @@ -1752,10 +1808,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1773,7 +1830,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet - product: FortiSIEM + product: FortiAnalyzer Big Cloud cves: cve-2021-4104: investigated: false @@ -1781,9 +1838,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 6.4.7 + - 7.0.2 unaffected_versions: [] cve-2021-45046: investigated: false @@ -1802,7 +1861,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet - product: FortiSOAR + product: FortiAnalyzer Cloud cves: cve-2021-4104: investigated: false @@ -1810,10 +1869,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1831,7 +1891,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet - product: FortiSwicth Cloud in FortiLANCloud + product: FortiAP cves: cve-2021-4104: investigated: false @@ -1839,10 +1899,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1860,7 +1921,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet - product: FortiSwitch & FortiSwitchManager + product: FortiAuthenticator cves: cve-2021-4104: investigated: false @@ -1868,10 +1929,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1889,7 +1951,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet - product: FortiToken Cloud + product: FortiCache cves: cve-2021-4104: investigated: false @@ -1897,10 +1959,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1918,7 +1981,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet - product: FortiVoice + product: FortiCarrier cves: cve-2021-4104: investigated: false @@ -1926,10 +1989,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1947,7 +2011,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet - product: FortiWeb Cloud + product: FortiCASB cves: cve-2021-4104: investigated: false @@ -1955,9 +2019,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -1976,7 +2041,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet - product: ShieldX + product: FortiClient cves: cve-2021-4104: investigated: false @@ -1984,10 +2049,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2004,8 +2070,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: FTAPI - product: '' + - vendor: Fortinet + product: FortiClient Cloud cves: cve-2021-4104: investigated: false @@ -2013,10 +2079,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2028,16 +2095,16 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ftapi.com/blog/kritische-sicherheitslucke-in-log4j-ftapi-reagiert/# + - https://www.fortiguard.com/psirt/FG-IR-21-245 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fuji Electric - product: MONITOUCH TS1000 series + - vendor: Fortinet + product: FortiClient EMS cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -2046,28 +2113,28 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + - https://www.fortiguard.com/psirt/FG-IR-21-245 notes: '' references: - '' - last_updated: '2022-02-02T00:00:00' - - vendor: Fuji Electric - product: MONITOUCH TS1000S series + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiConnect cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -2076,88 +2143,88 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + - https://www.fortiguard.com/psirt/FG-IR-21-245 notes: '' references: - '' - last_updated: '2022-02-02T00:00:00' - - vendor: Fuji Electric - product: MONITOUCH TS2000 series + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiConverter Portal cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - '' fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + - https://www.fortiguard.com/psirt/FG-IR-21-245 notes: '' references: - '' - last_updated: '2022-02-02T00:00:00' - - vendor: Fuji Electric - product: MONITOUCH V8 series + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiCWP cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + - https://www.fortiguard.com/psirt/FG-IR-21-245 notes: '' references: - '' - last_updated: '2022-02-02T00:00:00' - - vendor: Fuji Electric - product: MONITOUCH V9 series + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiDDoS cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -2166,28 +2233,28 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + - https://www.fortiguard.com/psirt/FG-IR-21-245 notes: '' references: - '' - last_updated: '2022-02-02T00:00:00' - - vendor: Fuji Electric - product: MONITOUCH X1 series + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiDDoS-F cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -2196,28 +2263,28 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + - https://www.fortiguard.com/psirt/FG-IR-21-245 notes: '' references: - '' - last_updated: '2022-02-02T00:00:00' - - vendor: Fuji Electric - product: TELLUS and V-Server + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiDeceptor cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -2226,29 +2293,28 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - Version 3 - - Version 4 + - '' cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + - https://www.fortiguard.com/psirt/FG-IR-21-245 notes: '' references: - '' - last_updated: '2022-02-02T00:00:00' - - vendor: Fuji Electric - product: V-SFT + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiEDR Agent cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -2257,26 +2323,25 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - Version 5 - - Version 6 + - '' cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + - https://www.fortiguard.com/psirt/FG-IR-21-245 notes: '' references: - '' - last_updated: '2022-02-02T00:00:00' - - vendor: Fujitsu - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiEDR Cloud cves: cve-2021-4104: investigated: false @@ -2284,10 +2349,2531 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiExtender Cloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiGate Cloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiGSLB Cloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiInsight + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiIsolator + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 2.3.4 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiLAN Cloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiMail + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiManager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiManager Cloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiMonitor + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiNAC + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiOS (includes FortiGate & FortiWiFi) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiPenTest + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiPhish Cloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiPolicy + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiPortal + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiPresence + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiProxy + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiRecorder + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiSandbox + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiSASE + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiSIEM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiSOAR + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiSwitch & FortiSwitchManager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiSwitch Cloud in FortiLANCloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiTester + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiToken Cloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiVoice + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiWeb Cloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiWLC + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiWLM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: ShieldX + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: FTAPI + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ftapi.com/blog/kritische-sicherheitslucke-in-log4j-ftapi-reagiert/# + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fuji Electric + product: MONITOUCH TS1000 series + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' + - vendor: Fuji Electric + product: MONITOUCH TS1000S series + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' + - vendor: Fuji Electric + product: MONITOUCH TS2000 series + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' + - vendor: Fuji Electric + product: MONITOUCH V8 series + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' + - vendor: Fuji Electric + product: MONITOUCH V9 series + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' + - vendor: Fuji Electric + product: MONITOUCH X1 series + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' + - vendor: Fuji Electric + product: TELLUS and V-Server + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - Version 3 + - Version 4 + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' + - vendor: Fuji Electric + product: V-SFT + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - Version 5 + - Version 6 + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' + - vendor: Fujitsu + product: AIS Connect + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: Bean Connect + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: BS2000 Hardware + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: BS2000 Software + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: BX400 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: BX900 MMB + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: eLux RP on FUTRO + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: ETERNUS AB/HB + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: ETERNUS CS800 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: ETERNUS CS8000 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: ETERNUS DX/AF + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: ETERNUS JX + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: ETERNUS LT140/260 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: ETERNUS LT20/40/60 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: ETERNUS SF + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: ETERNUS SF MA + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: FlexFrame + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: INTELLIEGDLE A/G + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: iRMC on PRIMERGY + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: ISM for PRIMERGY, PQ + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: NECoP + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: openFT + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: openSEAS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: openUTM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: openUTM (WebAdm.) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: PRIMEFLEX for MS S2D + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: PTC Axeda (AIS Con.) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: SBAX2 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: SBAX3 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: SecDocs + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: ServerView IM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: ServerView OM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: ServerView OM/UM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: ServerView RAID + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: ServerView Rem. Con. + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: ServerView VIOM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: SOA Pro. Mgmt. Service + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: SOA SysRollout Service + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: SVS Services for ISM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: SVS UME + LinuxLife + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: SVS VMware Op. Mgr. + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: SVS VMware vCenter + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: Web Transactions + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2305,7 +4891,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: FusionAuth - product: FusionAuth + product: All cves: cve-2021-4104: investigated: false diff --git a/data/cisagov_L.yml b/data/cisagov_L.yml index a1ffc81..36b25ab 100644 --- a/data/cisagov_L.yml +++ b/data/cisagov_L.yml @@ -2796,6 +2796,36 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Logit.io + product: Logit.io Platform + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://logit.io/blog/post/logit-io-log4shell-security-update + notes: '' + references: + - '' + last_updated: '2022-02-07T07:10:00+00:00' - vendor: LogMeIn product: '' cves: diff --git a/data/cisagov_X.yml b/data/cisagov_X.yml index b107a72..2c6eb17 100644 --- a/data/cisagov_X.yml +++ b/data/cisagov_X.yml @@ -5,6 +5,36 @@ owners: url: https://github.com/cisagov/log4j-affected-db software: - vendor: XCP-ng + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://xcp-ng.org/forum/topic/5315/log4j-vulnerability-impact + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: XenForo product: '' cves: cve-2021-4104: @@ -28,13 +58,3103 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://xcp-ng.org/forum/topic/5315/log4j-vulnerability-impact + - https://xenforo.com/community/threads/psa-potential-security-vulnerability-in-elasticsearch-5-via-apache-log4j-log4shell.201145/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: AltaLink Products + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: CareAR + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: ColorQube 8700 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: ColorQube 8870 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: ColorQube 8880 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: ColorQube 9201 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: ColorQube 9301 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: DocuCentre SC2020 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: ElemX + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: FreeFlow Core + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: FreeFlow Express to Print + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: FreeFlow Makeready + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: FreeFlow Output Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: FreeFlow Print Manager - APP + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: FreeFlow Variable Information Suite + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Nuvera EA Perfecting Production Systems + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Nuvera EA Production Systems + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 3300 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 3320 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 3330 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 3435 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 3600 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 3610 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 3635 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 4510 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 4622 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 6000 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 6020 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 6022 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 6280 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 6510 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 6600 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 6700 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 7800 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 8860 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: PrimeLink Products + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Versalink Products + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 33xx + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 3615 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 4260 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 4265 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 5135 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 5150 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 5225 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 5230 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 53XX + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 5645 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 5655 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 5740 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 5745 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 5755 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 5765 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 58XX + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 5945 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 5955 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 6025 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 6400 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 6515 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 6605 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 6655 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 7425 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 7435 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 7525 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 7535 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 7556 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 7830 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 7835 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 7855 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 7970i + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre ECXX + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Account Payable Services + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox App Gallery + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox B1022/25 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox B225 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox B230 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox B235 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox B310 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Baltoro HF Inkjet Press + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Branded ConnectKey Applications + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox C230 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox C235 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox C310 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Campaigns on Demand + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Color EC70 Printer + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox D110 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox D125 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox D95A + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Digital Mailroom Services + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox ECXX + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox ED125 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox ED95A + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox iGen 5 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Instant Print Kiosk + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Intelligent Workplace Services (All Including XDM, XDA, CWW) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Iridesse Production Press + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox J75 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Print and Scan Experience + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Team Availability Application + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Versant 180 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Versant 280 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Versant 3100 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: XenForo - product: '' + - vendor: Xerox + product: Xerox Versant 4100 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Workflow Central Platform + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Workplace Kiosk cves: cve-2021-4104: investigated: false @@ -42,10 +3162,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Workplace Suite + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -57,13 +3208,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://xenforo.com/community/threads/psa-potential-security-vulnerability-in-elasticsearch-5-via-apache-log4j-log4shell.201145/ + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Xerox - product: '' + product: Xerox Workspace Cloud cves: cve-2021-4104: investigated: false @@ -71,10 +3222,101 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: XMPie Data-Driven Print and VDP + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: XMPie Omnichannel Communications + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: XMPie Web to Print + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -86,13 +3328,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://securitydocs.business.xerox.com/wp-content/uploads/2021/12/Xerox-Special-Bulletin-XRX21-021-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.6.pdf + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: XPertDoc - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -121,7 +3363,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: XPLG - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -150,7 +3392,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: XWIKI - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -187,9 +3429,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -216,9 +3459,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -245,9 +3489,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -274,9 +3519,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -303,9 +3549,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -332,8 +3579,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -361,8 +3609,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -390,9 +3639,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -419,9 +3669,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -481,11 +3732,11 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: + affected_versions: [] + fixed_versions: - 4.7 through 4.10 - 4.4 through 4.6 - '4.2' - fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -512,9 +3763,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -541,8 +3793,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -570,9 +3823,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -599,9 +3853,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -628,9 +3883,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false